Database Security *)
Institut für Angewandte Informatik und Informationssysteme
Abteilung für Information Engineering
1.1 The Relational Data Model Revisited
1.2 The Vocabulary of Security and Major DB Security Threats 2. Database Security Models
2.1 Discretionary Security Models
2.2 Mandatory Security Models
2.3 Adapted Mandatory Access Control Model
2.4 Personal Knowledge Approach
2.5 Clark and Wilson Model
2.6 A Final Note on Database Security Models
3. Multilevel Secure Prototypes and Systems
3.2 Lock Data Views
4. Conceptual Data Model for Multilevel Security
4.1 Concepts of Security Semantics
4.2 Classification Constraints
4.3 Consistency and Conflict Management
4.4 Modeling the Example Application
5. Standardization and Evaluation Efforts
6. Future Directions in Database Security Research
Information stored in databases is often considered as a valuable and important corporate resource. Many organizations have become so dependent on the proper functioning of their systems that a disruption of service or a leakage of stored information may cause outcomes ranging from inconvenience to catastrophe. Corporate data may relate to financial records, others may be essential for the successful operation of an organization, may represent trade *) Advances in Computers, Vol. 38. M. C. Yovits (Ed.), Academic Press, 1994, pp. 1 - 74.
- 2 -
secrets, or may describe information about persons whose privacy must be protected. Thus, the general concept of database security is very broad and entails such things as moral and ethical issues imposed by public and society, legal issues where control is legislated over the collection and disclosure of stored information, or more technical issues such as how to protect the stored information from loss or unauthorized access, destruction, use, modification, or disclosure.
More generally speaking, database security is concerned with ensuring the secrecy, integrity, and availability of data stored in a database. To define the terms, secrecy denotes the protection of information from unauthorized disclosure either by direct retrieval or by indirect logical inference. In addition, secrecy must deal with the possibility that information may also be disclosed by legitimated users acting as an ‘information channel’ by passing secret information to unauthorized users. This may be done intentionally or without knowledge of the authorized user. Integrity requires data to be protected from malicious or accidental modification, including the insertion of false data, the contamination of data, and the destruction of data. Integrity constraints are rules that define the correct states of a database and thus can protect the correctness of the database during operation. Availability is the characteristic that ensures data being available to authorized users when they need them. Availability includes the ‘denial of service’ of a system, i. e. a system is not functioning in accordance with its intended purpose. Availability is closely related to integrity because ‘denial of service’ may be caused by unauthorized destruction, modification, or delay of service as well.
Database security cannot be seen as an isolated problem because it is effected by other components of a computerized system as well. The security requirements of a system are specified by means of a security policy which is then enforced by various security mechanisms. For databases, requirements on the security can be classified into the following categories: · Identification, Authentication
Usually before getting access to a database each user has to identify himself to the computer system. Authentication is the way to verify the identity of a user at log-on time. Most common authentication methods are passwords but more advanced techniques like badge readers, biometric...