E-Book, Englisch, Band 33, 462 Seiten
Yu / Jajodia Secure Data Management in Decentralized Systems
1. Auflage 2007
ISBN: 978-0-387-27696-0
Verlag: Springer US
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, Band 33, 462 Seiten
Reihe: Advances in Information Security
ISBN: 978-0-387-27696-0
Verlag: Springer US
Format: PDF
Kopierschutz: 1 - PDF Watermark
The field of database security has expanded greatly, with the rapid development of global inter-networked infrastructure. Databases are no longer stand-alone systems accessible only to internal users of organizations. Today, businesses must allow selective access from different security domains. New data services emerge every day, bringing complex challenges to those whose job is to protect data security. The Internet and the web offer means for collecting and sharing data with unprecedented flexibility and convenience, presenting threats and challenges of their own. This book identifies and addresses these new challenges and more, offering solid advice for practitioners and researchers in industry.
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;Preface;8
3;Part I Foundation;10
3.1;Basic Security Concepts;12
3.1.1;1 Introduction;12
3.1.2;2 Security Policy;13
3.1.3;3 Mechanism;27
3.1.4;4 Assurance;32
3.1.5;5 Basic Architecture for Trusted Operating Systems;52
3.1.6;6 Conclusion;28
3.1.7;References;29
3.2;Access Control Policies and Languages in Open Environments;30
3.2.1;1 Introduction;30
3.2.2;2 Basic Concepts;32
3.2.3;3 Logic-Based Access Control Languages;35
3.2.4;4 XML-Based Access Control Languages;45
3.2.5;5 Credential-Based Access Control Languages;52
3.2.6;6 Policy Composition;57
3.2.7;7 Conclusions;64
3.2.8;8 Acknowledgments;64
3.2.9;References;64
3.3;Trusted Recovery;68
3.3.1;1 Introduction;68
3.3.2;2 Basic Concepts in Attack Recovery;71
3.3.3;3 Transaction Models for Attack Recovery;74
3.3.4;4 Damage Assessment and Repair;76
3.3.5;5 Single-Version based Recovery;81
3.3.6;6 Multi-Version based Recovery;91
3.3.7;7 Related Work;96
3.3.8;8 Conclusion;99
3.3.9;9 Acknowledgment;99
3.3.10;References;99
4;Part II Access Control for Semi-structured Data;104
4.1;Access Control Policy Models for XML;106
4.1.1;1 Introduction;106
4.1.2;2 Example XML Document and Policy;108
4.1.3;3 Access Control Policy Model;110
4.1.4;4 Access Control Policy Languages;116
4.1.5;5 Efficient Policy Enforcement Mechanisms;123
4.1.6;6 Summary;133
4.1.7;References;133
4.2;Optimizing Tree Pattern Queries over Secure XML Databases;136
4.2.1;1 Introduction;136
4.2.2;2 Related Work;138
4.2.3;3 Model and The Problem;143
4.2.4;4 Definitions and Conventions;148
4.2.5;5 Tree-Structured DTD Graph;149
4.2.6;6 DAG-structured DTD Graphs;151
4.2.7;7 DAG-Structured DTDs with Choice;162
4.2.8;8 Experiments;168
4.2.9;9 Summary;172
4.2.10;References;172
5;Part III Distributed Trust Management;176
5.1;Rule-based Policy Specification;178
5.1.1;1 Introduction;178
5.1.2;2 Security Policies;179
5.1.3;3 Policy-Based Trust Management;189
5.1.4;4 Action Languages;198
5.1.5;5 Business Rules;206
5.1.6;6 Unifying Frameworks;213
5.1.7;7 Summary and Open Research Issues;215
5.1.8;8 Acknowledgements;217
5.1.9;References;218
5.2;Automated Trust Negotiation in Open Systems;226
5.2.1;1 Introduction;226
5.2.2;2 Basic Concepts of Automated Trust Negotiation;229
5.2.3;3 Interoperable Strategies;231
5.2.4;4 A Unified Scheme for Resource Protection in Trust Negotiation;242
5.2.5;5 Rust Negotiation System Design;252
5.2.6;6 Conclusion;263
5.2.7;References;265
5.3;Building Trust and Security in Peer-to-Peer Systems;268
5.3.1;1 Introduction;268
5.3.2;2 Evolution of P2P;269
5.3.3;3 System Architectures and Need for Security;274
5.3.4;4 Need for Trust in P2P Systems;274
5.3.5;5 A Vision of Trusted P2P Systems;276
5.3.6;6 Literature Review;277
5.3.7;7 Universal Trust Set;279
5.3.8;8 Our Approach to Trust and Security;282
5.3.9;9 P2P for the Future and Open Issues;289
5.3.10;10 Conclusions;293
5.3.11;References;293
6;Part IV Privacy in Cross-Domain Information Sharing;298
6.1;Microdata Protection;300
6.1.1;1 Introduction;300
6.1.2;2 Macrodata Versus Microdata;302
6.1.3;3 Classification of Microdata Disclosure Protection Techniques;305
6.1.4;4 Masking Techniques;307
6.1.5;5 Synthetic Data Generation Techniques;315
6.1.6;6 Measures for Assessing Microdata Confidentiality and Utility;321
6.1.7;7 Conclusions;326
6.1.8;8 Acknowledgments;327
6.1.9;References;327
6.2;k- Anonymity;332
6.2.1;1 Introduction;332
6.2.2;2 k-Anonymity and k-Anonymous Tables;334
6.2.3;3 Classification of k-Anonymity Techniques;342
6.2.4;4 Algorithms for AG-TS and AG-;346
6.2.5;5 Algorithms for -CS and CG- Models;354
6.2.6;6 Further Studies on k-Anonymity;355
6.2.7;7 Conclusions;359
6.2.8;8 Acknowledgments;360
6.2.9;References;360
6.3;Preserving Privacy in On-line Analytical Processing Data Cubes*;364
6.3.1;1 Introduction;364
6.3.2;2 Related Work;366
6.3.3;3 Preliminaries;367
6.3.4;4 Cardinality-based Inference Control in Sum-only Data Cubes;370
6.3.5;5 Parity-based Inference Control in Sum-only Data Cubes;376
6.3.6;6 Lattice-based Inference Control in Data Cubes;381
6.3.7;7 Conclusion;386
6.3.8;References;387
7;Part V Security in Emerging Data Services;391
7.1;Search on Encrypted Data;392
7.1.1;1 Introduction;392
7.1.2;2 Keyword search on encrypted text data;395
7.1.3;3 Search over Encrypted Relational Data;402
7.1.4;4 Conclusions;431
7.1.5;Acknowledgements;432
7.1.6;References;433
7.2;Rights Assessment for Relational Data;436
7.2.1;1 Introduction;436
7.2.2;2 Model;437
7.2.3;3 Numeric Types;445
7.2.4;4 Categorical Types;456
7.2.5;5 Related Work;461
7.2.6;6 State of The Art and the Future;463
7.2.7;7 Conclusions;463
7.2.8;References;464
8;Index;468
2 Security Policy (p. 4)
The security policy elaborates on each of the three generic objectives of security- secrecy, integrity, and availability-in the context of a particular system. Thus, com- puter security policies are used like requirements, they are the starting point in the development of any system that has security features. The security policy of a system is the basis for the choice of its protection mechanisms and the techniques used to assure its enforcement of the security policy.
Existing security policies tend to focus only on the secrecy requirement of se- curity. Thus, these policies deal with defining what is authorized or, more simply, arriving at a satisfactory definition of the secrecy component. The choice of a security policy with reasonable consequences is nontrivial and a separate topic in its own right. In fact, security policies are investigated through formal mathematical models. These models have shown, among other things, that the consequences of arbitrary but relatively simple security policies are undecidable and that avoiding this undecidability is nontrivial [5,7,8]. To read more about the formal security models, see [3].
All security policies are stated in terms of objects and subjects. This is because in reasoning about security policies, we must be careful about the distinction between users and the processes that act on behalf of the users. Users are human beings that are recognized by the system as users with an unique identity. This is achieved via identification and authentication mechanisms, the familiar example is a user identi- fier and password.
All system resources are abstractly lumped together as objects and, thus, all ac- tivities within a system can be viewed as sequences of operations on objects. In the relational database context, an object may be a relation, a tuple within a relation, or an attribute value within a tuple. More generally, anything that holds data may be an object, such as memory, directories, interprocess messages, network packets, I10 devices, or physical media.
A subject is an abstraction of the active entities that perform computation in the system. Thus, only subjects can access or manipulate objects. In most cases, within the system a subject is usually a process, job, or task, operating on behalf of some user, although at a higher level of abstraction users may be viewed as subjects. A user can have several subjects running in the system on his or her behalf at the same time, but each subject is associated with only a single user. This requirement is important to ensure the accountability of actions in a system.
Although the subject-object paradigm makes a clear distinction between subjects and objects (subjects are active entities, while objects are passive entities), an entity could be both a subject and an object. The only requirement is that if an entity be- haves like a subject (respectively, object), it must abide by rules of the model that apply to subjects (respectively, objects).
Basic Security Concepts 5
The reason a distinction must be made between users and subjects is that while users are trusted not to deliberately leak information (they do not require a computer system to do so), subjects initiated by the users cannot be trusted to always abide by the security policy.
