Data and Applications Security Developments and DirectionsOutlineA Definition of a Distributed Database SystemArchitectureDistributed ProcessorData DistributionDistributed Database FunctionsDiscretionary SecuritySecure Distributed Database SystemSlide 10Discretionary Security MechanismAccess Control PoliciesSecurity Policy IntegrationViews for SecuritySecure Distributed Database FunctionsMultilevel SecurityAspects of MLS/DDBMSArchitecture - IArchitecture - IIArchitecture IIIModules if SDP (Secure Distributed Processor)Multilevel Distributed Data ModelMLS/DDBMS FunctionsDistributed Inference ControllerSlide 25CommentsData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #10Security for Distributed Data ManagementFebruary 10, 2005OutlineDistributed Database Systems-Architecture, Data Distribution, FunctionsSecurity Issues-Discretionary Security, Multilevel SecurityCommentsAssumption: Network is secure; focusing on securing the dataA Definition of a Distributed Database SystemA collection of database systems connected via a networkThe software that is responsible for interconnection is a Distributed Database Management System (DDBMS)Each DBMS executes local applications and should be involved in at least one global application (Ceri and Pelagetti)Homogeneous environmentArchitectureCommunication NetworkDistributed Processor 1DBMS 1Data-base 1Data-base 3Data-base 2DBMS 2DBMS 3Distributed Processor 2Distributed Processor 3Site 1Site 2Site 3Distributed ProcessorDistributedQuery/UpdateProcessorDistributedTransactionManagerDistributed Metadata ManagementNetwork InterfaceLocal DBMS InterfaceIntegrity/SecurityManagerData DistributionEMP1SS# Name Salary1 John 20 2 Paul 303 James 404 Jill 50 605 Mary6 Jane 70 D#102020 201020DnameD# MGR10 30 40Jane David Peter DEPT1SITE 1SITE 2EMP2SS# Name Salary9 Mathew70 D#50Dnam eD# MGR50MathJohn PhysicsDEPT2Davi d 80 30Peter 90 4078C. Sci. English French20PaulDistributed Database FunctionsDistributed Query Processing-Optimization techniques across the databasesDistributed Transaction Management-Techniques for distributed concurrency control and recoveryDistributed Metadata Management-Techniques for managing the distributed metadataDistributed Security/Integrity Maintenance-Techniques for processing integrity constraints and enforcing access control rules across the databasesDiscretionary Security ArchitectureDiscretionary Security MechanismsAccess ControlSecurity Policy IntegrationViews for SecuritySecure Distributed Database FunctionsSecure Distributed Database SystemA collection of secure database systems (SDBMS) connected via a secure networkThe software that is responsible for interconnection is a Secure Distributed Database Management System (SDDBMS)Each SDBMS executes local applications and should be involved in at least one global application (Ceri and Pelagetti)Homogeneous environmentArchitectureglobal userlocaluserlocaluserSecureNetworkSecureNetworkSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorS-DBMSDatabaseDatabaseS-DBMS S-DBMSDatabaseDatabaseDatabaseDatabaseSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorDiscretionary Security MechanismAccess Control and AuthorizationPoliciesAdministrationPoliciesIdentification and Authentication PoliciesDiscretionarySecurityDiscretionarySecurityAccess Control and AuthorizationPolicies enforced across the databasesAdministrationPolicies enforcedacross the databasesIdentification and Authentication Policies enforcedacross the databasesDiscretionarySecurityDiscretionarySecurity for distributed database systemsAccess Control PoliciesPositive and NegativeAuthorizationPoliciesenforced across thedatabasesRole-based access controland Usage policiesEnforced acrossthe databasesPolicies for integrity,Privacy, data sharingand collaborationenforced acrossthe databasesComponents ofAccess Control Security PoliciesFor distributeddatabasesSecurity Policy IntegrationNetworkDistributedMLS NetworkDistributed/NetworkDistributedIntegrated PolicySecurity Policyfor database systemASecurity Policyfor database systemBSecurity Policyfor database systemCViews for Security EMP1SS# Name Salary1 John 202 Paul 303 James 404 Jill 50605 Mary6 Jane 70D#102020201020DnameD# MGR103040JaneDavidPeterDEPT1SITE 1C. Sci.EnglishFrenchSITE 2EMP2SS# Name Salary9 Mathew70D#50DnameD# MGR50MathJohnPhysicsDEPT2David 80 30Peter 90 407820PaulEnamePaulJamesJillJaneEMP-DEPT View(all those who work in the Physics Department)Secure Distributed Database Functions Secure Distributed Database Functions:Distributed Query Processing: Enforce access control rulesduring query processing across databases; distributed inference control; consider security constraints during distributed query optimizationDistributed Transaction Management: Ensure security constraints are satisfied during transaction processing.Metadata management: Enforce access control on distributed metadataIntegrity management: Ensure that integrity of the data is maintained while enforcing security across the databasesMultilevel Security Aspects of MLS/DDBMSArchitecturesData ModelFunctionsInference ControlAspects of MLS/DDBMSArchitectures:Central Control,Distributed ControlFunctions:Secure Distributed Query Processing,Secure DistributedTransaction ManagementSecure Distributed Metadata ManagementSecure Distributed Constraint ProcessingModel:Multilevel Distributed Data ModelExample: Distributed Multilevel RelationsComponents ofAspects of MLS/DDBMS::ArchitecturesModelsFunctionsArchitecture - ICentralControlMLSServer2MLSServer3MLSServer1MLSDatabaseMLSDatabaseMLSDatabaseArchitecture - IIMLS Distributed DBMSMLSDatabaseMLSDatabaseMLSDatabaseMLS DBMSMLS DBMSMLS DBMSMLS DBMSMLS DBMSMLS DBMSArchitecture IIIglobal userlocaluserMultilevel SecureNetworkSecureDistributedProcessorMLS/DBMSMultilevelDatabaseMLS/DBMS MLS/DBMSMultilevelDatabaseMultilevelDatabaseSecureDistributedProcessorSecureDistributedProcessorModules if SDP (Secure Distributed Processor)SDPSDQP SDTMSDMMSDSMSDIM DQP: Distributed Query ProcessorDTM: Distributed Transaction MangierDMM: Distributed Metadata ManagerDSML Distributed Security ManagerDIM: Distributed Integrity ManagerMultilevel Distributed Data ModelEMP1 = SecretSS# Name Salary1 John 202 Paul 303 James
View Full Document