This document discusses the state of the art in distributed database security over several decades. It covers topics like multilevel security approaches from the 1980s using distributed data/centralized control. Later sections discuss the inference problem, Hippocratic databases in the 1990s-2000s, trusted mediators, blind comparers, and improving blind comparers with fake queries and declassification. Federated database security is also covered, focusing on access control, identity management and authorization. Integrated distributed database security research from the late 1990s onward integrating policies is summarized as well.

1. DISTRIBUTED DATABASE SECURITY “State-of-the-art” Prepared by :- Mohammed Siddig Ahmed. Omer SalihDawood. Mohammed zein.

2. introduction The developments in computer networking technology and database systems technology resulted in the development of distributed databases in the late 1970s. There are various architectural for a distributed database systems :- the control is centralized while the data is distributed. the data as well as control are distributed. Multidatabase architectures . non-multidatabase approach(no local database management systems (DBMSs))

3. Multilevel Security Much of the work in secure distributed database systems has focused on multilevel security. the early work in the field began with the US. Air Force Summer Study . approaches based on distributed data and centralized control architectures were proposed. Prototypes based on these approaches were also developed during the late 1980s and early 1990s

4. Multilevel Security Con. Two approaches were proposed at the Summer Study:- the Partitioned approach . trusted front-end database system is connected to non-trusted back-end. second approach was examined where data is replicated. In this approach, the unclassified data is replicated at the Secret and Top-Secret databases, and the Secret data is replicated at the Top-Secret database

5. Inference Problem This problem has been discussed a great deal over the past three decades. An extensive investigation of the inference problem for distributed database systems began around 1992. There is still work on this problem especially with emerging technologies such as data warehousing, data mining and the web.

6. Hippocratic databases During the late of 1990s and early and mid of 2000s . These databases are designed such that data collection and disclosure are only performed with the consent of the user who’s data is in question.

7. trusted mediator At the same time the trusted mediator databaseshas received a great deal of attention the TIHI (Trusted Interoperation of Healthcare Information) project uses a trusted mediator to determine which queries should or should not be allowed . several commercial systems. Google Health. Microsoft HealthVault,

8. Blind comparer During the mid and late of 2000s . share privacy-sensitive data across distinct organizations. allowing organizations to keep their legacy databases and maintain ownership of the data that they currently store

9. Blind comparer

10. Improve Blind comparer On the late of 2000s. to make the blind comparer more secure it was better to use fake queries and declassification techniques

11. Federated database security “state of the art”

13. Heterogeneity .

16. Component schema.

17. Export schema .

18. Federated schema .

19. External schema .Federated Database Security:

21. identity management .

24. identity management .

25. Authorization.

27. Integrated Distributed Database A common problem within most large corporations is the diversity of database systems. multi-vendor database servers. components of security (availability, integrity, confidentiality).

28. Research Directions (1998) Security is an important issue in health care environments where large amounts of highly sensitive personal data are processed. appeared in the late nineties methodology based on the combination of DAC and MAC security models and uses hierarchies of user roles and data sets

29. User Role Hierarchies

30. Fragmentation and allocation

31. Fragmentation and allocation

32. Beginning of the millennium

33. Research Directions (2002) New architecture that uses mediators and a primitive ticket-based authorization model to manage disparate policies in information enclaves.

34. Heterogeneous information system

35. Mediation Infrastructure A middleware architecture for security policy mediation in information enclaves. It begins by assessing existing technology for software interoperability.

36. Mediator & primitive authorization Mediators can be used in conjunction with other integration technologies to achieve a standard architecture for security policy coordination . The primitive authorization model architecture provides a common foundation for policy facilitates and coordination

37. Ticket-based Authorization Model Architecture

38. At the end of 2006

39. Research Directions (2006) Some researchers develop “Mediator” to map different policies. The deficiency is its lower efficiency. They proposed the concept of “authority propagation” to realize the integration AC policies.

40. Authority Propagating Tree (APT) Model Use “tree” to express the ministration of authorities for Graph Theory offer convenient means describing attribution flows. The Advantages of APT It can represent RBAC, MAC and DAC policies. It can track the whole authority granting history. Because of the above advantages the APT can generate a new access control model .

42. Security Level

43. Request element

44. Access Request

45. Access Decision

47. Object hierarchy

48. Role hierarchy

49. APT

51. References Google Health, “http://www.google.com/health.” Microsoft HealthVault, http://www.healthvault.com/. M. Siegenthaler and K. Birman, “Sharing private information across distributed databases,” in submitted for publication, 2009. -Susanne Busse, Ralf-DetlefKutsche, Ulf Leser, Herbert Weber, Federated Information Systems:Concepts, Terminology and Architectures, TechnischeUniversit.t Berlin,1999. JAMES A. LARSON, Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases’, 1990. W. Eßmayr, G. Pernul, A M. Tjoa, A Security Concept for Federated Database Systems, 1st Int. Congress on Ethical, Legal, and Social Aspects of Digital Information, Monte-Carlo, Monaco, March 1997. Sabrina De CapitanidiVimercati ,PierangelaSamarati, Access Control in Federated Systems.

52. References Eugene F. Fodor, Deriving Global Authorizations for Federated Databases.1999. Ajoy Kumar, Federated Identity Management,2004. Arun Kumar Yadav, An Approach for Ensuring Concurrency Control of Global Transactions in Heterogeneous Distributed Database,2010. http://en.wikipedia.org/wiki/Federated_database_system. Marie Khair, IoannisMavridis & George Pangalos, Design of secure distributed medical database systems, Database and Expert Systems Applications, 9th International Conference, DEXA'98 Vienna, Austria, August 24–28, 1998. John Hale, Pablo Galiasso, Mauricio Papa, SujeetShenoi,Security Policy Coordination for Heterogeneous Information Systems, IEEE 6 Aug 2002. LIU Xin, HAN Zhen & SHEN Chang-Xiang,An Integrated Access Control Model of Distributed Database Systems, First International Conference on Innovative Computing, Information and Control - Volume III (ICICIC'06), 2006.

53. References Bell, D.E., and La Padula, L.J. “Secure Computer Systems: A Refinement of the Mathematical Fundations” [J],ESD-TR-73-278, Vol.III, AD 780 528, Electronic Systems Division, Air Force System Command, Hanscom AFB, Bedford, Massachusetts, November. 1974. R.S. Sandhu, E.J.Coyne, H.L.Feinstein. Role Based Access Control Models. IEEE Computer, February 1996. Vol 29( 2): 38-47. E.Bertino, S.Jajodia, P.Samarati. Supporting Multiple Access Control Policies in Databases System. In: IEEE Symposium on Security and Privacy. Oakland, California. 1996. Liuyi, Database and Information System Security[M, Science Press, China,2000. Xin LIU, Zhen HAN, etc., Research On the Extended Confidential Level of BLP Model, Proceedings of KES 2005, Knowledge-Based Intelligent Information and Engineering Systems PartIV, Pps257-262. JiangZongli, JiangShouxu, Formal Language and Automata Theory, Tsinghua University Press,2003.