Data and Applications Security Developments and Directions - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Data and Applications Security Developments and Directions

Description:

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham ... MITRE designed and developed systems based on Integrity Lock and Trust ... – PowerPoint PPT presentation

Number of Views:100
Avg rating:3.0/5.0
Slides: 23
Provided by: chrisc8
Category:

less

Transcript and Presenter's Notes

Title: Data and Applications Security Developments and Directions


1
Data and Applications Security Developments and
Directions
  • Dr. Bhavani Thuraisingham
  • The University of Texas at Dallas
  • Lecture 5
  • Multilevel Secure Database Management Systems
  • January 25, 2005

2
Outline
  • What is an MLS/DBMS?
  • Summary of Developments
  • MLS/DBMS Designs and Prototypes
  • Directions

3
What is an MLS/DBMS?
  • Users are cleared at different security levels
  • Data in the database is assigned different
    sensitivity levels--multilevel database
  • Users share the multilevel database
  • MLS/DBMS is the software that ensures that users
    only obtain information at or below their level
  • In general, a user reads at or below his level
    and writes at his level

4
Why MLS/DBMS?
  • Operating systems control access to files
    coarser grain of granularity
  • Database stores relationships between data
  • Content, Context, and Dynamic access control
  • Traditional operating systems access control to
    files is not sufficient
  • Need multilevel access control for DBMSs

5
Summary of Developments
  • Early Efforts 1975 1982 example Hinke-Shafer
    approach
  • Air Force Summer Study, 1982
  • Research Prototypes (Integrity Lock, SeaView,
    LDV, etc.) 1984 - Present
  • Trusted Database Interpretation published 1991
  • Commercial Products 1988 - Present

6
Air Force Summer Study
  • Air Force convened a summer study to investigate
    MLS/DBMS designs
  • Then study was divided into three groups focusing
    on different aspects
  • Group 1 investigated the Integrity Lock approach
    Trusted subject approach and Distributed approach
  • Group 2 investigated security for military
    messaging systems
  • Group 3 focused on longer-term issues such as
    inference and aggregation

7
Outcome of the Air Force Summer Study
  • Report published in 1983
  • MITRE designed and developed systems based on
    Integrity Lock and Trust subject architectures
    1984 - 1986
  • Rome Air Development Center (RADC, now Air Force
    Research Lab) funded efforts to examine long-term
    approaches example SeaView and LDV both
    intended to be A1 systems
  • RADC also funded efforts to examine the
    distributed approach
  • Several prototypes and products followed

8
TDI
  • Trusted Database Interpretation is the
    Interpretation of the Trusted Computer Systems
    Evaluation criteria to evaluate commercial
    products
  • Classes C1, C2, B1, B2, B3, A1 and Beyond
  • TCB (Trusted Computing Base Subsetting) for MAC,
    DAC, etc. (mandatory access control,
    discretionary access control)
  • Companion documents for Inference and
    Aggregation, Auditing, etc.

9
Taxonomy for MLS/DBMSs
  • Integrity Lock Architecture Trusted Filter
    Untrusted Back-end, Untrusted Front-end. Checksum
    is computed by the filter based on data content
    and security level. Checksum recomputed when data
    is retrieved.
  • Operating Systems Providing Access Control/
    Single Kernel Multilevel data is partitioned
    into single level files. Operating system
    controls access to the filed
  • Extended Kernel Kernel extensions for functions
    such as inference and aggregation and constraint
    processing
  • Trusted Subject DBMS provides access control to
    its own data such as relations, tuples and
    attributes
  • Distributed Data is partitioned according to
    security levels In the partitioned approach,
    data is not replicated and there is one DBMS per
    level. In the replicated approach lower level
    data is replicated at the higher level databases

10
Indignity Lock
11
Operating System Providing Mandatory Access
Control
12
Extended Kernel

13
Trusted Subject
14
Distributed Approach - I
15
Distributed Approach II
16
Overview of MLS/DBMS Designs
  • Hinke-Schaefer (SDC Corporation) Introduced
    operating system providing mandatory access
    control
  • Integrity Lock Prototypes Two Prototypes
    developed at MITRE using Ingres and Mistress
    relational database systems
  • SeaView Funded by Rome Air Development Center
    (RADC) (now Air Force Rome Laboratory) and used
    operating system providing mandatory access
    control and introduced polyinstation
  • Lock Data Views (LDV) Extended kernel approach
    developed by Honeywell and funded by RADC and
    investigated inference and aggregation

17
Overview of MLS/DBMS Designs (Concluded)
  • ASD, ASD-Views Developed by TRW based on the
    Trusted subject approach. ASD Views provided
    access control on views
  • SDDBMS Effort by Unisys funded by RADC and
    investigated the distributed approach
  • SINTRA Developed by Naval Research Laboratory
    based on the replicated distributed approach
  • SWORD Designed at the Defense Research Agency in
    the UK and there goal was not to have
    polyinstantiation

18
Some MLS/DBMS Commercial Products Developed
(late 1980s, early 1990s)
  • Oracle (Trusted ORACLE7 and beyond)
    Hinke-Schafer and Trusted Subject based
    architectures
  • Sybase (Secure SQL Server) Trusted subject
  • ARC Professional Services Group
    (TRUDATA/SQLSentry) Integrity Lock
  • Informix (Informix-On-LineSecure) Trusted
    Subject
  • Digital Equipment Corporation (SERdb) (this group
    is now part of Oracle Corp) Trusted Subject
  • InfoSystems Technology Inc. (Trusted RUBIX)
    Trusted Subject
  • Teradata (DBC/1012) Secure Database Machine
  • Ingres (Ingres Intelligent Database) Trusted
    Subject

19
Some Challenges Inference Problem
  • Inference is the process of forming conclusions
    from premises
  • If the conclusions are unauthorized, it becomes a
    problem
  • Inference problem in a multilevel environment
  • Aggregation problem is a special case of the
    inference problem - collections of data elements
    is Secret but the individual elements are
    Unclassified
  • Association problem attributes A and B taken
    together is Secret - individually they are
    Unclassified

20
Some Challenges Polyinstantiation
  • Mechanism to avoid certain signaling channels
  • Also supports cover stories
  • Example John and James have different salaries
    at different levels

21
Some Challenges Covert Channel
  • Database transactions manipulate data locks and
    covertly pass information
  • Two transactions T1 and T2 T1 operates at Secret
    level and T2 operates at Unclassified level
  • Relation R is classified at Unclassified level
  • T1 obtains read lock on R and T2 obtains write
    lock on R
  • T1 and T2 can manipulate when they request locks
    and signal one bit information for each attempt
    and over time T1 could covertly send sensitive
    information to T1

22
Status and Directions
  • MLS/DBMSs have been designed and developed for
    various kinds of database systems including
    object systems, deductive systems and distributed
    systems
  • Provides an approach to host secure applications
  • Can use the principles to design privacy
    preserving database systems
  • Challenge is to host emerging secure applications
    including e-commerce and biometrics systems
Write a Comment
User Comments (0)
About PowerShow.com