厦门市初中生学业水平考试Title.ppt

AnalyzingandSecuringSocialNetworks,Dr.BhavaniThuraisinghamTheUniversityofTexasatDallasLecture#1IntroductiontoDataandApplicationsSecurityJanuary18,2013,Outline,DataandApplicationsSecurityDevelopmentsandDirectionsSecureSemanticWebXMLSecurity;OtherdirectionsSomeEmergingSecureDASTechnologiesSecureSensorInformationManagement;SecureDependableInformationManagementSomeDirectionsforPrivacyResearchDataMiningforhandlingsecurityproblems;Privacyvs.NationalSecurity;PrivacyConstraintProcessing;FoundationsofthePrivacyProblemWhataretheChallenges?,DevelopmentsinDataandApplicationsSecurity:1975-Present,AccessControlforSystemsRandIngres(mid1970s)Multilevelsecuredatabasesystems(1980present)Relationaldatabasesystems:researchprototypesandproducts;Distributeddatabasesystems:researchprototypesandsomeoperationalsystems;Objectdatasystems;Inferenceproblemanddeductivedatabasesystem;TransactionsRecentdevelopmentsinSecureDataManagement(1996Present)Securedatawarehousing,Role-basedaccesscontrol(RBAC);E-commerce;XMLsecurityandSecureSemanticWeb;Dataminingforintrusiondetectionandnationalsecurity;Privacy;Dependabledatamanagement;Secureknowledgemanagementandcollaboration,DevelopmentsinDataandApplicationsSecurity:MultilevelSecureDatabases-I,AirForceSummerStudyin1982EarlysystemsbasedonIntegrityLockapproachSystemsinthemidtolate1980s,early90sE.g.,SeaviewbySRI,LockDataViewsbyHoneywell,ASDandASDViewsbyTRWPrototypesandcommercialproductsTrustedDatabaseInterpretationandEvaluationofCommercialProductsSecureDistributedDatabases(late80stomid90s)Architectures;AlgorithmsandPrototypefordistributedqueryprocessing;Simulationofdistributedtransactionmanagementandconcurrencycontrolalgorithms;Securefederateddatamanagement,DevelopmentsinDataandApplicationsSecurity:MultilevelSecureDatabases-II,InferenceProblem(mid80stomid90s)Unsolvabilityoftheinferenceproblem;Securityconstraintprocessingduringquery,updateanddatabasedesignoperations;SemanticmodelsandconceptualstructuresSecureObjectDatabasesandSystems(late80stomid90s)Secureobjectmodels;Distributedobjectsystemssecurity;Objectmodelingfordesigningsecureapplications;SecuremultimediadatamanagementSecureTransactions(1990s)SingleLevel/MultilevelTransactions;Securerecoveryandcommitprotocols,SomeDirectionsandChallengesforDataandApplicationsSecurity-I,SecuresemanticwebandSocialNetworksSecuritymodelsSecureInformationIntegrationHowdoyousecurelyintegratenumerousandheterogeneousdatasourcesonthewebandotherwiseSecureSensorInformationManagementFusingandmanagingdata/informationfromdistributedandautonomoussensorsSecureDependableInformationManagementIntegratingSecurity,Real-timeProcessingandFaultToleranceDataSharingvs.PrivacyFederateddatabasearchitectures?,SomeDirectionsandChallengesforDataandApplicationsSecurity-II,DataminingandknowledgediscoveryforintrusiondetectionNeedrealisticmodels;real-timedataminingSecureknowledgemanagementProtecttheassetsandintellectualrightsofanorganizationInformationassurance,Infrastructureprotection,AccessControlInsidercyber-threatanalysis,Protectingnationaldatabases,Role-basedaccesscontrolforemergingapplicationsSecurityforemergingapplicationsGeospatial,Biomedical,E-Commerce,etc.OtherDirectionsTrustandEconomics,TrustManagement/Negotiation,SecurePeer-to-peercomputing,CoalitionDataandPolicySharing,Export,Data/Policy,Component,Data/Policyfor,AgencyA,Data/PolicyforFederation,Export,Data/Policy,Component,Data/Policyfor,AgencyC,Component,Data/Policyfor,AgencyB,Export,Data/Policy,OthertopicsofInterest,SecureCloudComputingMobilecodesecurityVulnerabilityAnalysisInfrastructuresecurityPowergridHealthcareSecurityFinancialSecurity,AccessControl,DiscretionaryAccessControlinRelationalDatabasesMandatoryAccessControlinRelationalDatabasesSecurityConstraintsTypesofAccessControlInferenceproblem,Role-based,Temporal,UsageAccessControlinOtherDatabasesObjects,FederatedCurrentTrendsinAccessControlDateWarehousing,SemanticWeb,PrivacyControlNextStepsinAccessControl,AccessControlinRelationalDatabases:1975-Present,AccessControlpoliciesweredevelopedinitiallyforfilesystemsE.g.,Read/writepoliciesforfilesAccesscontrolindatabasesstartedwiththeworkinSystemRandIngresProjectsAccessControlrulesweredefinedfordatabases,relations,tuples,attributesandelementsSQLandQUELlanguageswereextendedGRANTandREVOKEStatementsReadaccessonEMPtoUsergroupAWhereEMP.Salary30KandEMP.DeptSecurityQueryModification:ModifythequeryaccordingtotheaccesscontrolrulesRetrieveallemployeeinformationwheresalary30KandDeptisnotSecurity,QueryModificationAlgorithm,Inputs:Query,AccessControlRulesOutput:ModifiedQueryAlgorithm:GivenaqueryQ,examinealltheaccesscontrolrulesrelevanttothequeryIntroduceaWhereClausetothequerythatnegatesaccesstotherelevantattributesintheaccesscontrolrulesExample:rulesareJohndoesnothaveaccesstoSalaryinEMPandBudgetinDEPTEMP(E#,Ename,Salary,D#),DEPT(D#,Dname,Budg,Mgr)QueryistojointheEMPandDEPTrelationsonDept#ModifythequerytoJoinEMPandDEPTonDept#andprojectonallattributesexceptSalaryandBudgetOutputistheresultingquery,MandatoryAccessControl(MAC)inDatabases:1982-Present,BellandLaPadulaPolicyadaptedfordatabasesReadatorbelowyourlevelandWriteatyourlevel;Granularityofclassification:Databases,Relations,Tuples,Attributes,Elements(Note:writingaboveyourlevelisnotasecurityproblem)SecurityArchitecturesOperatingsystemprovidingmandatoryaccesscontrolandDBMSisuntrustedwithrespecttoMAC(e.g.,SRIsSeaView)TrustedSubjectArchitecturewhereDBMSistrustedwithrespecttoMAC(e.g.,TRWsASDandASDViews)IntegrityLockwhereTrustedfront-endcomputeschecksums(e.g.,MITREsMISTRESSPrototype)DistributedArchitecturewheredataisdistributedaccordingtosecuritylevelsandaccessthroughtrustedfront-end(e.g.,NRLsSINTRA)ExtendedKernelforSecurityPolicyEnforcementsuchasconstraints(e.g.,HoneywellsLockDataViews),SecurityConstraints/AccessControlRules,SimpleConstraint:JohncannotaccesstheattributeSalaryofrelationEMPContent-basedconstraint:IfrelationMISScontainsinformationaboutmissionsintheMiddleEast,thenJohncannotaccessMISSAssociation-basedConstraint:ShipslocationandmissiontakentogethercannotbeaccessedbyJohn;individuallyeachattributecanbeaccessedbyJohnReleaseconstraint:AfterXisreleasedYcannotbeaccessedbyJohnAggregateConstraints:TenormoretuplestakentogethercannotbeaccessedbyJohnDynamicConstraints:AftertheMission,informationaboutthemissioncanbeaccessedbyJohn,EnforcementofSecurityConstraints,UserInterfaceManager,ConstraintManager,SecurityConstraints,QueryProcessor:Constraintsduringqueryandreleaseoperations,UpdateProcessor:Constraintsduringupdateoperation,DatabaseDesignToolConstraintsduringdatabasedesignoperation,Database,RelationalDBMS,OtherDevelopmentsinAccessControl,InferenceProblemandAccessControlInferenceproblemoccurswhenusersposequeriesanddeduceunauthorizedinformationfromthelegitimateresponsesSecurityconstraintprocessingforcontrollinginferencesMorerecentlythereisworkoncontrollingreleaseinformationinsteadofcontrollingaccesstoinformationTemporalAccessControlModelsIncorporatestimeparameterintotheaccesscontrolmodelsRole-basedaccesscontrolControllingaccessbasedonrolesofpeopleandtheactivitiestheycarryout;ImplementedincommercialsystemsPositiveandNegativeAuthorizationsShouldnegativeauthorizationsbeexplicitlyspecified?Howcanconflictsberesolved?,SomeExamples,TemporalAccessControlAfter1/1/05,onlydoctorshaveaccesstomedicalrecordsRole-basedAccessControlManagerhasaccesstosalaryinformationProjectleaderhasaccesstoprojectbudgets,buthedoesnothaveaccesstosalaryinformationWhathappensifthemanagerisalsotheprojectleader?PositiveandNegativeAuthorizationsJohnhaswriteaccesstoEMPJohndoesnothavereadaccesstoDEPTJohndoesnothavewriteaccesstoSalaryattributeinEMPHowareconflictsresolved?,PrivacyConstraints/AccessControlRules,PrivacyconstraintsprocessingSimpleConstraint:anattributeofadocumentisprivateContent-basedconstraint:IfdocumentcontainsinformationaboutX,thenitisprivateAssociation-basedConstraint:Twoormoredocumentstakentogetherisprivate;individuallyeachdocumentispublicReleaseconstraint:AfterXisreleasedYbecomesprivateAugmentadatabasesystemwithaprivacycontrollerforconstraintprocessing,IntegratedArchitectureforPrivacyConstraintProcessing,UserInterfaceManager,ConstraintManager,PrivacyConstraints,QueryProcessor:Constraintsduringqueryandreleaseoperations,UpdateProcessor:Constraintsduringupdateoperation,XMLDatabaseDesignToolConstraintsduringdatabasedesignoperation,Database,RelationalDBMS,OtherPolicies,TrustPoliciesTowhatextentdoyoutrustthesourceofthedataHowcantrustbepropagatedAddingtrustvaluetoeachpieceofdataAtrustsBandBtrustsC,doesthismeanAtrustsC?Adepartmentheadsendsmessagestoallthefaculty;howeverhe/shemaynottrustaparticularpersonDevelopingalanguagetospecifytrustIntegrityPoliciesMaintainingthequalityofthedataAddinganattributetoeachpieceofdatatospecifythequalityQualityalsodependsonhowmuchyoutrustthesourceAlgebrafordataquality,AccessControlinDatabases:NextSteps,AccessControlinDatabaseswillcontinuetobeveryimportantWealsoneedtoexaminealternativesWeneednewkindsofaccesscontrolmodels1975modelsmaynotbesuitableforemergingapplicationssuchassemanticweb,e-commerceandstreamdatamanagementRole-basedaccesscontrolhasbecomeverypopularandisimplementednowincommercialsystems.Whatvariationsofthismodelareappropriateforemergingapplications?End-to-endsecurityiscriticalWecannothavesecuredatabasesandhaveinsecurenetworksandmiddleware;ComposabilityFlexiblesecuritypoliciesConfidentiality,Authenticity,Completeness,Integrity,Trust,Privacy,DataQuality,etc.,Policies,NeedtoKnowtoNeedtoShareRBACUCONABACDisseminationRiskbasedaccesscontrolTrustManagement/Credential/DisclosureDirectionsMajorconferencesforPolicyandAccessControl:IEEEPolicyWorkshopACMSACMAT,NeedtoKnowtoNeedtoShare,Needtoknowpoliciesduringthecoldwar;eveniftheuserhasaccess,doestheuserhaveaneedtoknow?Post9/11theemphasisisonneedtoshareUsermaynothaveaccess,butneedsthedataDowegivethedatatotheuserandthenanalyzetheconsequencesDoweanalyzetheconsequencesandthendeterminetheactionstotakeDowesimplynotgivethedatatotheuserWhatarerisksinvolved?,RBAC,AccesstoinformationsourcesincludingstructuredandunstructureddatabothwithintheorganizationandexternaltotheorganizationAccessbasedonrolesHierarchyofroles:handlingconflictsControlleddisseminationandsharingofthedata,RBAC(Sandhu),UCON,RBACmodelisincorporatedintoUCONandusefulforvariousapplicationsAuthorizationcomponentObligationsObligationsareactionsrequiredtobeperformedbeforeanaccessispermittedObligationscanbeusedtodeterminewhetheranexpensiveknowledgesearchisrequiredAttributeMutabilityUsedtocontrolthescopeoftheknowledgesearchConditionCanbeusedforresourceusagepoliciestoberelaxedortightened,UCON(Sandhu),Role-basedUsageControl(RBUC),RBACwithUCONextension,ReleaseandDisseminationPolicies,ReleasepolicieswilldeterminetowhomtoreleasethedataWhatistheconnectiontoaccesscontrolIsaccesscontrolsufficientOncethedataisretrievedfromtheinformationsource(e.g.,database)shoulditbereleasedtotheuserOncethedataisreleased,disseminationpolicieswilldeterminewhothedatacanbegiventoElectronicmusic,etc.,ABAC:Attribute-basedAccessControl,Userspecifieshis/herattributes(e.g.,gender,citizenship)PolicieswouldspecifyaccessbasedonusercredentialsOpenenvironmentXACML,RiskBasedDataSharing/AccessControl,Whataretherisksinvolvedinreleasing/disseminatingthedataRiskmodelingshouldbeintegratedwiththeaccesscontrolmodelSimplemethod:assignriskvaluesHighertherisk,lowerthesharingWhatisthecostofreleasingthedata?Cost/Risk/Securitycloselyrelated,TrustManagement,TrustServicesIdentifyservices,authorizationservices,reputationservicesTrustnegotiation(TN)Digitalcredentials,DisclosurepoliciesTNRequirementsLanguagerequirementsSemantics,constraints,policiesSystemrequirementsCredentialownership,validity,alternativenegotiationstrategies,privacyExampleTNsystemsKeyNoteandTrust-X(UofMilan),TrustBuilder(UIUC),TrustManagement,Theproblem:establishingtrustinopensystems,Mutualauthentication-Assumptiononthecounterparthonestynolongerholds-Bothparticipantsneedtoauthenticateeachother,?,Interactionsbetweenstrangers-Inconventionalsystemsuseridentityisknowninadvanceandcanbeusedforperformingaccesscontrol-Inopensystemspartecipantsmayhavenopre-existingrelationshipandmaynotshareacommonsecuritydomain,TrustNegotiationmodel,ApromisingapproachforopensystemswheremostoftheinteractionsoccurbetweenstrangersThegoal:establishtrustbetweenpartiesinordertoexchangesensitiveinformationandservicesTheapproach:establishtrustbyverifyingpropertiesoftheotherparty,Trustnegotiation:theapproach,Interactionsbetweenstrangersinopensystemsaredifferentfromtraditionalaccesscontrolmodels,Policiesandmechanismsdevelopedinconventionalsystemsneedtoberevised,USERIDsVS.SUBJECTPROPERTIES,ACCESSCONTROLPOLICIESVS.DISCLOSUREPOLICIES,Subjectproperties:digitalcredentials,AssertionaboutthecredentialownerissuedandcertifiedbyaCertificationAuthority.,CA,CA,Eachentityhasanassociatedsetofcredentials,describingpropertiesandattributesoftheowner.,UseofCredentials,CredentialIssuer,DigitalCredentials,Julie3kidsMarriedAmerican,CompanyA,CompanyB,Wanttoknowcitizenship,Wanttoknowmaritalstatus,-Julie-American,-Julie-Married,Alice,Check,Check,Referencedfrom,Credentials,CredentialscanbeexpressedthroughtheSecurityAssertionMar