Basically there are four levels of enforcing database security that we should know about. This includes the physical security, OS security, DBMS security, and data encryption. The first three levels of security are not satisfatory in providing solutions to security issues because of the following:
Difficulty of controlling the disclosure of raw data
Invalid to control the disclosure of sensitive data
Hard to control the disclosure of confidential data in a distributed database system.
Hard to verify that the origin of a data item is authentic.
Therefore, using data encryption is appropriate at this point, which eliminates data disclosure. Besides that, intruders are unable to alter ciphertext without encryption key, which means data integrity is preserved.
A database must achieve a level that users are able to trust the accuracy of data values. In accordance to that, data must be protected from corruption from outside influences. Updates from authorized-only individuals are necessary. Backing up is easiest way of protecting data.
With means of maintaining element integrity, the DBMS does the following:
Field checks
User access control
Changelogs
Auditability is essential in a database, which involves the trailing user transactions with the database, but trailing all accesses is impractical. The audit trail includes the access at the record, field and element levels. There seems to be a possibility that auditability can be done over reporting, but what if some data problems are ignored and not reported?
Access control for database is almost similar to the OS access control, except that there are more complicated database problems when dealing with records and fields. This type access control concerns with inference of one field from another.
The DBMS can require rigorous user authentication. The DBMS usually runs an application on top of the OS. This system design implies that there is no trusted path from the DBMS to the operating system. With this, the DBMS is forced to do its own authentication.
There are problems in availability of data for multiple users that accesses the database. There is a need for arbitration of two users' request for the same record inside a database. Or in any case that the DBMS may withhold non-protected data to avoid revealing protected data.
A DBMS usually suffers the failure of the computing system in the middle of modifying data. So, a solution to that is the two-phase update. The first phase involves the intent phase (DBMS gathers resources to perform update) and the commit phase(writing a commit flag to the database). The second phase would be making permanent changes. Actions before the commit phase cannot be repeated, but the updates of phase two can be repeated. Data repair can also be done in the second phase, in case that the system fails during the second phase and the database consequently contains incomplete data.
The DBMS also maintains additonal information in detecting internal data inconsistencies Types of additonal information include:
Error Detection and Correction Codes
-Parity Checks
-Cyclic Redundancy Checks (CRC)
-Hamming Codes
Shadow Fields
-Copy of entire attributes or records
-Second copy as replacement
Recovery
-Backup
-Changelogs
Concurrency/Consistency
-Simultaneous read
-Modification requires one to be locked out
-Query-update cycle as single uninterrupted operation
Monitors
-Range Comparison
-State constraints
-Transition constraints
Sensitive data is well defined as data that should not be made public. They are called that way because inherently and declared sensitive, they're of a sensitive record, not to mention sensitive in accordance to previously disclosed information.
The DBMS also makes decisions on whether to permit an access to a user, considering the following factors:
Availability of data
Assurance of authenticity
Acceptability of access
Types of sensitive data disclosures includes:
Exact data
Bounds
Negative result
Existence
Probable value
It is difficult to determine which data are sensitive and how to protect sensitive data. In the end, we need to achieve a balance in securing data in a precise manner.
Security vs Precision
Inference is how do you derive sensitive data from non-sensitive ones. The inference problem is a subtle vulnerability in database security.
There are ways to do direct and indirect attacks on a database. In a direct attack, one determines values of sensitive fields by seeking them directly with queries that yield a few records. The indirect attack infers a final result on one or more intermediate statistical results, but this approach requires work outside the database. To explain in specific, a statistical attack seeks to use some apparently anonymous statistical measure to infer individual data.
The controls for statistical attack includes suppression, concealing, limited response suppression, and combining results.
To conclude, three basic paths to controlling the inference problem are as follows:
suppress obviously sensitive information
track what the user knows
disguise the data
0 comments:
Post a Comment