Database and Applications Security Integrating Information Security and Data Management

Database and Applications Security: Integrating Information Security and Data Management reviews recent developments in security, with an emphasis on the protection of databases. It begins by providing background in database security, followed by descriptions of discretionary access control, multilevel secure databases, and models, functions, prototypes, and products of multilevel secure relational systems. It then discusses facets of the inference problem and addresses secure distributed databases. Following an analysis of secure object systems, the book focuses on security aspects of data warehousing and data mining. It also covers threats to privacy due to data mining, and concludes with an exploration of emerging technologies.

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging applications.

Foreword -- Preface -- Acknowledgments -- About the Author -- 1 Introduction -- 1.1 Trends -- 1.2 Supporting Technologies for Database and Applications Security -- 1.3 Discretionary Security in Database Systems -- 1.4 Multilevel Secure Data Management -- 1.5 Multilevel Secure Relational Data Models and Systems -- 1.6 Inference Problem -- 1. 7 Secure Distributed Database Systems -- 1.8 Secure Object and Multimedia Data Systems -- 1.9 Data Warehousing, Data Mining, Security, and Privacy -- 1.10 Secure Web Information Management Technologies -- 1.11 Emerging Secure Information Management Technologies -- 1.12 Organization of This Book -- 1.13 Next Steps -- PART 1: SUPPORTING TECHNOLOGIES -- FOR DATABASE AND APPLICATIONS SECURITY -- 2 Data Management Technologies -- 2.1 Overview -- 2.2 Relational and Entity-Relationship Data Models -- 2.2.1 Overview -- 2.2.2 Relational Data Model -- 2.2.3 Entity-Relationship Data Model -- 2.3 Architectural Issues -- 2.4 Database Design -- 2.5 Database Administration -- 2.6 Database Management System Functions -- 2.6.1 Overview -- 2.6.2 Query Processing -- 2.6.3 Transaction Management -- 2.6.4 Storage Management -- 2.6.5 Metadata Management -- 2.6.6 Database Integrity -- 2.6.7 Fault Tolerance -- 2.6.8 Other Functions -- 2.7 Distributed Databases -- 2.8 Heterogeneous Database Integration -- 2.9 Federated Databases -- 2.10 Client/Server Databases -- 2.11 Migrating Legacy Databases and Applications -- 2.12 Data Warehousing -- 2.13 Data Mining -- 2.14 Impact of the Web -- 2.15 Object Technology -- 2.15.1 Overview -- 2.15.2 Object Data Model -- 2.15.3 Other Object Technologies -- 2.16 Other Database Systems -- 2.17 Summary and Directions -- References -- Exercises -- 3 Information Security -- 3.1 Overview -- 3.2 Access Control and Other Security Concepts -- 3.3 Secure Systems -- 3.4 Secure Operating Systems -- 3.5 Secure Database Systems -- 3.6 Secure Networks -- 3.7 Emerging Trends -- 3.8 Impact of the Web -- 3.9 Steps to Building Secure Systems -- 3.10 Summary and Directions -- References -- Exercises -- 4 Information Management Technologies -- 4.1 Overview -- 4.2 Information Retrieval Systems -- 4.2.1 Text Retrieval -- 4.2.2 Image Retrieval -- 4.2.3 Video Retrieval -- 4.2.4 Audio Retrieval -- 4.3 Multimedia Data and Information Management -- 4.4 Digital Libraries -- 4.4.1 Overview -- 4.4.2 Web Database Management -- 4.4.3 Markup Languages -- 4.4.4 Search Engines -- 4.4.5 Question-Answering Systems -- 4.5 Knowledge Management -- 4.6 Collaboration and Data Management -- 4.7 E-Commerce Technologies -- 4.8 Semantic Web Technologies -- 4.9 Wireless and Sensor Information Management -- 4.10 Real-Time Processing and Quality-of-Service Aspects -- 4.11 High-Performance Computing Technologies -- 4.12 Some Other Information Management Technologies -- 4.12.1 Overview -- 4.12.2 Visualization -- 4.12.3 Decision Support -- 4.12.4 Agents -- 4.12.5 Peer-to-Peer Data Management -- 4.13 Summary and Directions -- References -- Exercises -- Conclusion to Part I -- PART II: DISCRETIONARY SECURITY -- FOR DATABASE SYSTEMS -- 5 Security Policies -- 5.1 Overview -- 5.2 Access-Control Policies -- 5.2.1 Overview -- 5.2.2 Authorization Policies -- 5.2.3 Role-Based Access Control -- 5.3 Administration Policies -- 5.4 Identification and Authentication -- 5.5 Auditing a Database System -- 5.6 Views for Security -- 5.7 Summary and Directions -- References -- Exercises -- 6 Policy Enforcement and Related Issues -- 6.1 Overview -- 6.2 SQL Extensions for Security -- 6.3 Query Modification -- 6.4 Discretionary Security and Database Functions -- 6.5 Visualization of Policies -- 6.6 Prototypes and Products -- 6.7 Summary and Directions -- References -- Exercises -- Conclusion to Part ll -- PART Ill: MANDATORY SECURITY -- FOR OAT ABASE SYSTEMS -- 7 Historical Developments -- 7.1 Overview -- 7.2 Early Efforts -- 7.3 Air Force Summer Study -- 7.4 Major Research and Development Efforts -- 7.5 Trusted Database Interpretation -- 7.6 Types of Multilevel Secure Database Systems -- 7.6.1 Overview -- 7.6.2 Relational Database Systems -- 7.6.3 Entity-Relationship Systems -- 7.6.4 Object Database Systems -- 7.6.5 Distributed and Heterogeneous Database Systems -- 7.6.6 Deductive Database Systems -- 7.6.7 Functional Database Systems -- 7.6.8 Parallel Database Systems -- 7.6.9 Real-Time Database Systems -- 7.7 Hard Problems -- 7.8 Emerging Technologies -- 7.9 Summary and Directions -- References -- Exercises -- 8 Design Principles -- 8.1 Overview -- 8.2 Mandatory Access Control -- 8.2.1 Overview -- 8.2.2 Mandatory Access-Control Policies -- 8.3 Security Architectures -- 8.3.1 Overview -- 8.3.2 Integrity Lock -- 8.3.3 Operating System Providing Access Control -- 8.3.4 Kernel Extensions Architecture -- 8.3.5 Trusted Subject Architecture -- 8.3.6 Distributed Architecture -- 8.4 Summary and Directions -- References -- Exercises -- Conclusion to Part m -- PART IV: MULTILEVEL SECURE RELATIONAL -- OAT ABASE SYSTEMS -- 9 Multilevel Relational Data Models -- 9.1 Overview -- 9.2 Granularity of Classification -- 9.3 Polyinstantiation -- 9.4 Toward Developing a Standard Multilevel Relational -- Data Model -- 9.5 Summary and Directions -- References -- Exercises -- 1 0 Security Impact on Database Functions -- 10.1 Overview -- 10.2 Query Processing -- 10.3 Transaction Processing -- 10.4 Storage Management -- 10.5 Metadata Management -- 10.6 Other Functions -- 10.7 Summary and Directions -- References -- Exercises -- 11 Prototypes and Products -- 11.1 Overview -- 11.2 Prototypes -- 11.2.1 Overview -- 11.2.2 Discussion of Prototypes -- 11.2.2.1 Hinke-Schaefer -- 11.2.2.2 Naval Surveillance Model -- 11.2.2.3 Integrity Lock Prototypes -- 11.2.2.4 SeaView -- 11.2.2.5 Lock Data Views -- 11.2.2.6 ASD and ASD-Views -- 11.2.2.7 SINTRA and SDDBMS -- 11.2.2.8 SWORD -- 11.3 Products -- 11.3.1 Overview -- 11.3.2 Discussion of Products -- 11.3.2.1 TRUDATA -- 11.3.2.2 Sybase Secure SQL Server -- 11.3.2.3 Trusted Oracle -- 11.3.2.4 Trusted Informix -- 11.3.2.5 Trusted Rubix -- 11.3.2.6 SERdb -- 11.3.2.7 Secure Teradata Machine -- 11.3.2.8 INGRES -- 11.4 Summary and Directions -- References -- Exercises -- Conclusion to Part IV -- PART V: THE INFERENCE PROBLEM -- 12 A Perspective of the Inference Problem -- 12.1 Overview -- 12.2 Statistical Database Inference -- 12.3 Discussion of Approaches for Handling Inference -- in a MLS/DBMS -- 12.4 Complexity of the Inference Problem -- 12.5 Summary and Directions -- References -- Exercises -- 13 Security-Constraint Processing for Inference Control -- 13.1 Overview -- 13.2 Background -- 13.3 Security Constraints -- 13.3.1 Simple Constraints -- 13.3.2 Content-Based Constraints -- 13.3.3 Association-Based Constraints (also Called Context -- or Together Constraints) -- 13.3.4 Event-Based Constraints -- 13.3.5 General Release-Based Constraints -- 13.3.6 Individual Release-Based Constraints -- 13.3.7 Aggregate Constraints -- 13.3.8 Logical Constraints -- 13.3.9 Constraints with Conditions -- 13.3.10 Other Constraints -- 13.3.11 Level-Based Constraints -- 13.3.12 Fuzzy Constraints -- 13.3.13 Complex Constraints -- 13.4 Approach to Security Constraint Processing -- 13.5 Consistency and Completeness of the Constraints -- 13.5.1 Algorithm A: Consistency and Completeness Checker -- 13.6 Design of the Query Processor -- 13.6.1 Security Policy -- 13.6.2 Functionality of the Query Processor -- 13.6.2.1 Query Modification -- 13.6.2.2 Response Processing -- 13.7 Design of the Update Processor -- 13.7.1 Security Policy -- 13.7.2 Functionality of the Update Processor -- 13.8 Handling Security Constraints During Database Design -- 13.8.1 Overview -- 13.9 Security Control Processing and Release Control -- 13.10 Summary and Directions -- References -- Exercises -- 14 Conceptual Structures for Inference Control -- 14.1 Overview -- 14.2 Semantic Nets and the Inference Problem -- 14.2.1 Overview -- 14.2.2 Multilevel Semantic Nets -- 14.2.3 Reasoning with Multilevel Semantic Nets -- 14.2.3

Thuraisingham\, Bhavani