1st Edition
Database and Applications Security Integrating Information Security and Data Management
This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing.
Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging applications.
Foreword
Preface
Acknowledgments
About the Author
Introduction
Trends
Supporting Technologies for Database and Applications Security
Discretionary Security in Database Systems
Multilevel Secure Data Management
Multilevel Secure Relational Data Models and Systems
Inference Problem
Secure Distributed Database Systems
Secure Object and Multimedia Data Systems
Data Warehousing, Data Mining, Security, and Privacy
Secure Web Information Management Technologies
Emerging Secure Information Management Technologies
Organization of This Book
Next Steps
PART I: SUPPORTING TECHNOLOGIES FOR DATABASE AND APPLICATIONS SECURITY
Data Management Technologies
Overview
Relational and Entity-Relationship Data Models
Overview
Relational Data Model
Entity-Relationship Data Model
Architectural Issues
Database Design
Database Administration
Database Management System Functions
Overview
Query Processing
Transaction Management
Storage Management
Metadata Management
Database Integrity
Fault Tolerance
Other Functions
Distributed Databases
Heterogeneous Database Integration
Federated Databases
Client/Server Databases
Migrating Legacy Databases and Applications
Data Warehousing
Data Mining
Impact of the Web
Object Technology
Overview
Object Data Model
Other Object Technologies
Other Database Systems
Summary and Directions
References
Exercises
Information Security
Overview
Access Control and Other Security Concepts
Secure Systems
Secure Operating Systems
Secure Database Systems
Secure Networks
Emerging Trends
Impact of the Web
Steps to Building Secure Systems
Summary and Directions
References
Exercises
Information Management Technologies
Overview
Information Retrieval Systems
Text Retrieval
Image Retrieval
Video Retrieval
Audio Retrieval
Multimedia Data and Information Management
Digital Libraries
Overview
Web Database Management
Markup Languages
Search Engines
Question-Answering Systems
Knowledge Management
Collaboration and Data Management
E-Commerce Technologies
Semantic Web Technologies
Wireless and Sensor Information Management
Real-Time Processing and Quality-of-Service Aspects
High-Performance Computing Technologies
Some Other Information Management Technologies
Overview
Visualization
Decision Support
Agents
Peer-to-Peer Data Management
Summary and Directions
References
Exercises
Conclusion to Part I
PART II: DISCRETIONARY SECURITY FOR DATABASE SYSTEMS
Security Policies
Overview
Access-Control Policies
Overview
Authorization Policies
Role-Based Access Control
Administration Policies
Identification and Authentication
Auditing a Database System
Views for Security
Summary and Directions
References
Exercises
Policy Enforcement and Related Issues
Overview
SQL Extensions for Security
Query Modification
Discretionary Security and Database Functions
Visualization of Policies
Prototypes and Products
Summary and Directions
References
Exercises
Conclusion to Part II
PART III: MANDATORY SECURITY
FOR DATABASE SYSTEMS
Historical Developments
Overview
Early Efforts
Air Force Summer Study
Major Research and Development Efforts
Trusted Database Interpretation
Types of Multilevel Secure Database Systems
Overview
Relational Database Systems
Entity-Relationship Systems
Object Database Systems
Distributed and Heterogeneous Database Systems
Deductive Database Systems
Functional Database Systems
Parallel Database Systems
Real-Time Database Systems
Hard Problems
Emerging Technologies
Summary and Directions
References
Exercises
Design Principles
Overview
Mandatory Access Control
Overview
Mandatory Access-Control Policies
Security Architectures
Overview
Integrity Lock
Operating System Providing Access Control
Kernel Extensions Architecture
Trusted Subject Architecture
Distributed Architecture
Summary and Directions
References
Exercises
Conclusion to Part III
PART IV: MULTILEVEL SECURE RELATIONAL DATABASE SYSTEMS
Multilevel Relational Data Models
Overview
Granularity of Classification
Polyinstantiation
Toward Developing a Standard Multilevel Relational
Data Model
Summary and Directions
References
Exercises
Security Impact on Database Functions
Overview
Query Processing
Transaction Processing
Storage Management
Metadata Management
Other Functions
Summary and Directions
References
Exercises
Prototypes and Products
Overview
Prototypes
Overview
Discussion of Prototypes
Hinke–Schaefer
Naval Surveillance Model
Integrity Lock Prototypes
SeaView
Lock Data Views
ASD and ASD-Views
SINTRA and SDDBMS
SWORD
Products
Overview
Discussion of Products
TRUDATA
Sybase Secure SQL Server
Trusted Oracle
Trusted Informix
Trusted Rubix
SERdb
Secure Teradata Machine
INGRES
Summary and Directions
References
Exercises
Conclusion to Part IV
PART V: THE INFERENCE PROBLEM
A Perspective of the Inference Problem
Overview
Statistical Database Inference
Discussion of Approaches for Handling Inference in a MLS/DBMS
Complexity of the Inference Problem
Summary and Directions
References
Exercises
Security-Constraint Processing for Inference Control
Overview
Background
Security Constraints
Simple Constraints
Content-Based Constraints
Association-Based Constraints (also Called Context or Together Constraints)
Event-Based Constraints
General Release-Based Constraints
Individual Release-Based Constraints
Aggregate Constraints
Logical Constraints
Constraints with Conditions
Other Constraints
Level-Based Constraints
Fuzzy Constraints
Complex Constraints
Approach to Security Constraint Processing
Consistency and Completeness of the Constraints
Algorithm A: Consistency and Completeness Checker
Design of the Query Processor
Security Policy
Functionality of the Query Processor
Query Modification
Response Processing
Design of the Update Processor
Security Policy
Functionality of the Update Processor
Handling Security Constraints During Database Design
Overview
Security Control Processing and Release Control
Summary and Directions
References
Exercises
Conceptual Structures for Inference Control
Overview
Semantic Nets and the Inference Problem
Overview
Multilevel Semantic Nets
Reasoning with Multilevel Semantic Nets
Implicit Information
Conditional Statements and Auxiliary Nets
Enforcing Security Constraints
Universal and Existential Conditionals
Semantics
Multilevel Worlds
Interpretations
Ground Vectors
Ground Conditionals
Universal Conditionals
Existential Conditionals
Refutations
Summary and Directions
References
Exercises
Conclusion to Part V
PART VI: SECURE DISTRIBUTED AND HETEROGENEOUS DATABASE SYSTEMS
Discretionary Security for Distributed Database Systems
Overview
Discretionary Security
Overview
Access-Control Policies
Distributed Access Control
Role-Based Access Control
Identification and Authentication
Auditing a Distributed Database System
Security Policy Integration
Query Modification
View Mechanism
SQL for Distributed Database Security
Security Impact on Distributed Database Functions
Security for Emerging Distributed System Technologies
Summary and Directions
References
Exercises
Multilevel Security for Distributed Database Systems
Overview
Background
Architectures
Distributed Data and Centralized Control
Distributed Data and Distributed Control
Data Modeling
Functions
Inference Problem for a MLS/DDBMS
Summary and Directions
References
Exercises
Secure Heterogeneous and Federated Database Systems
Overview
Background
Architectures
Schema Integration
Policy Integration
Functions
Inference Problem
Secure Client/Server Database Management
Secure Migration of Legacy Databases and Applications
Summary and Directions
References
Exercises
Conclusion to Part VI
PART VII: SECURE OBJECT AND MULTIMEDIA SYSTEMS
Discretionary and Multilevel Security for Object
Database Systems
Overview
Discretionary Security
Overview
Policy Issues
Policy Enforcement
Example Systems
Overview
ORION
IRIS
STARBURST
GEMSTONE
Multilevel Security
Overview
Policy Issues
System Design Issues
Example Systems
Overview
SODA System
SORION Model
SO Model
Millen–Lunt Model
Jajodia–Kogan Model
Morgenstern’s Model
UFOS Model
Summary and Directions
References
Exercises
Aspects of Objects and Security
Overview
Security for Object Request Brokers
Overview
OMG Security Services
Secure Components and Frameworks
Object Modeling for Secure Applications
Overview
Multilevel OMT
UML and Security
Summary and Directions
References
Exercises
Secure Multimedia Data Management Systems
Overview
Security for Multimedia Data Management Systems
Overview
Security Policy
Secure System Architectures for Multimedia
Database Systems
Secure Data Models for Multimedia Database Systems
Security Impact on Multimedia Data and Information
Management Functions
Secure Distributed Multimedia Data Management
Inference Problem
Secure Geospatial Information Systems
Summary and Directions
References
Exercises
Conclusion to Part VII
PART VIII: DATA WAREHOUSING, DATA MINING, SECURITY, AND PRIVACY
Secure Data Warehousing
Overview
Background
Secure Information Technologies for Data Warehousing
Designing a Secure Data Warehouse
Data Quality and Data Warehousing
A Note on Multilevel Security
Secure Data Warehousing, Data Mining, and Decision Support
Summary and Directions
References
Exercises
Data Mining for Security Applications
Overview
Data Mining for National Security
Overview
Non-Information-Related Terrorism
Terrorist Attacks and External Threats
Insider Threats
Transportation and Border Security Violations
Data Mining for National Security Applications
Non-Real-Time Threats
Real-Time Threats
Analyzing the Techniques
Link Analysis
Data Mining for Cyber-Security
Overview
Cyber-Terrorism, Insider Threats, and External Attacks
Malicious Intrusions
Credit Card Fraud and Identity Theft
Attacks on Critical Infrastructure
Data Mining for Cyber-Security
Summary and Directions
References
Exercises
Privacy
Overview
Privacy Considerations
Data Warehousing, Data Mining, Security, and Privacy
Inference Problem and Privacy
Privacy-Enhanced/Sensitive/Preserving Data Mining
Confidentiality and Privacy
Civil Liberties and National Security
Federated Data Management, Data Sharing, and Privacy
Summary and Directions
References
Exercises
Conclusion to Part VIII
PART IX: SECURE WEB DATA AND INFORMATION
MANAGEMENT TECHNOLOGIES
Secure Web Data Management and Digital Libraries
Overview
Threats to Web Security
Overview
General Cyber-Threats
Threats to Web Databases
Web Security Solutions
Overview
Solutions for General Threats
Securing Components and Firewalls
Cryptography
Risk Analysis
Biometrics, Forensics, and Other Solutions
Solutions for Threats to Web Databases
Data Mining
Constraint Processing
Role-Based Access Control
Fault-Tolerant Processing, Recovery, and
Replication
Secure Digital Libraries
Overview
Secure Web Database Functions
Secure Information Retrieval
Secure Search Engines
Secure Markup Languages
Secure Question-Answering Systems
Summary and Directions
References
Exercises
Security for XML, RDF, and the Semantic Web
Overview
Security for the Semantic Web
Overview
XML Security
RDF Security
Secure Information Interoperability
Secure Query and Rules Processing for the
Semantic Web
Trust for the Semantic Web
Access Control and Dissemination of XML Documents
Privacy and the Semantic Web
Overview
Data Mining, National Security, Privacy, and the
Semantic Web
Solutions to the Privacy Problem
Secure Web Services
Secure Agents and Related Technologies
Secure Grid and Secure Semantic Grid
Security Impact on the Database as a Service Model
Summary and Directions
References
Exercises
Secure E-Commerce, Collaboration, and Knowledge Management
Overview
Secure E-Commerce
Secure Workflow and Collaboration
Secure Knowledge Management
Secure Peer-to-Peer Data Management
Secure Dynamic Coalitions and Virtual Organizations
Trust and Rights Management
Security Informatics
Summary and Directions
References
Exercises
Conclusion to Part IX
PART X: EMERGING SECURE DATA MANAGEMENT TECHNOLOGIES AND APPLICATIONS
Secure Dependable Data Management
Overview
Dependable Systems
Dependable Infrastructure and Data Management
Overview
Dependable Infrastructure
Dependable Data Managers
Security Issues
Data Quality
Overview
Developments in Data Quality
Annotations for Data Quality
Semantic Web and Data Quality
Data Mining and Data Quality
Security and Data Quality
Critical Infrastructure Protection
Summary and Directions
References
Exercises
Secure Sensor and Wireless Information Management
Overview
Security for Sensor Databases
Overview
Security Policy
Security Architectures
Security Impact on Sensor Database Functions
Secure Distributed Sensor Data Management
Inference Problem
Privacy Considerations
Secure Sensor Data Management Issues Unique to Sensor
Networks
Overview
Strategic Path Reliability in Information-Gathering
Sensor Networks
Handling Non-overlapping and Incomparable
Security Levels
Security Architectural Impact on Sensor Networks
Handling Unique Constraints
Secure Wireless and Mobile Data Management
A Note on Secure Telecommunications Information
Management
Security for Moving Databases
Summary and Directions
References
Exercises
Digital Identity, Forensics, and Related Topics
Overview
Digital Identity
Identity Theft Management
Biometrics
Digital Forensics
Steganography and Digital Watermarking
Risk and Economic Analysis
Other Secure Systems and Applications
The Role of Database and Applications Security for Homeland Security
Summary and Directions
References
Exercises
Conclusion to Part X
Summary and Directions
About This Chapter
Summary of This Book
Directions for Database and Applications Security
Where Do We Go from Here?
Appendices A
Data Management Systems: Developments and Trends
Overview
Developments in Database Systems
Status, Vision, and Issues
Data Management Systems Framework
Building Information Systems from the Framework
Relationship between the Texts
Summary
References
B Suggested Reading: Books in Database Systems and Information Security
Database Systems
Information and Database Security
Distributed Database Systems
Object Databases, Distributed Objects, and Object Modeling
Multimedia Databases
Intelligent and Deductive Database Systems
Data Warehousing and Mining
Digital Libraries, Web Database Management, and the Semantic Web
Knowledge Management
Sensor Networks and Sensor Information Management
Index
Biography
Bhavani Thuraisingham
". . . a very good starting point for someone who needs orientation in database security."
– Gottfried Vossen, in Zentralblatt Math, 2006, Vol. 1089, No. 15