This document discusses the state of the art in distributed database security over several decades. It covers topics like multilevel security approaches from the 1980s using distributed data/centralized control. Later sections discuss the inference problem, Hippocratic databases in the 1990s-2000s, trusted mediators, blind comparers, and improving blind comparers with fake queries and declassification. Federated database security is also covered, focusing on access control, identity management and authorization. Integrated distributed database security research from the late 1990s onward integrating policies is summarized as well.
1. DISTRIBUTED DATABASE SECURITY “State-of-the-art” Prepared by :- Mohammed Siddig Ahmed. Omer SalihDawood. Mohammed zein.
2. introduction The developments in computer networking technology and database systems technology resulted in the development of distributed databases in the late 1970s. There are various architectural for a distributed database systems :- the control is centralized while the data is distributed. the data as well as control are distributed. Multidatabase architectures . non-multidatabase approach(no local database management systems (DBMSs))
3. Multilevel Security Much of the work in secure distributed database systems has focused on multilevel security. the early work in the field began with the US. Air Force Summer Study . approaches based on distributed data and centralized control architectures were proposed. Prototypes based on these approaches were also developed during the late 1980s and early 1990s
4. Multilevel Security Con. Two approaches were proposed at the Summer Study:- the Partitioned approach . trusted front-end database system is connected to non-trusted back-end. second approach was examined where data is replicated. In this approach, the unclassified data is replicated at the Secret and Top-Secret databases, and the Secret data is replicated at the Top-Secret database
5. Inference Problem This problem has been discussed a great deal over the past three decades. An extensive investigation of the inference problem for distributed database systems began around 1992. There is still work on this problem especially with emerging technologies such as data warehousing, data mining and the web.
6. Hippocratic databases During the late of 1990s and early and mid of 2000s . These databases are designed such that data collection and disclosure are only performed with the consent of the user who’s data is in question.
7. trusted mediator At the same time the trusted mediator databaseshas received a great deal of attention the TIHI (Trusted Interoperation of Healthcare Information) project uses a trusted mediator to determine which queries should or should not be allowed . several commercial systems. Google Health. Microsoft HealthVault,
8. Blind comparer During the mid and late of 2000s . share privacy-sensitive data across distinct organizations. allowing organizations to keep their legacy databases and maintain ownership of the data that they currently store
10. Improve Blind comparer On the late of 2000s. to make the blind comparer more secure it was better to use fake queries and declassification techniques
27. Integrated Distributed Database A common problem within most large corporations is the diversity of database systems. multi-vendor database servers. components of security (availability, integrity, confidentiality).
28. Research Directions (1998) Security is an important issue in health care environments where large amounts of highly sensitive personal data are processed. appeared in the late nineties methodology based on the combination of DAC and MAC security models and uses hierarchies of user roles and data sets
33. Research Directions (2002) New architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in information enclaves.
35. Mediation Infrastructure A middleware architecture for security policy mediation in information enclaves. It begins by assessing existing technology for software interoperability.
36. Mediator & primitive authorization Mediators can be used in conjunction with other integration technologies to achieve a standard architecture for security policy coordination . The primitive authorization model architecture provides a common foundation for policy facilitates and coordination
39. Research Directions (2006) Some researchers develop “Mediator” to map different policies. The deficiency is its lower efficiency. They proposed the concept of “authority propagation” to realize the integration AC policies.
40. Authority Propagating Tree (APT) Model Use “tree” to express the ministration of authorities for Graph Theory offer convenient means describing attribution flows. The Advantages of APT It can represent RBAC, MAC and DAC policies. It can track the whole authority granting history. Because of the above advantages the APT can generate a new access control model .
51. References Google Health, “http://www.google.com/health.” Microsoft HealthVault, http://www.healthvault.com/. M. Siegenthaler and K. Birman, “Sharing private information across distributed databases,” in submitted for publication, 2009. -Susanne Busse, Ralf-DetlefKutsche, Ulf Leser, Herbert Weber, Federated Information Systems:Concepts, Terminology and Architectures, TechnischeUniversit.t Berlin,1999. JAMES A. LARSON, Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases’, 1990. W. Eßmayr, G. Pernul, A M. Tjoa, A Security Concept for Federated Database Systems, 1st Int. Congress on Ethical, Legal, and Social Aspects of Digital Information, Monte-Carlo, Monaco, March 1997. Sabrina De CapitanidiVimercati ,PierangelaSamarati, Access Control in Federated Systems.
52. References Eugene F. Fodor, Deriving Global Authorizations for Federated Databases.1999. Ajoy Kumar, Federated Identity Management,2004. Arun Kumar Yadav, An Approach for Ensuring Concurrency Control of Global Transactions in Heterogeneous Distributed Database,2010. http://en.wikipedia.org/wiki/Federated_database_system. Marie Khair, IoannisMavridis & George Pangalos, Design of secure distributed medical database systems, Database and Expert Systems Applications, 9th International Conference, DEXA'98 Vienna, Austria, August 24–28, 1998. John Hale, Pablo Galiasso, Mauricio Papa, SujeetShenoi,Security Policy Coordination for Heterogeneous Information Systems, IEEE 6 Aug 2002. LIU Xin, HAN Zhen & SHEN Chang-Xiang,An Integrated Access Control Model of Distributed Database Systems, First International Conference on Innovative Computing, Information and Control - Volume III (ICICIC'06), 2006.
53. References Bell, D.E., and La Padula, L.J. “Secure Computer Systems: A Refinement of the Mathematical Fundations” [J],ESD-TR-73-278, Vol.III, AD 780 528, Electronic Systems Division, Air Force System Command, Hanscom AFB, Bedford, Massachusetts, November. 1974. R.S. Sandhu, E.J.Coyne, H.L.Feinstein. Role Based Access Control Models. IEEE Computer, February 1996. Vol 29( 2): 38-47. E.Bertino, S.Jajodia, P.Samarati. Supporting Multiple Access Control Policies in Databases System. In: IEEE Symposium on Security and Privacy. Oakland, California. 1996. Liuyi, Database and Information System Security[M, Science Press, China,2000. Xin LIU, Zhen HAN, etc., Research On the Extended Confidential Level of BLP Model, Proceedings of KES 2005, Knowledge-Based Intelligent Information and Engineering Systems PartIV, Pps257-262. JiangZongli, JiangShouxu, Formal Language and Automata Theory, Tsinghua University Press,2003.
Notas do Editor
These multidatabasearchitectures have been studied extensively in the literature.
1-trusted front-end database system is connected to non-trusted back-end database systems Each back-end database system operates at a single level and manages data at that level.For example, an Unclassified DBMS manages the unclassified data while a Secret DBMS manages Secret data. All communication between the backend database systems is through the front-end database system.2-In this approach, the unclassified data is replicated at the Secret and Top-Secret databases, and the Secret data is replicated at the Top-Secret database.
-at the same time trusted mediator has received a great deal of attention
These are consumer facing services which allow the patient to enter and manage their own information, as well as create sub accounts to allow healthcare providers direct access.
Step 1: Identification of sites, subjects, objects, and permitted actions (identification process). Step 2: Assignment of security labels (labeling process). Step 3: Fragmentation and allocation of data (distribution process). Step 4: Processing of security constraints. Step 5: Definition of permitted actions.
Identification of the subjects 1. Define all the user roles that exist within an application. 2. Group the existing user roles under the corresponding user category depending on the task of the user in the application.Identification of the objects. The security objects are the target of the security protection, and are in another sense the data contained in the application. Data sets represent data with a common use. These data sets are grouped into a number of data categories. Identification of the sites. the function of each site in the context of the whole application, the technical, the type of connection, whether the site is mobile or not and the degree of mobility, the security threats to each site, any special requirementsIdentification of the permitted actions. DAC and MAC security policies 2-Assignment of security labels to the subjects 1. Assign data sets starting with the user roles under a user category. 2. Move data sets shared by all user roles to their common user category. 3. Move data sets shared by all user categories to their common super categories. This procedure is repeated till reaching the root.
The proposed design methodology takes into account and handles all three components of security (availability, integrity, confidentiality). Fragmentation. 1. If the part to be upgraded is the whole table, then all the table and all its rows are upgraded. 2. If the part to be upgraded is just some rows of the table, then just these rows are assigned a higher security label. 3. In the case that the part to be upgraded is only some fields of a table, then this causes the initial table to be fragmented into two tables. One part is assigned a low and another a strictly higher level. Allocation and replication The decision of whether to replicate or not is usually based on two factors: the number of reads versus the number of updates
Personal opiniondiscussed a methodology to combine only two types of access control and limitation of this if we have more than two types I think that process of combination will not successful .
conflicting policies implemented in an ad hoc mannerSecurity managers of mission-critical information enclaves must guarantee the coherence of their policies within global
JDBC provides a standard API for accessing heterogeneous databases, while CORBA enables cross-platform application-level integration.These technologies can be used in concert to provide a common interface for security policy mediators.Each enterprise manages its own policy mediator, which rests on CORBA and JDBC layers. Each mediator contains a current model of its database and prevailing security policy . This is held as a mapping to the primitive authorization modelThe metapolicy concept –a policy about policies– was introduced in . Metapolicies were applied to policy negotiation
verify its security based on the state machine theory
Access Attribute : the type of access mode including select, append, modifySecurity Level : represent categories set privileges on different access mode to an objectRequest element: The set of all the access request elements charged by subjectAccess Request : A certain request charged by a subject to some objectAccess Decision :The set of system decisions on access request denoted as D, D={Yes, No, Error}.Time :The index of event labeled by time
Access Set : is the set of all the current access statuses. representing that subject s has access authority a on objectObject hierarchy : is the paternity of objects described by a rooted tree. The security of an object dominates that of its son.Role hierarchy : is the paternity of objects described by a rooted tree. The security of an object dominates that of its son.APT : is the set of the APTs of all the current objects in the system denoted as APT.Functions : are level functions and role functions that decide the security level of subject/object or the corresponding relation between the roles and the subjects.