资源描述
Analyzing and Securing Social NetworksDr.Bhavani ThuraisinghamThe University of Texas at DallasLecture#1Introduction to Data and Applications SecurityJanuary 18,2013OutlinelData and Applications Security -Developments and DirectionslSecure Semantic Web-XML Security;Other directionslSome Emerging Secure DAS Technologies-Secure Sensor Information Management;Secure Dependable Information ManagementlSome Directions for Privacy Research-Data Mining for handling security problems;Privacy vs.National Security;Privacy Constraint Processing;Foundations of the Privacy ProblemlWhat are the Challenges?Developments in Data and Applications Security:1975-PresentlAccess Control for Systems R and Ingres(mid 1970s)lMultilevel secure database systems(1980 present)-Relational database systems:research prototypes and products;Distributed database systems:research prototypes and some operational systems;Object data systems;Inference problem and deductive database system;TransactionslRecent developments in Secure Data Management(1996 Present)-Secure data warehousing,Role-based access control(RBAC);E-commerce;XML security and Secure Semantic Web;Data mining for intrusion detection and national security;Privacy;Dependable data management;Secure knowledge management and collaborationDevelopments in Data and Applications Security:Multilevel Secure Databases-IlAir Force Summer Study in 1982lEarly systems based on Integrity Lock approachlSystems in the mid to late 1980s,early 90s-E.g.,Seaview by SRI,Lock Data Views by Honeywell,ASD and ASD Views by TRW-Prototypes and commercial products-Trusted Database Interpretation and Evaluation of Commercial ProductslSecure Distributed Databases(late 80s to mid 90s)-Architectures;Algorithms and Prototype for distributed query processing;Simulation of distributed transaction management and concurrency control algorithms;Secure federated data management Developments in Data and Applications Security:Multilevel Secure Databases-IIlInference Problem(mid 80s to mid 90s)-Unsolvability of the inference problem;Security constraint processing during query,update and database design operations;Semantic models and conceptual structureslSecure Object Databases and Systems(late 80s to mid 90s)-Secure object models;Distributed object systems security;Object modeling for designing secure applications;Secure multimedia data managementlSecure Transactions(1990s)-Single Level/Multilevel Transactions;Secure recovery and commit protocolsSome Directions and Challenges for Data and Applications Security-IlSecure semantic web and Social Networks-Security modelslSecure Information Integration-How do you securely integrate numerous and heterogeneous data sources on the web and otherwiselSecure Sensor Information Management-Fusing and managing data/information from distributed and autonomous sensorslSecure Dependable Information Management-Integrating Security,Real-time Processing and Fault TolerancelData Sharing vs.Privacy-Federated database architectures?Some Directions and Challenges for Data and Applications Security-IIlData mining and knowledge discovery for intrusion detection-Need realistic models;real-time data mininglSecure knowledge management-Protect the assets and intellectual rights of an organizationlInformation assurance,Infrastructure protection,Access Control-Insider cyber-threat analysis,Protecting national databases,Role-based access control for emerging applicationslSecurity for emerging applications-Geospatial,Biomedical,E-Commerce,etc.lOther Directions-Trust and Economics,Trust Management/Negotiation,Secure Peer-to-peer computing,Coalition Data and Policy SharingExportData/PolicyComponentData/Policy for Agency AData/Policy for FederationExportData/PolicyComponentData/Policy for Agency CComponentData/Policy for Agency BExportData/PolicyOther topics of InterestlSecure Cloud ComputinglMobile code securitylVulnerability AnalysislInfrastructure security-Power gridlHealthcare SecuritylFinancial SecurityAccess ControllDiscretionary Access Control in Relational DatabaseslMandatory Access Control in Relational Databases-Security ConstraintslTypes of Access Control-Inference problem,Role-based,Temporal,UsagelAccess Control in Other Databases-Objects,FederatedlCurrent Trends in Access Control-Date Warehousing,Semantic Web,Privacy Control lNext Steps in Access ControlAccess Control in Relational Databases:1975-PresentlAccess Control policies were developed initially for file systems-E.g.,Read/write policies for fileslAccess control in databases started with the work in System R and Ingres Projects-Access Control rules were defined for databases,relations,tuples,attributes and elements-SQL and QUEL languages were extended lGRANT and REVOKE StatementslRead access on EMP to User group A Where EMP.Salary 30K and EMP.Dept Security-Query Modification:lModify the query according to the access control ruleslRetrieve all employee information where salary 30K and Dept is not SecurityQuery Modification AlgorithmlInputs:Query,Access Control RuleslOutput:Modified QuerylAlgorithm:-Given a query Q,examine all the access control rules relevant to the query-Introduce a Where Clause to the query that negates access to the relevant attributes in the access control ruleslExample:rules are John does not have access to Salary in EMP and Budget in DEPT lEMP(E#,Ename,Salary,D#),DEPT(D#,Dname,Budg,Mgr)Query is to join the EMP and DEPT relations on Dept#lModify the query to Join EMP and DEPT on Dept#and project on all attributes except Salary and Budget-Output is the resulting queryMandatory Access Control(MAC)in Databases:1982-Present lBell and LaPadula Policy adapted for databases-Read at or below your level and Write at your level;Granularity of classification:Databases,Relations,Tuples,Attributes,Elements(Note:writing above your level is not a security problem)lSecurity Architectures-Operating system providing mandatory access control and DBMS is untrusted with respect to MAC(e.g.,SRIs SeaView)-Trusted Subject Architecture where DBMS is trusted with respect to MAC(e.g.,TRWs ASD and ASD Views)-Integrity Lock where Trusted front-end computes checksums(e.g.,MITREs MISTRESS Prototype)-Distributed Architecture where data is distributed according to security levels and access through trusted front-end(e.g.,NRLs SINTRA)Extended Kernel for Security Policy Enforcement such as constraints(e.g.,Honeywells Lock Data Views)Security Constraints/Access Control RuleslSimple Constraint:John cannot access the attribute Salary of relation EMPlContent-based constraint:If relation MISS contains information about missions in the Middle East,then John cannot access MISSlAssociation-based Constraint:Ships location and mission taken together cannot be accessed by John;individually each attribute can be accessed by JohnlRelease constraint:After X is released Y cannot be accessed by JohnlAggregate Constraints:Ten or more tuples taken together cannot be accessed by JohnlDynamic Constraints:After the Mission,information about the mission can be accessed by JohnEnforcement of Security Constraints User Interface ManagerConstraintManagerSecurity ConstraintsQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseRelational DBMSOther Developments in Access Control lInference Problem and Access Control-Inference problem occurs when users pose queries and deduce unauthorized information from the legitimate responses-Security constraint processing for controlling inferences-More recently there is work on controlling release information instead of controlling access to informationlTemporal Access Control Models-Incorporates time parameter into the access control modelslRole-based access control-Controlling access based on roles of people and the activities they carry out;Implemented in commercial systemslPositive and Negative Authorizations-Should negative authorizations be explicitly specified?How can conflicts be resolved?Some Examples lTemporal Access Control-After 1/1/05,only doctors have access to medical recordslRole-based Access Control-Manager has access to salary information-Project leader has access to project budgets,but he does not have access to salary information-What happens if the manager is also the project leader?lPositive and Negative Authorizations-John has write access to EMP-John does not have read access to DEPT-John does not have write access to Salary attribute in EMP-How are conflicts resolved?Privacy Constraints/Access Control RuleslPrivacy constraints processing-Simple Constraint:an attribute of a document is private-Content-based constraint:If document contains information about X,then it is private-Association-based Constraint:Two or more documents taken together is private;individually each document is public-Release constraint:After X is released Y becomes privatelAugment a database system with a privacy controller for constraint processingIntegrated Architecture for Privacy Constraint ProcessingUser Interface ManagerConstraintManagerPrivacy ConstraintsQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationXML Database Design ToolConstraints during database design operationDatabaseRelational DBMSOther PolicieslTrust Policies-To what extent do you trust the source of the data-How can trust be propagated-Adding trust value to each piece of data-A trusts B and B trusts C,does this mean A trusts C?-A department head sends messages to all the faculty;however he/she may not trust a particular person-Developing a language to specify trustlIntegrity Policies-Maintaining the quality of the data-Adding an attribute to each piece of data to specify the quality-Quality also depends on how much you trust the source-Algebra for data qualityAccess Control in Databases:Next StepslAccess Control in Databases will continue to be very important-We also need to examine alternativeslWe need new kinds of access control models-1975 models may not be suitable for emerging applications such as semantic web,e-commerce and stream data management-Role-based access control has become very popular and is implemented now in commercial systems.What variations of this model are appropriate for emerging applications?lEnd-to-end security is critical-We cannot have secure databases and have insecure networks and middleware;ComposabilitylFlexible security policies-Confidentiality,Authenticity,Completeness,Integrity,Trust,Privacy,Data Quality,etc.PolicieslNeed to Know to Need to SharelRBAClUCONlABAClDisseminationlRisk based access controllTrust Management/Credential/DisclosurelDirectionslMajor conferences for Policy and Access Control:-IEEE Policy Workshop-ACM SACMAT Need to Know to Need to SharelNeed to know policies during the cold war;even if the user has access,does the user have a need to know?lPost 9/11 the emphasis is on need to share-User may not have access,but needs the datalDo we give the data to the user and then analyze the consequenceslDo we analyze the consequences and then determine the actions to takelDo we simply not give the data to the userlWhat are risks involved?RBAClAccess to information sources including structured and unstructured data both within the organization and external to the organization lAccess based on roleslHierarchy of roles:handling conflictslControlled dissemination and sharing of the dataRBAC(Sandhu)UCONlRBAC model is incorporated into UCON and useful for various applications-Authorization componentlObligations-Obligations are actions required to be performed before an access is permitted-Obligations can be used to determine whether an expensive knowledge search is requiredlAttribute Mutability-Used to control the scope of the knowledge searchlCondition-Can be used for resource usage policies to be relaxed or tightenedUCON(Sandhu)Role-based Usage Control(RBUC)RBAC with UCON extensionRelease and Dissemination PolicieslRelease policies will determine to whom to release the data-What is the connection to access control-Is access control sufficient-Once the data is retrieved from the information source(e.g.,database)should it be released to the userlOnce the data is released,dissemination policies will determine who the data can be given to-Electronic music,etc.ABAC:Attribute-based Access ControllUser specifies his/her attributes(e.g.,gender,citizenship)lPolicies would specify access based on user credentialslOpen environmentlXACMLRisk Based Data Sharing/Access ControllWhat are the risks involved in releasing/disseminating the datalRisk modeling should be integrated with the access control modellSimple method:assign risk valueslHigher the risk,lower the sharinglWhat is the cost of releasing the data?lCost/Risk/Security closely relatedTrust ManagementlTrust Services-Identify services,authorization services,reputation serviceslTrust negotiation(TN)-Digital credentials,Disclosure policieslTN Requirements-Language requirementslSemantics,constraints,policies-System requirementslCredential ownership,validity,alternative negotiation strategies,privacylExample TN systems-KeyNote and Trust-X(U of Milan),TrustBuilder(UIUC)Trust Management The problem:establishing trust in open systems Mutual authentication-Assumption on the counterpart honesty no longer holds-Both participants need to authenticate each other Interactions between strangers-In conventional systems user identity is known in advance and can be used for performing access control-In open systems partecipants may have no pre-existing relationship and may not share a common security domainTrust NegotiationmodellA promising approach for open systems where most of the interactions occur between strangerslThe goal:establish trust between parties in order to exchange sensitive information and services lThe approach:establish trust by verifying properties of the other party Trust negotiation:the approach Interactions between strangers in open systems are different from traditional access control modelsPolicies and mechanisms developed in conventional systems need to be revisedUSER IDs VS.SUBJECT PROPERTIESACCESS CONTROL POLICIESVS.DISCLOSURE POLICIESSubject properties:digital credentials lAssertion about the credential owner issued and certified by a Certification Authority.CA CA CA CA Each entity has an associated set of credentials,describing properties and attributes of the owner.Use of CredentialsCredentialIssuerDigital Credentials-Julie-3 kids-Married-AmericanCompany ACompany BWant to know citizenshipWant to know marital status-Julie-American-Julie-MarriedAliceCheckCheckCredentialslCredentials can be expressed through the Security Assertion Mark-up Language(SAML)lSAML allows a party to express security statements about a given subject-Authentication statements-Attribute statements-Authorization decision statementsDisclosure policieslDisclosure policies govern:Access to protected resourcesAccess to sensitive informationDisclosure of sensitive credentialslDisclosure policies express trust requirements by means of credential combinations that must be disclosed to obtain authorizationDisclosure policiesDisclosure policies-Example lSuppose NBG Bank offers loans to studentslTo check the eligibility of the requester,the Bank asks the student to present the following credentials-The student card-The ID card-Social Security Card-Financial information either a copy of the Federal Income Tax Return or a bank statementDisclosure policies-Examplep1=(,Student_Loan Student_Card();p2=(p1),Student_Loan Social_Security_Card();p3=(p2,Student_Loan Federal_Income_Tax_Return();p4=(p2,Student_Loan Bank_Statement();P5=(p3,p4,Student_Loan DELIV);These policies result in two distinct“policy chains”that lead to disclosurep1,p2,p3,p5p1,p2,p4,p5Trust Negotiation-definition The gradual disclosure of credentials and requests for credentials between two strangers,with the goal of establishing sufficient trust so that the parties can exchange sensitive information and/or resources DirectionslPolicies are of much interest to many organizations and applications-Financial,Medical,Retail,Manufacturing etclRoles and responsibilitieslFlexible policieslRBAC,UCON,RBUC,Trust Negotiation,Dissemination PolicieslNeed to Know to Need to SharelIEEE POLICY and ACM SACMATl9、静夜四无、静夜四无邻,荒居旧,荒居旧业贫。9月月-239月月-23Saturday,September 23,2023l10、雨中黄叶、雨中黄叶树,灯下白,灯下白头人。人。19:40:1619:40:1619:409/23/2023 7:40:16 PMl11、以我独沈久,愧君相、以我独沈久,愧君相见频。9月月-2319:40:1619:40Sep-2323-Sep-23l12、故人江海、故人江海别,几度隔山川。,几度隔山川。19:40:1619:40:1619:40Saturday,September 23,2023l13、乍、乍见翻疑梦,相悲各翻疑梦,相悲各问年。年。9月月-239月月-2319:40:1619:40:16September 23,2023l14、他、他乡生白生白发,旧国,旧国见青山。青山。23 九月九月 20237:40:16 下午下午19:40:169月月-23l15、比不了得就不比,得不到的就不要。、比不了得就不比,得不到的就不要。九月九月 237:40 下午下午9月月-2319:40September 23,2023l16、行、行动出成果,工作出出成果,工作出财富。富。2023/9/23 19:40:1619:40:1623 September 2023l17、做前,能、做前,能够环视四周;做四周;做时,你只能或者最好沿着以脚,你只能或者最好沿着以脚为起点的射起点的射线向前。向前。7:40:16 下午下午7:40 下午下午19:40:169月月-23l9、没有失、没有失败,只有,只有暂时停止成功!。停止成功!。9月月-239月月-23Saturday,September 23,2023l10、很多事情努力了未必有、很多事情努力了未必有结果,但是不努力却什么改果,但是不努力却什么改变也没有。也没有。19:40:1619:40:1619:409/23/2023 7:40:16 PMl11、成功就是日复一日那一点点小小努力的、成功就是日复一日那一点点小小努力的积累。累。9月月-2319:40:1619:40Sep-2323-Sep-23l12、世、世间成事,不求其成事,不求其绝对圆满,留一份不足,可得无限完美。,留一份不足,可得无限完美。19:40:1619:40:1619:40Saturday,September 23,2023l13、不知香、不知香积寺,数里入云峰。寺,数里入云峰。9月月-239月月-2319:40:1619:40:16September 23,2023l14、意志、意志坚强的人能把世界放在手中像泥的人能把世界放在手中像泥块一一样任意揉捏。任意揉捏。23 九月九月 20237:40:16 下午下午19:40:169月月-23l15、楚塞三湘接,、楚塞三湘接,荆门九派通。九派通。九月九月 237:40 下午下午9月月-2319:40September 23,2023l16、少年十五二十、少年十五二十时,步行,步行夺得胡得胡马骑。2023/9/23 19:40:1619:40:1623 September 2023l17、空山新雨后,天气晚来秋。、空山新雨后,天气晚来秋。7:40:16 下午下午7:40 下午下午19:40:169月月-23l9、杨柳散和柳散和风,青山澹吾,青山澹吾虑。9月月-239月月-23Saturday,September 23,2023l10、阅读一切好一切好书如同和如同和过去最杰出的人去最杰出的人谈话。19:40:1619:40:1619:409/23/2023 7:40:16 PMl11、越是没有本、越是没有本领的就越加自命不凡。的就越加自命不凡。9月月-2319:40:1619:40Sep-2323-Sep-23l12、越是无能的人,越喜、越是无能的人,越喜欢挑剔挑剔别人的人的错儿。儿。19:40:1619:40:1619:40Saturday,September 23,2023l13、知人者智,自知者明。、知人者智,自知者明。胜人者有力,自人者有力,自胜者者强。9月月-239月月-2319:40:1619:40:16September 23,2023l14、意志、意志坚强的人能把世界放在手中像泥的人能把世界放在手中像泥块一一样任意揉捏。任意揉捏。23 九月九月 20237:40:16 下午下午19:40:169月月-23l15、最具挑、最具挑战性的挑性的挑战莫莫过于提升自我。于提升自我。九月九月 237:40 下午下午9月月-2319:40September 23,2023l16、业余生活要有意余生活要有意义,不要越,不要越轨。2023/9/23 19:40:1619:40:1623 September 2023l17、一个人即使已登上、一个人即使已登上顶峰,也仍要自峰,也仍要自强不息。不息。7:40:16 下午下午7:40 下午下午19:40:169月月-23MOMODA POWERPOINTLorem ipsum dolor sit amet,consectetur adipiscing elit.Fusce id urna blandit,eleifend nulla ac,fringilla purus.Nulla iaculis tempor felis ut cursus.感感 谢谢 您您 的的 下下 载载 观观 看看专家告诉
展开阅读全文