Data and Applications Security Developments and DirectionsOutlineSecurity Constraint ProcessingInference Engine ApproachConstraint GenerationQuery ProcessorUpdate ProcessorDatabase Design ToolIntegrated ArchitectureRelease Control ManagementUse of Conceptual StructuresMultilevel Semantic NetsComplex Multilevel Semantic NetISA/AKO LinksExample Rules - IISlide 16Applying Transfer RulesSecurity ConstraintsSecurity Constraint Violation - ISecurity Constraint Violation - IIUniversal and Existential ConditionalsMatching VectorsMatching and BindingNegative StatementsRefutation to determine ConsistencyDirectionsData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #8Inference Problem - IIFebruary 12, 2007Outline Security Constraint ProcessingUse of Conceptual StructuresSecurity Constraint Processing Security Constraints are rules that assign security levels to the dataMLS/DBMS is augmented with an Inference EngineInference Engine is the Inference ControllerIntegrated Architecture for Security Constraint processing-Query, Update and Database design operationsInference Engine Approach DatabaseMultilevelDatabaseMLS/DBMSInference Engine actsas an Inference ControllerConstraint Generation DatabaseConsistent ConstraintsDatabaseApplicationSpecificationDataMiningToolConstraintGeneratorDatabasePrivacy ConstraintsDataMiningToolConsistencyCheckerDatabaseConsistent ConstraintsDatabaseApplicationSpecificationDataMiningToolConstraintGeneratorDatabaseSecurityConstraintsDataMiningToolConsistencyCheckerQuery Processor DatabaseReleaseDatabaseDataMiningToolUser Interface ManagerDataMiningToolResponseProcessorDataMiningToolResponseProcessorDataMiningToolSecurity Constraint ManagerDatabaseSecurityConstraintsDataMiningMLS/ DBMSDataMiningToolDataMiningToolRelease Database ManagerDataMiningToolQueryModifierDataMiningToolDataMiningToolRelease Database ManagerDataMiningToolQueryModifierUpdate Processor DataMiningToolUser Interface ManagerDataMiningMLS/ DBMSDataMiningToolSecurityLevelComputerDataMiningToolSecurity Constraint ManagerDatabaseSecurityConstraintsDatabase Design Tool DatabaseSecurityConstraintsDatabasePrivacy Levels for SchemaDatabaseSecurityLevels for SchemaDataMiningToolMultilevel Database Design ToolDataMiningToolSecurity Constraint ManagerDatabaseDatabaseSchemeIntegrated Architecture User Interface ManagerConstraintManagerPrivacy Constraints Knowledge baseQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseDBMSUser Interface ManagerConstraintManagerPrivacy Constraints Knowledge baseQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseDBMSUser Interface ManagerConstraintManagerPrivacy Constraints Knowledge baseQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseDBMSUser Interface ManagerConstraintManagerSecurityConstraints Knowledge baseQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationMultilevelDatabaseMLS/DBMSRelease Control Management DataMiningToolUser Interface ManagerDataMiningToolResponseProcessorDataMiningToolResponseProcessorDataMiningToolPrivacy Constraint ManagerDatabasePrivacy ConstraintsDataMiningToolDataMiningToolRelease ControlManagerResponseDatabaseReleaseDatabaseDataMiningToolDBMSDatabaseDatabaseDataMiningToolUser Interface ManagerDataMiningToolResponseProcessorDataMiningToolResponseProcessorDataMiningToolSecurity Constraint ManagerDatabaseSecurityConstraintsDataMiningToolDataMiningToolRelease ControlManagerResponseDatabaseReleaseDatabaseDataMiningToolDBMSDatabaseDatabaseDataMiningToolUser Interface ManagerDataMiningToolResponseProcessorDataMiningToolResponseProcessorDataMiningToolSecurity Constraint ManagerDatabaseSecurityConstraintsDataMiningToolDataMiningToolRelease ControlManagerResponseDatabaseReleaseDatabaseDataMiningToolDBMSDatabaseDatabaseDataMiningToolDataMiningToolRelease ControlManagerResponseDatabaseReleaseDatabaseDataMiningToolDBMSDatabaseDatabaseUse of Conceptual StructuresUse conceptual structures to model the application-E.g., semantic data models, semantic nets, conceptual graphs, etc.Use the reasoning strategy of the conceptual structure and determine if security violation via inference can occurMultilevel Semantic Nets SHIPSWEAPONSCARRY(a)SHIPSWEAPONSCARRY(b)SHIPSWEAPONSCARRY(c)SHIPSWEAPONSCARRY(d)SHIPSWEAPONSCARRY(e)SHIPSWEAPONSCARRY(f)SHIPSWEAPONSCARRY(g)SHIPSWEAPONSCARRY(h)SHIPSWEAPONSCARRY(a)SHIPSWEAPONSCARRY(b)SHIPSWEAPONSCARRY(c)SHIPSWEAPONSCARRY(d)SHIPSWEAPONSCARRY(e)SHIPSWEAPONSCARRY(f)SHIPSWEAPONSCARRY(g)SHIPSWEAPONSCARRY(h)Complex Multilevel Semantic Net REAGAN PassengersCarriesSUN ExplosiveMediterranean Sea16 June 2000IndiaItalyDestinationLocationDateSmithCaptainBattle Management20 yearsSkillsSkillsTypeISA/AKO Links SHIPSWEAPONSISA(a)SHIPSWEAPONS(b)REAGANSHIP(a)SHIPWATER VEHICLEAKO(b)Example Rules - II SHIPSWEAPONS(a) SHIPWATER VEHICLEAKOVEHICLEAKOAKOSHIPSWEAPONS(a) SHIPWATER VEHICLEAKOVEHICLEAKOAKOSHIPSWEAPONS(c) REAGAN SHIPISAWATER VEHICLEAKOISASHIPSWEAPONS(b) SHIPWATER VEHICLEAKOPERSONHas CaptainHas CaptainSHIPSWEAPONS(b) SHIPWATER VEHICLEAKOPERSONHas CaptainHas CaptainExample Rules - II SHIPSWEAPONS(d) REAGANSHIPISAPERSONHas CaptainHas CaptainSHIPSWEAPONS(d) REAGANSHIPISAPERSONHas CaptainHas CaptainSHIPSWEAPONS(e) REAGANIndiaDestinationCOUNTRYISADestinationApplying Transfer Rules REAGAN SUNExplosiveMediterranean SeaIndiaDestinationLocationCarriesType(a) REAGAN SUNExplosiveMediterranean SeaIndiaLocationCarriesType(b) SmithBattle ManagementSkillsREAGAN SUNExplosiveMediterranean SeaIndiaDestinationLocationCarriesType(c) Combines (a) and (b)SmithBattle ManagementSkillsSecurity Constraints SHIPSWEAPONSCarries(a)REAGANSUNSHIPSDestinationCarries(b)REAGANSUNCOUNTRYMediterraneanSHIPSWEAPONSCarries(a)REAGANSUNSHIPSDestinationCarries(b)REAGANSUNCOUNTRYMediterraneanLocationSecurity Constraint Violation - I REAGAN CarriesSUN ExplosiveMediterranean SeaCOUNTRYDestinationLocationSmithCaptainBattle ManagementSkillsTypeREAGAN CarriesSUN
View Full Document