Description
Taylor & Francis Ltd Database And Applications Security Integrating Information Security And Data Management 2005 Edition by Bhavani Thuraisingham
This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging applications. Foreword -- Preface -- Acknowledgments -- About the Author -- 1 Introduction -- 1.1 Trends -- 1.2 Supporting Technologies for Database and Applications Security -- 1.3 Discretionary Security in Database Systems -- 1.4 Multilevel Secure Data Management -- 1.5 Multilevel Secure Relational Data Models and Systems -- 1.6 Inference Problem -- 1. 7 Secure Distributed Database Systems -- 1.8 Secure Object and Multimedia Data Systems -- 1.9 Data Warehousing, Data Mining, Security, and Privacy -- 1.10 Secure Web Information Management Technologies -- 1.11 Emerging Secure Information Management Technologies -- 1.12 Organization of This Book -- 1.13 Next Steps -- PART 1: SUPPORTING TECHNOLOGIES -- FOR DATABASE AND APPLICATIONS SECURITY -- 2 Data Management Technologies -- 2.1 Overview -- 2.2 Relational and Entity-Relationship Data Models -- 2.2.1 Overview -- 2.2.2 Relational Data Model -- 2.2.3 Entity-Relationship Data Model -- 2.3 Architectural Issues -- 2.4 Database Design -- 2.5 Database Administration -- 2.6 Database Management System Functions -- 2.6.1 Overview -- 2.6.2 Query Processing -- 2.6.3 Transaction Management -- 2.6.4 Storage Management -- 2.6.5 Metadata Management -- 2.6.6 Database Integrity -- 2.6.7 Fault Tolerance -- 2.6.8 Other Functions -- 2.7 Distributed Databases -- 2.8 Heterogeneous Database Integration -- 2.9 Federated Databases -- 2.10 Client/Server Databases -- 2.11 Migrating Legacy Databases and Applications -- 2.12 Data Warehousing -- 2.13 Data Mining -- 2.14 Impact of the Web -- 2.15 Object Technology -- 2.15.1 Overview -- 2.15.2 Object Data Model -- 2.15.3 Other Object Technologies -- 2.16 Other Database Systems -- 2.17 Summary and Directions -- References -- Exercises -- 3 Information Security -- 3.1 Overview -- 3.2 Access Control and Other Security Concepts -- 3.3 Secure Systems -- 3.4 Secure Operating Systems -- 3.5 Secure Database Systems -- 3.6 Secure Networks -- 3.7 Emerging Trends -- 3.8 Impact of the Web -- 3.9 Steps to Building Secure Systems -- 3.10 Summary and Directions -- References -- Exercises -- 4 Information Management Technologies -- 4.1 Overview -- 4.2 Information Retrieval Systems -- 4.2.1 Text Retrieval -- 4.2.2 Image Retrieval -- 4.2.3 Video Retrieval -- 4.2.4 Audio Retrieval -- 4.3 Multimedia Data and Information Management -- 4.4 Digital Libraries -- 4.4.1 Overview -- 4.4.2 Web Database Management -- 4.4.3 Markup Languages -- 4.4.4 Search Engines -- 4.4.5 Question-Answering Systems -- 4.5 Knowledge Management -- 4.6 Collaboration and Data Management -- 4.7 E-Commerce Technologies -- 4.8 Semantic Web Technologies -- 4.9 Wireless and Sensor Information Management -- 4.10 Real-Time Processing and Quality-of-Service Aspects -- 4.11 High-Performance Computing Technologies -- 4.12 Some Other Information Management Technologies -- 4.12.1 Overview -- 4.12.2 Visualization -- 4.12.3 Decision Support -- 4.12.4 Agents -- 4.12.5 Peer-to-Peer Data Management -- 4.13 Summary and Directions -- References -- Exercises -- Conclusion to Part I -- PART II: DISCRETIONARY SECURITY -- FOR DATABASE SYSTEMS -- 5 Security Policies -- 5.1 Overview -- 5.2 Access-Control Policies -- 5.2.1 Overview -- 5.2.2 Authorization Policies -- 5.2.3 Role-Based Access Control -- 5.3 Administration Policies -- 5.4 Identification and Authentication -- 5.5 Auditing a Database System -- 5.6 Views for Security -- 5.7 Summary and Directions -- References -- Exercises -- 6 Policy Enforcement and Related Issues -- 6.1 Overview -- 6.2 SQL Extensions for Security -- 6.3 Query Modification -- 6.4 Discretionary Security and Database Functions -- 6.5 Visualization of Policies -- 6.6 Prototypes and Products -- 6.7 Summary and Directions -- References -- Exercises -- Conclusion to Part ll -- PART Ill: MANDATORY SECURITY -- FOR OAT ABASE SYSTEMS -- 7 Historical Developments -- 7.1 Overview -- 7.2 Early Efforts -- 7.3 Air Force Summer Study -- 7.4 Major Research and Development Efforts -- 7.5 Trusted Database Interpretation -- 7.6 Types of Multilevel Secure Database Systems -- 7.6.1 Overview -- 7.6.2 Relational Database Systems -- 7.6.3 Entity-Relationship Systems -- 7.6.4 Object Database Systems -- 7.6.5 Distributed and Heterogeneous Database Systems -- 7.6.6 Deductive Database Systems -- 7.6.7 Functional Database Systems -- 7.6.8 Parallel Database Systems -- 7.6.9 Real-Time Database Systems -- 7.7 Hard Problems -- 7.8 Emerging Technologies -- 7.9 Summary and Directions -- References -- Exercises -- 8 Design Principles -- 8.1 Overview -- 8.2 Mandatory Access Control -- 8.2.1 Overview -- 8.2.2 Mandatory Access-Control Policies -- 8.3 Security Architectures -- 8.3.1 Overview -- 8.3.2 Integrity Lock -- 8.3.3 Operating System Providing Access Control -- 8.3.4 Kernel Extensions Architecture -- 8.3.5 Trusted Subject Architecture -- 8.3.6 Distributed Architecture -- 8.4 Summary and Directions -- References -- Exercises -- Conclusion to Part m -- PART IV: MULTILEVEL SECURE RELATIONAL -- OAT ABASE SYSTEMS -- 9 Multilevel Relational Data Models -- 9.1 Overview -- 9.2 Granularity of Classification -- 9.3 Polyinstantiation -- 9.4 Toward Developing a Standard Multilevel Relational -- Data Model -- 9.5 Summary and Directions -- References -- Exercises -- 1 0 Security Impact on Database Functions -- 10.1 Overview -- 10.2 Query Processing -- 10.3 Transaction Processing -- 10.4 Storage Management -- 10.5 Metadata Management -- 10.6 Other Functions -- 10.7 Summary and Directions -- References -- Exercises -- 11 Prototypes and Products -- 11.1 Overview -- 11.2 Prototypes -- 11.2.1 Overview -- 11.2.2 Discussion of Prototypes -- 11.2.2.1 Hinke-Schaefer -- 11.2.2.2 Naval Surveillance Model -- 11.2.2.3 Integrity Lock Prototypes -- 11.2.2.4 SeaView -- 11.2.2.5 Lock Data Views -- 11.2.2.6 ASD and ASD-Views -- 11.2.2.7 SINTRA and SDDBMS -- 11.2.2.8 SWORD -- 11.3 Products -- 11.3.1 Overview -- 11.3.2 Discussion of Products -- 11.3.2.1 TRUDATA -- 11.3.2.2 Sybase Secure SQL Server -- 11.3.2.3 Trusted Oracle -- 11.3.2.4 Trusted Informix -- 11.3.2.5 Trusted Rubix -- 11.3.2.6 SERdb -- 11.3.2.7 Secure Teradata Machine -- 11.3.2.8 INGRES -- 11.4 Summary and Directions -- References -- Exercises -- Conclusion to Part IV -- PART V: THE INFERENCE PROBLEM -- 12 A Perspective of the Inference Problem -- 12.1 Overview -- 12.2 Statistical Database Inference -- 12.3 Discussion of Approaches for Handling Inference -- in a MLS/DBMS -- 12.4 Complexity of the Inference Problem -- 12.5 Summary and Directions -- References -- Exercises -- 13 Security-Constraint Processing for Inference Control -- 13.1 Overview -- 13.2 Background -- 13.3 Security Constraints -- 13.3.1 Simple Constraints -- 13.3.2 Content-Based Constraints -- 13.3.3 Association-Based Constraints (also Called Context -- or Together Constraints) -- 13.3.4 Event-Based Constraints -- 13.3.5 General Release-Based Constraints -- 13.3.6 Individual Release-Based Constraints -- 13.3.7 Aggregate Constraints -- 13.3.8 Logical Constraints -- 13.3.9 Constraints with Conditions -- 13.3.10 Other Constraints -- 13.3.11 Level-Based Constraints -- 13.3.12 Fuzzy Constraints -- 13.3.13 Complex Constraints -- 13.4 Approach to Security Constraint Processing -- 13.5 Consistency and Completeness of the Constraints -- 13.5.1 Algorithm A: Consistency and Completeness Checker -- 13.6 Design of the Query Processor -- 13.6.1 Security Policy -- 13.6.2 Functionality of the Query Processor -- 13.6.2.1 Query Modification -- 13.6.2.2 Response Processing -- 13.7 Design of the Update Processor -- 13.7.1 Security Policy -- 13.7.2 Functionality of the Update Processor -- 13.8 Handling Security Constraints During Database Design -- 13.8.1 Overview -- 13.9 Security Control Processing and Release Control -- 13.10 Summary and Directions -- References -- Exercises -- 14 Conceptual Structures for Inference Control -- 14.1 Overview -- 14.2 Semantic Nets and the Inference Problem -- 14.2.1 Overview -- 14.2.2 Multilevel Semantic Nets -- 14.2.3 Reasoning with Multilevel Semantic Nets -- 14.2.3.1 Implicit Information -- 14.2.4 Conditional Statements and Auxiliary Nets -- 14.2.5 Enforcing Security Constraints -- 14.2.6 Universal and Existential Conditionals -- 14.2.7 Semantics -- 14.2.7.1 Multilevel Worlds -- 14.2.7.2 Interpretations -- 14.2.7.3 Ground Vectors -- 14.2.7.4 Ground Conditionals -- 14.2.7.5 Universal Conditionals -- 14.2.7.6 Existential Conditionals -- 14.2.8 Refutations -- 4.3 Summary and Directions -- References -- Exercises -- Conclusion to Part V -- PART VI: SECURE DISTRIBUTED AND -- HETEROGENEOUS DATABASE SYSTEMS -- 15 Discretionary Security for Distributed Database Systems -- 15.1 Overview -- 15.2 Discretionary Security -- 15.2.1 Overview -- 15.2.2 Access-Control Policies -- 15.2.2.1 Distributed Access Control -- 15.2.2.2 Role-Based Access Control -- 15.2.3 Identification and Authentication -- 15.2.4 Auditing a Distributed Database System -- 15.2.5 Security Policy Integration -- 15.2.6 Query Modification -- 15.2.7 View Mechanism -- 15.2.8 SQL for Distributed Database Security -- 15.3 Security Impact on Distributed Database Functions -- 15.4 Security for Emerging Distributed System Technologies -- 15.5 Summary and Directions -- References -- Exercises -- 16 Multilevel Security for Distributed Database Systems -- 16.1 Overview -- 16.2 Background -- 16.3 Architectures -- 16.3.1 Distributed Data and Centralized Control -- 16.3.2 Distributed Data and Distributed Control -- 16.4 Data Modeling -- 16.5 Functions -- 16.6 Inference Problem for a MLS/DDBMS -- 16.7 Summary and Directions -- References -- Exercises -- 17 Secure Heterogeneous and Federated Database Systems -- 17.1 Overview -- 17.2 Background -- 17.3 Architectures -- 17.4 Schema Integration -- 17.5 Policy Integration -- 17.6 Functions -- 17.7 Inference Problem -- 17.8 Secure Client/Server Database Management -- 17.9 Secure Migration of Legacy Databases and Applications -- 17.10 Summary and Directions -- References -- Exercises -- Conclusion to Part VI -- PART VII: SECURE OBJECT AND MULTIMEDIA SYSTEMS -- 18 Discretionary and Multilevel Security for Object -- Database Systems -- 18.1 Overview -- 18.2 Discretionary Security -- 18.2.1 Overview -- 18.2.2 Policy Issues -- 18.2.3 Policy Enforcement -- 18.2.4 Example Systems -- 18.2.4.1 Overview -- 18.2.4.2 ORION -- 18.2.4.3 IRIS -- 18.2.4.4 STARBURST -- 18.2.4.5 GEMSTONE -- 18.3 Multilevel Security -- 18.3.1 Overview -- 18.3.2 Policy Issues -- 18.3.3 System Design Issues -- 18.3.4 Example Systems -- 18.3.4.1 Overview -- 18.3.4.2 SODA System -- 18.3.4.3 SORION Model -- 18.3.4.4 S02 Model -- 18.3.4.5 Millen-Lunt Model -- 18.3.4.6 Jajodia-Kogan Model -- 18.3.4.7 Morgenstern's Model -- 18.3.4.8 UFOS Model. -- 18.4 Summary and Directions -- References -- Exercises -- 19 Aspects of Objects and Security -- 19.1 Overview -- 19.2 Security for Object Request Brokers -- 19.2.1 Overview -- 19.2.2 OMG Security Services -- 19.2.3 Secure Components and Frameworks -- 19.3 Object Modeling for Secure Applications -- 19.3.1 Overview -- 19.3.2 Multilevel OMT -- 19.3.3 UML and Security -- 19.4 Summary and Directions -- References -- Exercises -- 20 Secure Multimedia Data Management Systems -- 20.1 Overview -- 20.2 Security for Multimedia Data Management Systems -- 20.2.1 Overview -- 20.2.2 Security Policy -- 20.2.3 Secure System Architectures for Multimedia -- Database Systems -- 20.2.4 Secure Data Models for Multimedia Database Systems -- 20.2.5 Security Impact on Multimedia Data and Information -- Management Functions -- 20.2.6 Secure Distributed Multimedia Data Management -- 20.2.7 Inference Problem -- 20.3 Secure Geospatial Information Systems -- 20.4 Summary and Directions -- References -- Exercises -- Conclusion to Part Vll -- PART VIII: DATA WAREHOUSING, DATA MINING, -- SECURITY, AND PRIVACY -- 21 Secure Data Warehousing -- 21.1 Overview -- 21.2 Background -- 21.3 Secure Information Technologies for Data Warehousing -- 21.4 Designing a Secure Data Warehouse -- 21.5 Data Quality and Data Warehousing -- 21.6 A Note on Multilevel Security -- 21.7 Secure Data Warehousing, Data Mining, and Decision Support -- 21.8 Summary and Directions -- References -- Exercises -- 22 Data Mining for Security Applications -- 22.1 Overview -- 22.2 Data Mining for National Security -- 22.2.1 Overview -- 22.2.2 Non-Information-Related Terrorism -- 22.2.2.1 Terrorist Attacks and External Threats -- 22.2.2.2 Insider Threats -- 22.2.2.3 Transportation and Border Security Violations -- 22.2.3 Data Mining for National Security Applications -- 22.2.3.1 Non-Real-Time Threats -- 22.2.3.2 Real-Time Threats -- 22.2.3.3 Analyzing the Techniques -- 22.2.3.4 Link Analysis -- 22.3 Data Mining for Cyber-Security -- 22.3.1 Overview -- 22.3.2 Cyber-Terrorism, Insider Threats, and External Attacks -- 22.3.3 Malicious Intrusions -- 22.3.4 Credit Card Fraud and Identity Theft -- 22.3.5 Attacks on Critical Infrastructure -- 22.3.6 Data Mining for Cyber-Security -- 22.4 Summary and Directions -- References -- Exercises -- 23 Privacy -- 23.1 Overview -- 23.2 Privacy Considerations -- 23.3 Data Warehousing, Data Mining, Security, and Privacy -- 23.4 Inference Problem and Privacy -- 23.5 Privacy-Enhanced/Sensitive/Preserving Data Mining -- 23.6 Confidentiality and Privacy -- 23.7 Civil Liberties and National Security -- 23.8 Federated Data Management, Data Sharing, and Privacy -- 23.9 Summary and Directions -- References -- Exercises -- Conclusion to Part VIll -- PART IX: SECURE WEB DATA AND INFORMATION -- MANAGEMENT TECHNOLOGIES -- 24 Secure Web Data Management and Digitallibraries -- 24.1 Overview -- 24.2 Threats to Web Security -- 24.2.1 Overview -- 24.2.2 General Cyber-Threats -- 24.2.3 Threats to Web Databases -- 24.3 Web Security Solutions -- 24.3.1 Overview -- 24.3.2 Solutions for General Threats -- 24.3.2.1 Securing Components and Firewalls -- 24.3.2.2 Cryptography -- 24.3.2.3 Risk Analysis -- 24.3.2.4 Biometrics, Forensics, and Other Solutions -- 24.3.3 Solutions for Threats to Web Databases -- 24.3.3.1 Data Mining -- 24.3.3.2 Constraint Processing -- 24.3.3.3 Role-Based Access Control -- 24.3.3.4 Fault-Tolerant Processing, Recovery, and -- Replication -- 24.4 Secure Digital Libraries -- 24.4.1 Overview -- 24.4.2 Secure Web Database Functions -- 24.4.3 Secure Information Retrieval -- 24.4.4 Secure Search Engines -- 24.4.5 Secure Markup Languages -- 24.4.6 Secure Question-Answering Systems -- 24.5 Summary and Directions -- References -- Exercises -- 25 Security for XML, RDF, and the Semantic Web -- 25.1 Overview -- 25.2 Security for the Semantic Web -- 25.2.1 Overview -- 25.2.2 XML Security -- 25.2.3 RDF Security -- 25.2.4 Secure Information Interoperability -- 25.2.5 Secure Query and Rules Processing for the -- Semantic Web -- 25.2.6 Trust for the Semantic Web -- 25.3 Access Control and Dissemination of XML Documents -- 25.4 Privacy and the Semantic Web -- 25.4.1 Overview -- 25.4.2 Data Mining, National Security, Privacy, and the -- Semantic Web -- 25.4.3 Solutions to the Privacy Problem -- 25.5 Secure Web Services -- 25.6 Secure Agents and Related Technologies -- 25.7 Secure Grid and Secure Semantic Grid -- 25.8 Security Impact on the Database as a Service Model -- 25.9 Summary and Directions -- References -- Exercises ~ -- 26 Secure E-Commerce, Collaboration, and Knowledge -- Management -- 26.1 Overview -- 26.2 Secure E-Commerce -- 26.3 Secure Workflow and Collaboration -- 26.4 Secure Knowledge Management -- 26.5 Secure Peer-to-Peer Data Management -- 26.6 Secure Dynamic Coalitions and Virtual Organizations -- 26.7 Trust and Rights Management -- 26.8 Security Informatics -- 26.9 Summary and Directions -- References -- Exercises -- Conclusion to Part IX -- PART X: EMERGING SECURE DATA MANAGEMENT -- lECHNOLOGIES AND APPLICATIONS -- 27 Secure Dependable -- Data Management -- 27.1 Overview -- 27.2 Dependable Systems -- 27.3 Dependable Infrastructure and Data Management -- 27.3.1 Overview -- 27.3.2 Dependable Infrastructure -- 27.3.3 Dependable Data Managers -- 27.3.4 Security Issues -- 27.4 Data Quality -- 27.4.1 Overview -- 27.4.2 Developments in Data Quality -- 27.4.3 Annotations for Data Quality -- 27.4.4 Semantic Web and Data Quality -- 27.4.5 Data Mining and Data Quality -- 27.4.6 Security and Data Quality -- 27. 5 Critical Infrastructure Protection -- 27.6 Summary and Directions -- References -- Exercises -- 28 Secure Sensor and Wireless Information Management -- 28.1 Overview -- 28.2 Security for Sensor Databases -- 28.2.1 Overview -- 28.2.2 Security Policy -- 28.2.3 Security Architectures -- 28.2.4 Security Impact on Sensor Database Functions -- 28.2.5 Secure Distributed Sensor Data Management -- 28.2.6 Inference Problem -- 28.2.7 Privacy Considerations -- 28.3 Secure Sensor Data Management Issues Unique to Sensor -- Networks -- 28.3.1 Overview -- 28.3.2 Strategic Path Reliability in Information-Gathering -- Sensor Networks -- 28.3.3 Handling Non-overlapping and Incomparable -- Security Levels -- 28.3.4 Security Architectural Impact on Sensor Networks -- 28.3.5 Handling Unique Constraints -- 28.4 Secure Wireless and Mobile Data Management -- 28.5 A Note on Secure Telecommunications Information -- Management. -- 28.6 Security for Moving Databases -- 28.7 Summary and Directions -- References -- Exercises -- 29 Digital Identity, Forensics, and Related Topics -- 29.1 Overview -- 29.2 Digital Identity -- 29.3 Identity Theft Management -- 29.4 Biometrics -- 29.5 Digital Forensics -- 29.6 Steganography and Digital Watermarking -- 29.7 Risk and Economic Analysis -- 29.8 Other Secure Systems and Applications -- 29.9 The Role of Database and Applications Security -- for Homeland Security -- 29.10 Summary and Directions -- References -- Exercises -- Conclusion to Part X -- 30 Summary and Directions -- 30.1 About This Chapter -- 30.2 Summary of This Book -- 30.3 Directions for Database and Applications Security -- 30.4 Where Do We Go from Here? -- Appendices -- A Data Management Systems: Developments -- Trends -- A.1 Overview -- A.2 Developments in Database Systems -- A.3 Status, Vision, and Issues -- A.4 Data Management Systems Framework -- A.5 Building Information Systems from the Framework -- A.6 Relationship between the Texts -- A.7 Summary -- References -- B Suggested Reading: Books in Database Systems and -- Information Security -- Database Systems -- Information and Database Security -- Distributed Database Systems -- Object Databases, Distributed Objects, and Object Modeling -- Multimedia Databases -- Intelligent and Deductive Database Systems -- Data Warehousing and Mining -- Digital Libraries, Web Database Management, and the Semantic Web -- Knowledge Management -- Sensor Networks and Sensor Information Management -- Index.show more