Tải bản đầy đủ - 0 (trang)
Chapter 6. Database and Data Mining Security

Chapter 6. Database and Data Mining Security

Tải bản đầy đủ - 0trang

ourunderstandingofdatabasesecurityproblems,andseveral

goodcontrolshavebeendeveloped.But,asyouwillsee,there

arestillmoresecurityconcernsforwhichtherearenoavailable

controls.

Webeginthischapterwithabriefsummaryofdatabase

terminology.Thenweconsiderthesecurityrequirementsfor

databasemanagementsystems.Twomajorsecurity

problemsintegrityandsecrecyareexplainedinadatabase

context.Wecontinuethechapterbystudyingtwomajor(but

related)databasesecurityproblems,theinferenceproblemand

themultilevelproblem.Bothproblemsarecomplex,andthere

arenoimmediatesolutions.However,byunderstandingthe

problems,webecomemoresensitivetowaysofreducing

potentialthreatstothedata.Finally,weconcludethechapter

bylookingatdatamining,atechnologyforderivingpatterns

fromoneormoredatabases.Datamininginvolvesmanyofthe

securityissuesweraiseinthischapter.



6.1.IntroductiontoDatabases

Webeginbydescribingadatabaseanddefiningterminology

relatedtoitsuse.Wedrawonexamplesfromwhatiscalledthe

relationaldatabasebecauseitisoneofthemostwidelyused

types.However,alltheconceptsdescribedhereapplytoany

typeofdatabase.Wefirstdefinethebasicconceptsandthen

usethemtodiscusssecurityconcerns.



ConceptofaDatabase

Adatabaseisacollectionofdataandasetofrulesthat

organizethedatabyspecifyingcertainrelationshipsamongthe

data.Throughtheserules,theuserdescribesalogicalformat

forthedata.Thedataitemsarestoredinafile,buttheprecise

physicalformatofthefileisofnoconcerntotheuser.A

databaseadministratorisapersonwhodefinestherulesthat

organizethedataandalsocontrolswhoshouldhaveaccessto

whatpartsofthedata.Theuserinteractswiththedatabase

throughaprogramcalledadatabasemanageroradatabase

managementsystem(DBMS),informallyknownasafront

end.



ComponentsofDatabases

Thedatabasefileconsistsofrecords,eachofwhichcontains

onerelatedgroupofdata.AsshownintheexampleinTable61,arecordinanameandaddressfileconsistsofonenameand

address.Eachrecordcontainsfieldsorelements,the

elementarydataitemsthemselves.Thefieldsinthenameand

addressrecordareNAME,ADDRESS,CITY,STATE,andZIP

(whereZIPistheU.S.postalcode).Thisdatabasecanbe



viewedasatwo-dimensionaltable,wherearecordisarowand

eachfieldofarecordisanelementofthetable.

Table6-1.ExampleofaDatabase.

ADAMS



212Market

St.



BENCHLY

CARTER



Columbus



OH



43210



501UnionSt. Chicago



IL



60603



411ElmSt.



OH



43210



Columbus



Noteverydatabaseiseasilyrepresentedasasingle,compact

table.ThedatabaseinFigure6-1logicallyconsistsofthreefiles

withpossiblydifferentuses.Thesethreefilescouldbe

representedasonelargetable,butthatdepictionmaynot

improvetheutilityoforaccesstothedata.



Figure6-1.RelatedPartsofaDatabase.



Thelogicalstructureofadatabaseiscalledaschema.A

particularusermayhaveaccesstoonlypartofthedatabase,

calledasubschema.Theoverallschemaofthedatabasein

Figure6-1isdetailedinTable6-2.Thethreeseparateblocksof

thefigureareexamplesofsubschemas,althoughother

subschemasofthisdatabasecanbedefined.Wecanuse

schemasandsubschemastopresenttousersonlythose

elementstheywishorneedtosee.Forexample,ifTable6-1

representstheemployeesatacompany,thesubschemaonthe

lowerleftcanlistemployeenameswithoutrevealingpersonal

informationsuchashomeaddress.

Table6-2.SchemaofDatabaseShowninFigure6-1.

Name



First



Address



City



State



Zip



Airport



ADAMS



Charles



212Market

St.



Columbus



OH



43210



CMH



ADAMS



Edward



212Market

St.



Columbus



OH



43210



CMH



Zeke



501UnionSt.



Chicago



IL



60603



ORD



Columbus



OH



43210



CMH



BENCHLY

CARTER



Marlene 411ElmSt.



CARTER



Beth



411ElmSt.



Columbus



OH



43210



CMH



CARTER



Ben



411ElmSt.



Columbus



OH



43210



CMH



Lisabeth 411ElmSt.



Columbus



OH



43210



CMH



Columbus



OH



43210



CMH



CARTER

CARTER



Mary



411ElmSt.



Therulesofadatabaseidentifythecolumnswithnames.The

nameofeachcolumniscalledanattributeofthedatabase.A

relationisasetofcolumns.Forexample,usingthedatabase

inTable6-2,weseethatNAMEZIPisarelationformedby

takingtheNAMEandZIPcolumns,asshowninTable6-3.The

relationspecifiesclustersofrelateddatavaluesinmuchthe

samewaythattherelation"motherof"specifiesarelationship

amongpairsofhumans.Inthisexample,eachclustercontains

apairofelements,aNAMEandaZIP.Otherrelationscanhave

morecolumns,soeachclustermaybeatriple,a4-tuple,oran

n-tuple(forsomevaluen)ofelements.

Table6-3.RelationinaDatabase.

Name



Zip



ADAMS



43210



BENCHLY



60603



CARTER



43210



Queries

Usersinteractwithdatabasemanagersthroughcommandsto

theDBMSthatretrieve,modify,add,ordeletefieldsand

recordsofthedatabase.Acommandiscalledaquery.

Databasemanagementsystemshavepreciserulesofsyntaxfor

queries.MostquerylanguagesuseanEnglish-likenotation,and

manyarebasedonSQL,astructuredquerylanguageoriginally

developedbyIBM.Wehavewrittentheexamplequeriesinthis

chaptertoresembleEnglishsentencessothattheyareeasyto

understand.Forexample,thequery



SELECTNAME='ADAMS'



retrievesallrecordshavingthevalueADAMSintheNAMEfield.

Theresultofexecutingaqueryisasubschema.Onewayto

formasubschemaofadatabaseisbyselectingrecordsmeeting

certainconditions.Forexample,wemightselectrecordsin

whichZIP=43210,producingtheresultshowninTable6-4.

Table6-4.ResultofSelectQuery.

Name



First



Address



City



State



Zip



Airport



ADAMS



Charles



212Market

St.



Columbus



OH



43210



CMH



ADAMS



Edward



212Market

St.



Columbus



OH



43210



CMH



CARTER



Marlene 411ElmSt.



Columbus



OH



43210



CMH



CARTER



Beth



411ElmSt.



Columbus



OH



43210



CMH



CARTER



Ben



411ElmSt.



Columbus



OH



43210



CMH



Lisabeth 411ElmSt.



Columbus



OH



43210



CMH



Columbus



OH



43210



CMH



CARTER

CARTER



Mary



411ElmSt.



Other,morecomplex,selectioncriteriaarepossible,withlogical

operatorssuchasand( )andor( ),andcomparisonssuchas

lessthan(<).Anexampleofaselectqueryis

SELECT(ZIP='43210') (NAME='ADAMS')



Afterhavingselectedrecords,wemayprojecttheserecords

ontooneormoreattributes.Theselectoperationidentifies

certainrowsfromthedatabase,andaprojectoperation

extractsthevaluesfromcertainfields(columns)ofthose

records.Theresultofaselect-projectoperationisthesetof

valuesofspecifiedattributesfortheselectedrecords.For

example,wemightselectrecordsmeetingthecondition

ZIP=43210andprojecttheresultsontotheattributesNAME

andFIRST,asinTable6-5.Theresultisthelistoffirstandlast

namesofpeoplewhoseaddresseshavezipcode43210.

Table6-5.ResultsofSelect-ProjectQuery.

ADAMS



Charles



ADAMS



Edward



CARTER



Marlene



CARTER



Beth



CARTER



Ben



CARTER



Lisabeth



CARTER



Mary



Noticethatwedonothavetoprojectontothesame

attribute(s)onwhichtheselectionisdone.Forexample,wecan

buildaqueryusingZIPandNAMEbutprojecttheresultonto

FIRST:

SHOWFIRSTWHERE(ZIP='43210') (NAME='ADAMS')



Theresultwouldbealistofthefirstnamesofpeoplewhose

lastnamesareADAMSandZIPis43210.

Wecanalsomergetwosubschemaonacommonelementby

usingajoinquery.Theresultofthisoperationisasubschema

whoserecordshavethesamevalueforthecommonelement.

Forexample,Figure6-2showsthatthesubschemaNAMEZIP

andthesubschemaZIPAIRPORTcanbejoinedonthecommon

fieldZIPtoproducethesubschemaNAMEAIRPORT.



Figure6-2.ResultsofSelect-Project-JoinQuery.



AdvantagesofUsingDatabases

Thelogicalideabehindadatabaseisthis:Adatabaseisasingle

collectionofdata,storedandmaintainedatonecentral

location,towhichmanypeoplehaveaccessasneeded.

However,theactualimplementationmayinvolvesomeother



physicalstoragearrangementoraccess.Theessenceofagood

databaseisthattheusersareunawareofthephysical

arrangements;theunifiedlogicalarrangementisalltheysee.

Asaresult,adatabaseoffersmanyadvantagesoverasimple

filesystem:

sharedaccess,sothatmanyuserscanuseonecommon,

centralizedsetofdata

minimalredundancy,sothatindividualusersdonothaveto

collectandmaintaintheirownsetsofdata

dataconsistency,sothatachangetoadatavalueaffects

allusersofthedatavalue

dataintegrity,sothatdatavaluesareprotectedagainst

accidentalormaliciousundesirablechanges

controlledaccess,sothatonlyauthorizedusersareallowed

toviewortomodifydatavalues

ADBMSisdesignedtoprovidetheseadvantagesefficiently.

However,asoftenhappens,theobjectivescanconflictwith

eachother.Inparticular,asweshallsee,securityinterestscan

conflictwithperformance.Thisclashisnotsurprisingbecause

measurestakentoenforcesecurityoftenincreasethe

computingsystem'ssizeorcomplexity.Whatissurprising,

though,isthatsecurityinterestsmayalsoreducethesystem's

abilitytoprovidedatatousersbylimitingcertainqueriesthat

wouldotherwiseseeminnocuous.







6.2.SecurityRequirements

Thebasicsecurityrequirementsofdatabasesystemsarenot

unlikethoseofothercomputingsystemswehavestudied.The

basicproblemsaccesscontrol,exclusionofspuriousdata,

authenticationofusers,andreliabilityhaveappearedinmany

contextssofarinthisbook.Followingisalistofrequirements

fordatabasesecurity.

Physicaldatabaseintegrity.Thedataofadatabaseare

immunetophysicalproblems,suchaspowerfailures,and

someonecanreconstructthedatabaseifitisdestroyed

throughacatastrophe.

Logicaldatabaseintegrity.Thestructureofthedatabaseis

preserved.Withlogicalintegrityofadatabase,a

modificationtothevalueofonefielddoesnotaffectother

fields,forexample.

Elementintegrity.Thedatacontainedineachelementare

accurate.

Auditability.Itispossibletotrackwhoorwhathas

accessed(ormodified)theelementsinthedatabase.

Accesscontrol.Auserisallowedtoaccessonlyauthorized

data,anddifferentuserscanberestrictedtodifferent

modesofaccess(suchasreadorwrite).

Userauthentication.Everyuserispositivelyidentified,both

fortheaudittrailandforpermissiontoaccesscertaindata.

Availability.Userscanaccessthedatabaseingeneraland



allthedataforwhichtheyareauthorized.

Webrieflyexamineeachoftheserequirements.



IntegrityoftheDatabase

Ifadatabaseistoserveasacentralrepositoryofdata,users

mustbeabletotrusttheaccuracyofthedatavalues.This

conditionimpliesthatthedatabaseadministratormustbe

assuredthatupdatesareperformedonlybyauthorized

individuals.Italsoimpliesthatthedatamustbeprotectedfrom

corruption,eitherbyanoutsideillegalprogramactionorbyan

outsideforcesuchasfireorapowerfailure.Twosituationscan

affecttheintegrityofadatabase:whenthewholedatabaseis

damaged(ashappens,forexample,ifitsstoragemediumis

damaged)orwhenindividualdataitemsareunreadable.

Integrityofthedatabaseasawholeistheresponsibilityofthe

DBMS,theoperatingsystem,andthe(human)computing

systemmanager.Fromtheperspectiveoftheoperatingsystem

andthecomputingsystemmanager,databasesandDBMSsare

filesandprograms,respectively.Therefore,onewayof

protectingthedatabaseasawholeistoregularlybackupall

filesonthesystem.Theseperiodicbackupscanbeadequate

controlsagainstcatastrophicfailure.

Sometimesitisimportanttobeabletoreconstructthe

databaseatthepointofafailure.Forinstance,whenthepower

failssuddenly,abank'sclientsmaybeinthemiddleofmaking

transactionsorstudentsmaybeinthemidstofregistering

onlinefortheirclasses.Inthesecases,wewanttobeableto

restorethesystemstoastablepointwithoutforcingusersto

redotheirrecentlycompletedtransactions.Tohandlethese

situations,theDBMSmustmaintainalogoftransactions.For

example,supposethebankingsystemisdesignedsothata

messageisgeneratedinalog(electronicorpaperorboth)each



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 6. Database and Data Mining Security

Tải bản đầy đủ ngay(0 tr)

×