Data and Applications Security Developments and DirectionsOutlineDistributed ArchitectureData DistributionDistributed Database FunctionsSecure Distributed ArchitectureDiscretionary Security MechanismSecurity Policy IntegrationViews for SecuritySecure Distributed Database FunctionsArchitecture for Multilevel SecurityMultilevel Distributed Data ModelMLS/DDBMS FunctionsDistributed Inference ControllerInteroperability of Heterogeneous Database SystemsTechnical Issues on the Interoperability of Heterogeneous Database SystemsFederated Database ManagementSchema Integration and Transformation in a Federated EnvironmentClient-Server Architecture: ExampleSecurity IssuesTransforming Secure Data ModelsSecurity Architecture: Heterogeneous data managementSecurity Architecture: Federated data managementFederated Data and Policy ManagementIncomparable Security LevelsOverlapping Security LevelsInference ControlSecure Client-Server ComputingCommentsData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasSecurity for Distributed Data ManagementLecture #9February 13, 2006OutlineDistributed Database Systems-Architecture, Data Distribution, FunctionsSecurity Issues-Discretionary Security, Multilevel SecuritySecure Heterogeneous and Federated SystemsSome CommentsAssumption: Network is secure; focusing on securing the dataDistributed ArchitectureCommunication NetworkDistributed Processor 1DBMS 1Data-base 1Data-base 3Data-base 2DBMS 2DBMS 3Distributed Processor 2Distributed Processor 3Site 1Site 2Site 3Data DistributionEMP1SS# Name Salary1 John 20 2 Paul 303 James 404 Jill 50 605 Mary6 Jane 70 D#102020 201020DnameD# MGR10 30 40Jane David Peter DEPT1SITE 1SITE 2EMP2SS# Name Salary9 Mathew70 D#50DnameD# MGR50MathJohn PhysicsDEPT2Davi d 80 30Peter 90 4078C. Sci. English French20PaulDistributed Database FunctionsDistributed Query Processing-Optimization techniques across the databasesDistributed Transaction Management-Techniques for distributed concurrency control and recoveryDistributed Metadata Management-Techniques for managing the distributed metadataDistributed Security/Integrity Maintenance-Techniques for processing integrity constraints and enforcing access control rules across the databasesSecure Distributed Architectureglobal userlocaluserlocaluserSecureNetworkSecureNetworkSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorS-DBMSDatabaseDatabaseS-DBMS S-DBMSDatabaseDatabaseDatabaseDatabaseSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorSecureDistributedProcessorSecureDistributedProcessorDistributedProcessorDiscretionary Security MechanismAccess Control and AuthorizationPoliciesAdministrationPoliciesIdentification and Authentication PoliciesDiscretionarySecurityDiscretionarySecurityAccess Control and AuthorizationPolicies enforced across the databasesAdministrationPolicies enforcedacross the databasesIdentification and Authentication Policies enforcedacross the databasesDiscretionarySecurityDiscretionarySecurity for distributed database systemsSecurity Policy IntegrationNetworkDistributedMLS NetworkDistributed/NetworkDistributedIntegrated PolicySecurity Policyfor database systemASecurity Policyfor database systemBSecurity Policyfor database systemCViews for Security EMP1SS# Name Salary1 John 202 Paul 303 James 404 Jill 50605 Mary6 Jane 70D#102020201020DnameD# MGR103040JaneDavidPeterDEPT1SITE 1C. Sci.EnglishFrenchSITE 2EMP2SS# Name Salary9 Mathew70D#50DnameD# MGR50MathJohnPhysicsDEPT2David 80 30Peter 90 407820PaulEnamePaulJamesJillJaneEMP-DEPT View(all those who work in the Physics Department)Secure Distributed Database Functions Secure Distributed Database Functions:Distributed Query Processing: Enforce access control rulesduring query processing across databases; distributed inference control; consider security constraints during distributed query optimizationDistributed Transaction Management: Ensure security constraints are satisfied during transaction processing.Metadata management: Enforce access control on distributed metadataIntegrity management: Ensure that integrity of the data is maintained while enforcing security across the databasesArchitecture for Multilevel Securityglobal userlocaluserMultilevel SecureNetworkSecureDistributedProcessorMLS/DBMSMultilevelDatabaseMLS/DBMS MLS/DBMSMultilevelDatabaseMultilevelDatabaseSecureDistributedProcessorSecureDistributedProcessorMultilevel Distributed Data ModelEMP1 = SecretSS# Name Salary1 John 202 Paul 303 James 404 Jill 50605 Mary6 Jane 70D#102020201020DnameD# MGR103040JaneDavidPeterDEPT1 = UnclassifiedSITE 1C. Sci.EnglishFrenchSITE 2EMP2 = SecretSS# Name Salary9 Mathew70D#50DnameD# MGR50MathJohnPhysicsDEPT2 = UnclassifiedDavid 80 30Peter 90 407820PaulMLS/DDBMS FunctionsDistributedQueryProcessorDistributedTransactionProcessorDistributedMetadataManagerFunctionsof an MLS/DDBMS Site AFunctionsof an MLS/DDBMS Site BDistributedQueryProcessorDistributedTransactionProcessorDistributedMetadataManagerDistributed Inference ControllerNetworkDistributedInferenceControllerDistributedInferenceControllerDistributedInference ControllerDBMS DBMS DBMSDatabase Database DatabaseNetworkDistributedInferenceControllerDistributedInferenceControllerDistributedInference ControllerDBMS DBMS DBMSDatabase Database DatabaseInteroperability of Heterogeneous Database SystemsDatabase System ADatabase System BNetworkDatabase System C(Legacy)Transparent accessto heterogeneousdatabases - both usersand application programs;Query, Transactionprocessing(Relational)(Object-Oriented)Technical Issues on the Interoperability of Heterogeneous Database SystemsHeterogeneity with respect to data models, schema, query processing, query languages, transaction management, semantics, integrity, and security policiesFederated database management-Collection of cooperating, autonomous, and possibly heterogeneous component database systems, each belonging to one or more federationsInteroperability based on client-server architecturesFederated Database ManagementDatabase System ADatabase System BDatabase System CCooperating databasesystems yet maintainingsome degree ofautonomyFederation F1Federation F2Schema Integration and Transformation in a Federated EnvironmentAdapted from Sheth and Larson, ACM Computing Surveys, September 1990Component Schema for Component AComponent Schema for Component BComponent Schema for Component CGeneric Schema for
View Full Document
Unlocking...