廈門(mén)市XXXX年初中生學(xué)業(yè)水平考試Title

1、Analyzing and Securing Social NetworksDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #1Introduction to Data and Applications SecurityJanuary 18, 2013OutlinelData and Applications Security -Developments and DirectionslSecure Semantic Web-XML Security; Other directionslSome Emerging

2、 Secure DAS Technologies-Secure Sensor Information Management; Secure Dependable Information ManagementlSome Directions for Privacy Research -Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy ProblemlWhat are the Chal

3、lenges?Developments in Data and Applications Security: 1975 - PresentlAccess Control for Systems R and Ingres (mid 1970s)lMultilevel secure database systems (1980 present)-Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operat

4、ional systems; Object data systems; Inference problem and deductive database system; TransactionslRecent developments in Secure Data Management (1996 Present)-Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detect

5、ion and national security; Privacy; Dependable data management; Secure knowledge management and collaborationDevelopments in Data and Applications Security: Multilevel Secure Databases - IlAir Force Summer Study in 1982lEarly systems based on Integrity Lock approachlSystems in the mid to late 1980s,

6、 early 90s-E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW-Prototypes and commercial products-Trusted Database Interpretation and Evaluation of Commercial ProductslSecure Distributed Databases (late 80s to mid 90s)-Architectures; Algorithms and Prototype for distributed

7、query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management Developments in Data and Applications Security: Multilevel Secure Databases - IIlInference Problem (mid 80s to mid 90s)-Unsolvability of the inference problem; Secu

8、rity constraint processing during query, update and database design operations; Semantic models and conceptual structureslSecure Object Databases and Systems (late 80s to mid 90s)-Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure mul

9、timedia data managementlSecure Transactions (1990s)-Single Level/ Multilevel Transactions; Secure recovery and commit protocolsSome Directions and Challenges for Data and Applications Security - IlSecure semantic web and Social Networks-Security modelslSecure Information Integration-How do you secur

10、ely integrate numerous and heterogeneous data sources on the web and otherwiselSecure Sensor Information Management-Fusing and managing data/information from distributed and autonomous sensorslSecure Dependable Information Management-Integrating Security, Real-time Processing and Fault TolerancelDat

11、a Sharing vs. Privacy-Federated database architectures?Some Directions and Challenges for Data and Applications Security - IIlData mining and knowledge discovery for intrusion detection-Need realistic models; real-time data mininglSecure knowledge management-Protect the assets and intellectual right

12、s of an organizationlInformation assurance, Infrastructure protection, Access Control-Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applicationslSecurity for emerging applications-Geospatial, Biomedical, E-Commerce, etc. lOther Directions-Trust

13、and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing, Coalition Data and Policy SharingExportData/PolicyComponentData/Policy for Agency AData/Policy for FederationExportData/PolicyComponentData/Policy for Agency CComponentData/Policy for Agency BExportData/PolicyOther topics of

14、 InterestlSecure Cloud ComputinglMobile code securitylVulnerability AnalysislInfrastructure security-Power gridlHealthcare SecuritylFinancial SecurityAccess ControllDiscretionary Access Control in Relational DatabaseslMandatory Access Control in Relational Databases-Security ConstraintslTypes of Acc

15、ess Control-Inference problem, Role-based, Temporal, UsagelAccess Control in Other Databases-Objects, FederatedlCurrent Trends in Access Control-Date Warehousing, Semantic Web, Privacy Control lNext Steps in Access ControlAccess Control in Relational Databases:1975 - PresentlAccess Control policies

16、were developed initially for file systems-E.g., Read/write policies for fileslAccess control in databases started with the work in System R and Ingres Projects-Access Control rules were defined for databases, relations, tuples, attributes and elements-SQL and QUEL languages were extended lGRANT and

17、REVOKE StatementslRead access on EMP to User group A Where EMP.Salary 30K and EMP.Dept Security-Query Modification: lModify the query according to the access control ruleslRetrieve all employee information where salary 30K and Dept is not SecurityQuery Modification AlgorithmlInputs: Query, Access Co

18、ntrol RuleslOutput: Modified QuerylAlgorithm:-Given a query Q, examine all the access control rules relevant to the query-Introduce a Where Clause to the query that negates access to the relevant attributes in the access control ruleslExample: rules are John does not have access to Salary in EMP and

19、 Budget in DEPT lEMP (E#, Ename, Salary, D#), DEPT (D#, Dname, Budg, Mgr) Query is to join the EMP and DEPT relations on Dept #lModify the query to Join EMP and DEPT on Dept # and project on all attributes except Salary and Budget-Output is the resulting queryMandatory Access Control (MAC) in Databa

20、ses: 1982- Present lBell and LaPadula Policy adapted for databases-Read at or below your level and Write at your level; Granularity of classification: Databases, Relations, Tuples, Attributes, Elements (Note: writing above your level is not a security problem)lSecurity Architectures-Operating system

21、 providing mandatory access control and DBMS is untrusted with respect to MAC (e.g., SRIs SeaView)-Trusted Subject Architecture where DBMS is trusted with respect to MAC (e.g., TRWs ASD and ASD Views)-Integrity Lock where Trusted front-end computes checksums (e.g., MITREs MISTRESS Prototype)-Distrib

22、uted Architecture where data is distributed according to security levels and access through trusted front-end (e.g., NRLs SINTRA) Extended Kernel for Security Policy Enforcement such as constraints (e.g., Honeywells Lock Data Views)Security Constraints / Access Control RuleslSimple Constraint: John

23、cannot access the attribute Salary of relation EMPlContent-based constraint: If relation MISS contains information about missions in the Middle East, then John cannot access MISSlAssociation-based Constraint: Ships location and mission taken together cannot be accessed by John; individually each att

24、ribute can be accessed by JohnlRelease constraint: After X is released Y cannot be accessed by JohnlAggregate Constraints: Ten or more tuples taken together cannot be accessed by JohnlDynamic Constraints: After the Mission, information about the mission can be accessed by JohnEnforcement of Security

25、 Constraints User Interface ManagerConstraintManagerSecurity ConstraintsQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseRelational DBMSOther Developments in Acce

26、ss Control lInference Problem and Access Control-Inference problem occurs when users pose queries and deduce unauthorized information from the legitimate responses-Security constraint processing for controlling inferences -More recently there is work on controlling release information instead of con

27、trolling access to informationlTemporal Access Control Models-Incorporates time parameter into the access control modelslRole-based access control-Controlling access based on roles of people and the activities they carry out; Implemented in commercial systemslPositive and Negative Authorizations-Sho

28、uld negative authorizations be explicitly specified? How can conflicts be resolved?Some Examples lTemporal Access Control-After 1/1/05, only doctors have access to medical recordslRole-based Access Control-Manager has access to salary information-Project leader has access to project budgets, but he

29、does not have access to salary information-What happens if the manager is also the project leader?lPositive and Negative Authorizations-John has write access to EMP-John does not have read access to DEPT-John does not have write access to Salary attribute in EMP-How are conflicts resolved?Privacy Co

30、nstraints / Access Control RuleslPrivacy constraints processing-Simple Constraint: an attribute of a document is private-Content-based constraint: If document contains information about X, then it is private-Association-based Constraint: Two or more documents taken together is private; individually

31、each document is public-Release constraint: After X is released Y becomes privatelAugment a database system with a privacy controller for constraint processingIntegrated Architecture for Privacy Constraint ProcessingUser Interface ManagerConstraintManagerPrivacy ConstraintsQuery Processor:Constraint

32、s during query and release operationsUpdate Processor:Constraints during update operationXML Database Design ToolConstraints during database design operationDatabaseRelational DBMSOther PolicieslTrust Policies-To what extent do you trust the source of the data-How can trust be propagated-Adding trus

33、t value to each piece of data-A trusts B and B trusts C, does this mean A trusts C?-A department head sends messages to all the faculty; however he/she may not trust a particular person-Developing a language to specify trustlIntegrity Policies-Maintaining the quality of the data-Adding an attribute

34、to each piece of data to specify the quality-Quality also depends on how much you trust the source-Algebra for data qualityAccess Control in Databases: Next StepslAccess Control in Databases will continue to be very important-We also need to examine alternativeslWe need new kinds of access control m

35、odels-1975 models may not be suitable for emerging applications such as semantic web, e-commerce and stream data management-Role-based access control has become very popular and is implemented now in commercial systems. What variations of this model are appropriate for emerging applications?lEnd-to-

36、end security is critical-We cannot have secure databases and have insecure networks and middleware; ComposabilitylFlexible security policies-Confidentiality, Authenticity, Completeness, Integrity, Trust, Privacy, Data Quality, etc. PolicieslNeed to Know to Need to SharelRBAClUCONlABAClDisseminationl

37、Risk based access controllTrust Management/Credential/DisclosurelDirectionslMajor conferences for Policy and Access Control:-IEEE Policy Workshop-ACM SACMAT Need to Know to Need to SharelNeed to know policies during the cold war; even if the user has access, does the user have a need to know?lPost 9

38、/11 the emphasis is on need to share-User may not have access, but needs the datalDo we give the data to the user and then analyze the consequenceslDo we analyze the consequences and then determine the actions to takelDo we simply not give the data to the userlWhat are risks involved?RBAClAccess to

39、information sources including structured and unstructured data both within the organization and external to the organization lAccess based on roleslHierarchy of roles: handling conflictslControlled dissemination and sharing of the dataRBAC (Sandhu)UCONlRBAC model is incorporated into UCON and useful

40、 for various applications-Authorization componentlObligations -Obligations are actions required to be performed before an access is permitted-Obligations can be used to determine whether an expensive knowledge search is requiredlAttribute Mutability-Used to control the scope of the knowledge searchl

41、Condition-Can be used for resource usage policies to be relaxed or tightenedUCON (Sandhu)Role-based Usage Control (RBUC)RBAC with UCON extensionRelease and Dissemination PolicieslRelease policies will determine to whom to release the data-What is the connection to access control-Is access control su

42、fficient-Once the data is retrieved from the information source (e.g., database) should it be released to the userlOnce the data is released, dissemination policies will determine who the data can be given to-Electronic music, etc. ABAC: Attribute-based Access ControllUser specifies his/her attribut

43、es (e.g., gender, citizenship)lPolicies would specify access based on user credentialslOpen environmentlXACMLRisk Based Data Sharing/Access ControllWhat are the risks involved in releasing/disseminating the datalRisk modeling should be integrated with the access control modellSimple method: assign r

44、isk valueslHigher the risk, lower the sharinglWhat is the cost of releasing the data?lCost/Risk/Security closely relatedTrust ManagementlTrust Services-Identify services, authorization services, reputation serviceslTrust negotiation (TN)-Digital credentials, Disclosure policieslTN Requirements-Langu

45、age requirementslSemantics, constraints, policies-System requirementslCredential ownership, validity, alternative negotiation strategies, privacylExample TN systems-KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC) Trust Management The problem: establishing trust in open systems Mutual authentic

46、ation- Assumption on the counterpart honesty no longer holds- Both participants need to authenticate each other Interactions between strangers - In conventional systems user identity is known in advance and can be used for performing access control- In open systems partecipants may have no pre-exist

47、ing relationship and may not share a common security domainTrust NegotiationmodellA promising approach for open systems where most of the interactions occur between strangerslThe goal: establish trust between parties in order to exchange sensitive information and services lThe approach: establish tr

48、ust by verifying properties of the other party Trust negotiation: the approach Interactions between strangers in open systems are different from traditional access control modelsPolicies and mechanisms developed in conventional systems need to be revisedUSER IDs VS. SUBJECT PROPERTIESACCESS CONTROL

49、POLICIESVS. DISCLOSURE POLICIESSubject properties: digital credentials lAssertion about the credential owner issued and certified by a Certification Authority. CA CA CA CA Each entity has an associated set of credentials, describing properties and attributes of the owner.Use of CredentialsCredentialIssuerDigital Credentials-Julie-3 kids-Married-AmericanCompany ACompany BWant to know citizenshipWant to know marital status-Julie - American-Julie - MarriedAliceCheckCheckCredentialslCredentials can be expressed through the Securit