Security Concepts and CapabilitiesOverviewIntroduction: General ConceptsType of Security IssuesGlossary of Protection and Security TermsSlide 6Slide 7Slide 8Slide 9Slide 10Slide 11Policy & MechanismAuthenticationAuthorizationUser AuthenticationNetwork AuthenticationCore Security Capabilities of JavaSlide 18Recall Java Bytecode Verification:Digital Signatures and JAR FilesDatabase Security ApproachDatabase SecuritySlide 23Available Security ApproachesWhat are Key Access Control Concepts?Mandatory Access ControlMandatory Security MechanismOperationsSlide 29Slide 30Slide 31Slide 32Using the PropertiesA Classic ExampleIllustrating MACSlide 36Security in Software ApplicationsWhat is Role Based Access Control (RBAC)?Motivating Security for OO ParadigmWhy is RBAC Needed?Slide 41Examples of Why RBAC is NeededRBAC for OOSample RBAC Hierarchy for HCASample RBAC Hierarchy for UniversityDiscretionary Access ControlAccess Matrix ModelSlide 48Access Matrix ModelAccess ModesWhat is Role Delegation?Why is Role Delegation Important?What Can be Delegated?Delegation/Pass on Delegation AuthoritiesExample - Role DelegationSlide 56Role Delegation Revocation RulesSlide 58Monotonicity and PermanenceTotality and AdministrationRevocationDAC in SQL2Privileges in SQLExample SchemaSQL ExamplesSlide 66Slide 67CryptographyMore on CryptographyCryptographic SystemsStatistical Database SecurityExample of Statistical DBExample Two of Statistical DBSlide 74Public Policy on SecuritySecurity Solutions for Systems/DatabasesConcluding RemarksSecBG-1CSE 333Security Concepts and CapabilitiesSecurity Concepts and CapabilitiesProf. Steven A. Demurjian, Sr. Computer Science & Engineering DepartmentThe University of Connecticut371 Fairfield Road, Box U-1155Storrs, CT [email protected]://www.engr.uconn.edu/~steve(860) 486 - 4818The majority of these slides represent material that has been accumulated from various sources over The majority of these slides represent material that has been accumulated from various sources over the years. the years. A portion these slides are being used with the permission of Dr. Ling Lui, Associate Professor, A portion these slides are being used with the permission of Dr. Ling Lui, Associate Professor, College of Computing, Georgia Tech. College of Computing, Georgia Tech.SecBG-2CSE 333OverviewOverviewConcepts and IssuesConcepts and IssuesGlossary of Security TermsGlossary of Security TermsSecurity Policy, Authentication, and AuthorizationSecurity Policy, Authentication, and AuthorizationSecurity in JavaSecurity in JavaDatabase SecurityDatabase SecurityAccess ControlAccess ControlMandatory Access Control (MAC)Discretionary Access Control (DAC) Role-Based Access Control (RBAC)CryptographyCryptographySecurity in Statistical DBSecurity in Statistical DBEmerging Security TrendsEmerging Security TrendsSecBG-3CSE 333Introduction: General ConceptsIntroduction: General ConceptsAuthenticationAuthenticationProving you are who you areSigning a MessageIs the Client who S/he Says they are?AuthorizationAuthorizationGranting/Denying AccessRevoking AccessDoes the Client have Permission to do what S/he Wants?EncryptionEncryptionEstablishing Communications Such that No One but Receiver will Get the Content of the MessageSymmetric Encryption Public Key EncryptionSecBG-4CSE 333Type of Security IssuesType of Security IssuesLegal and Ethical Issues Legal and Ethical Issues Information that Must be Protected (e.g., SSN)Information that Must be Accessible (e.g., SSN)Policy Issues Policy Issues Who Can See What Information When?Applications Limits w.r.t. Data vs. Users?System Level EnforcementSystem Level EnforcementWhat is Provided by the DBMS? Programming Language? OS? Application?How Do All of the Pieces Interact?Multiple Security Levels/Organizational EnforcementMultiple Security Levels/Organizational EnforcementMapping Security to Organizational HierarchyProtecting Information in OrganizationSecBG-5CSE 333Glossary of Protection and Security TermsGlossary of Protection and Security TermsPrincipalPrincipalEntity (Person/Process/etc.) to Which Authorizations are GrantedCan be a User, User Group, Program, Client, etc.Also Known as SubjectProtected ObjectProtected ObjectKnown Object whose Internal Structure is Inaccessible Except by Protection SystemThe Unit of ProtectionFor Our Purposes:Table, Column, TupleData and Meta-DataGlossary from: Saltzer and Schroeder, “The Protection of Information in Computer Glossary from: Saltzer and Schroeder, “The Protection of Information in Computer Systems”, Proc. of IEEE, Vol. 63, No. 9, September 1975.Systems”, Proc. of IEEE, Vol. 63, No. 9, September 1975.SecBG-6CSE 333Glossary of Protection and Security TermsGlossary of Protection and Security TermsAccess Control ListAccess Control ListList of Principals (User, User Group, Process, …) Authorized to have Access to Some ObjectFor Every Object, Maintain Authorized PrincipalsEasily Implemented in Algorithm/Typically in OSAuthenticateAuthenticateVerify Identity of Principal Making RequestIn OS - Equivalent to Logging on (ID, Password)May be More Complicated Based on Security NeedsAuthorizeAuthorizeGrant Principal Access to ObjectsGranularity Ranges from Fine to CoarseApplication DirectedSecBG-7CSE 333Glossary of Protection and Security TermsGlossary of Protection and Security TermsCapabilityCapabilityUnforgeable Ticket as Proof of Authorization of Presenter (Principal) to Access Named ObjectTicket or Certificate Must be Presented at Each AccessCapability ListCapability ListList of Protected Objects which Likewise List Authorized PrinciplesUsed in Conjunction with Tickets for AuthorizationCertifyCertifyVerify Accuracy, Correctness, & Completeness of Security/Protection MechanismCritical for Select Domains (DoD, Banking, etc.)SecBG-8CSE 333Glossary of Protection and Security TermsGlossary of Protection and Security TermsConfinementConfinementRestricting What a Process Can Do to with Authorized ObjectsSimilar in Concept to Sandbox of JavaDomainDomainObjects Currently Accessed by Principal(De)Encryption(De)EncryptionDe(Encoding) of Data According to Transformation Key for Transmission/StorageReciprocal Activity - Many Different OptionsGrantGrantAuthorize Access to Objects by
View Full Document