Data and Applications Security Developments and Directions

1
Data and Applications Security Developments and
Directions

• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• Lecture 10
• Security for Distributed Data Management
• February 10, 2005

2
Outline

• Distributed Database Systems
• Architecture, Data Distribution, Functions
• Security Issues
• Discretionary Security, Multilevel Security
• Comments
• Assumption Network is secure focusing on
  securing the data

3
A Definition of a Distributed Database System

• A collection of database systems connected via a
  network
• The software that is responsible for
  interconnection is a Distributed Database
  Management System (DDBMS)
• Each DBMS executes local applications and should
  be involved in at least one global application
  (Ceri and Pelagetti)
• Homogeneous environment

4
Architecture
5
Distributed Processor
Network Interface
Distributed Query/Update Processor
Distributed Transaction Manager
Integrity/ Security Manager
Distributed Metadata Management
Local DBMS Interface
6
Data Distribution
S
I
T
E

1
E
M
P
1
D
E
P
T
1


D

S
S

N
a
m
e
S
a
l
a
r
y
D
n
a
m
e
D

M
G
R

1
0
1
J
o
h
n
2
0

1
0

J
a
n
e

C
.

S
c
i
.

2
0
2
P
a
u
l
3
0



2
0

3
J
a
m
e
s
4
0
3
0













D
a
v
i
d

E
n
g
l
i
s
h


2
0



4
J
i
l
l
5
0

4
0
P
e
t
e
r
F
r
e
n
c
h
1
0
6
0
5
M
a
r
y
2
0
6
J
a
n
e
7
0
S
I
T
E

2
E
M
P
2
D
E
P
T
2
S
S

N
a
m
e
S
a
l
a
r
y


D

D
n
a
m
e
D

M
G
R

9
M
a
t
h
e
w
7
0
5
0
5
0
J
o
h
n
M
a
t
h
D
a
v
i
d









8
0








3
0
7

P
h
y
s
i
c
s
P
a
u
l
2
0
P
e
t
e
r
9
0
4
0
8
7
Distributed Database Functions

• Distributed Query Processing
• Optimization techniques across the databases
• Distributed Transaction Management
• Techniques for distributed concurrency control
  and recovery
• Distributed Metadata Management
• Techniques for managing the distributed metadata
• Distributed Security/Integrity Maintenance
• Techniques for processing integrity constraints
  and enforcing access control rules across the
  databases

8
Discretionary Security

• Architecture
• Discretionary Security Mechanisms
• Access Control
• Security Policy Integration
• Views for Security
• Secure Distributed Database Functions

9
Secure Distributed Database System

• A collection of secure database systems (SDBMS)
  connected via a secure network
• The software that is responsible for
  interconnection is a Secure Distributed Database
  Management System (SDDBMS)
• Each SDBMS executes local applications and should
  be involved in at least one global application
  (Ceri and Pelagetti)
• Homogeneous environment

10
Architecture

11
Discretionary Security Mechanism

12
Access Control Policies

13
Security Policy Integration


14
Views for Security

15
Secure Distributed Database Functions


16
Multilevel Security

• Aspects of MLS/DDBMS
• Architectures
• Data Model
• Functions
• Inference Control

17
Aspects of MLS/DDBMS


18
Architecture - I


19
Architecture - II


20
Architecture III


21
Modules if SDP (Secure Distributed Processor)


DQP Distributed Query Processor DTM Distributed
Transaction Mangier DMM Distributed Metadata
Manager DSML Distributed Security Manager DIM
Distributed Integrity Manager

22
Multilevel Distributed Data Model


23
MLS/DDBMS Functions


24
Distributed Inference Controller


25
Discretionary Security Mechanism


26
Comments

• Techniques for centralize data management have to
  be extended for a distributed environment
• Access control enforced across databases
• Inference control across databases
• Web will continue to impact the development of
  secure distributed data managers
• Network security is critical