csce824-lecture1

csce824-lecture1 - Summary Summary Secure Database...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Summary Summary Secure Database Management Systems Course Aim Course Aim Advanced understanding of DBMS concepts – From relation to un­ and semi­structured data models – New type of applications – Security needs (including CIA model and authentication, non­repudiation) Farkas CSCE 824 ­ Fall 2011 2 Reference Materials Reference Materials Required text book: – T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN­10: 1441988335 Recommended: – M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 – Castano, Fugini, Martella, Samarati: Database Security, Addison­Wesley, 1995 Farkas CSCE 824 ­ Fall 2011 3 Conference Proceedings and Conference Proceedings and Journals Proceedings of Secure Data Management Workshop, link to the 2011 workshop: http://www.hitech­projects.com/sdm­workshop/sdm11.html Proceedings of IFIP WG 11.3 Data and Application Security and Privacy, link to the 2011 conference: http://www.egr.vcu.edu/dbsec2011/ Proceedings of International Conference of Very Large Databases (VLDB), link to the 2011 conference: http://www.vldb.org/2011/?q=node/2 IEEE Transactions on Knowledge and Data Engineering (TKDE) ACM Transactions on Information and System Security (TISSEC) Farkas CSCE 824 ­ Fall 2011 4 Challenge Challenge Farkas Research project: Student presentation of research papers Tests CSCE 824 ­ Fall 2011 5 Next week… Next week… Farkas Finish Project CSCE 824 ­ Fall 2011 6 Research Interests? Research Interests? Farkas CSCE 824 ­ Fall 2011 7 Database Management System (DBMS) Collection of – interrelated data and – set of programs to access the data Convenient and efficient processing of data Database Application Software Farkas Farkas CSCE 824 ­ Fall 2011 8 Evolution of Database Systems Farkas Farkas Early days: customized applications built on top of file systems Drawbacks of using file systems to store data: – Data redundancy and inconsistency – Difficulty in accessing data – Atomicity of updates – Concurrency control – Security – Data isolation — multiple files and formats – Integrity problems CSCE 824 ­ Fall 2011 9 Abstraction View level: different perspectives – application programs hide irrelevant data Logical level: data models – Logical representation of data – Different approaches: hierarchical, network, object oriented, semi­structured, etc. – Data independence principle Farkas Farkas Physical level: how data are stored CSCE 824 ­ Fall 2011 10 Data Models A collection of tools for describing – – – – Farkas Farkas Data Relationships among data items Semantics of stored data Database constraints CSCE 824 ­ Fall 2011 11 Database Management Systems Smaller and smaller systems – – Past: large and expensive DBMS Present: DBMS in most personal computers More and more data stored – Past: few MB – Present: terabyte (1012 bytes), petabyte (1015 bytes) Farkas Farkas Functionality: from physical to view level Optimization CSCE 824 ­ Fall 2011 12 Data Definition Language (DDL) Defines the database schema and constraints DDL compiler data dictionary Metadata – data about data Farkas Farkas CSCE 824 ­ Fall 2011 13 Data Manipulation Language (DML) Accessing and manipulating the data Query Languages – Procedural – user specifies what data is required and how to get those data – Nonprocedural – user specifies what data is required without specifying how to get those data Farkas Farkas CSCE 824 ­ Fall 2011 14 Data Security Data Security Security Objectives Farkas Farkas Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper modification of information Availability: prevent/detect/deter improper denial of access to services CSCE 824 ­ Fall 2011 16 Security Threats Farkas Farkas Poor design Insufficient quality control Accidents Attacks CSCE 824 ­ Fall 2011 17 Achieving Security Policy – What to protect? Mechanism – How to protect? Assurance – How good is the protection? Farkas Farkas CSCE 824 ­ Fall 2011 18 Database Security Farkas Farkas Security Policy Access control models Integrity protection Privacy problems Fault tolerance and recovery Auditing and intrusion detection CSCE 824 ­ Fall 2011 19 Relational Data Model Relational Data Model Example Works Person­name Salary Smith Company­ name BB&C Dell Bell $97,900 Black BB&C $35,652 Farkas Farkas CSCE 824 ­ Fall 2011 $43,982 21 Relational Data Model Farkas Farkas Set of relation names: R Set of attribute names: A Relation schema: S=(r,{a1, …,an}) – r relation name in R – {a1, …,an} subset of A e.g., (Works,{person­name,company­ name,salary}) CSCE 824 ­ Fall 2011 22 Relational Data Model Tuple over a relation scheme S is a mapping t: {a1, …,an} dom(a1 ∪ … ∪ an) e.g., Farkas Farkas t(person­name)=Smith t(company­name)=BB&C t(salary)= $43,982 CSCE 824 ­ Fall 2011 23 Relational Data Model Relation over schema S is a set of tuples over the scheme e.g., t(person­name)=Smith, t(company­name)=BB&C, t(salary)=$43,982 t’(person­name)=Dell, t’(company­name)=Bell, t’(salary)= $97,900 t”(person­name)=Black, t”(company­name)=BB&C, t”(salary)= $35,652 Farkas Farkas CSCE 824 ­ Fall 2011 24 Relational Data Model Database: set of relations e.g., EMPLOYEE database: – – – – Farkas Farkas Lives(person­name,street,city) Works(person­name,company­name,salary) Located­in(company­name,city) Manages(person­name,manager­name) CSCE 824 ­ Fall 2011 25 Query Languages Relational Algebra – Set operations SQL – Bag operations Farkas Farkas CSCE 824 ­ Fall 2011 26 Relational Algebra Farkas Farkas Select (σ) Project (Π) Set difference (­) Union (∪) Rename (Px(r)) Set intersection (∩) Natural join (⊗) CSCE 824 ­ Fall 2011 27 Structured Query Language SQL Typical SQL query form: SELECT A1, A2, ..., An FROM r1, r2, ..., rm WHERE C – Ais represent attributes to be returned – ris represent relations – C is a condition Farkas Farkas CSCE 824 ­ Fall 2011 28 Constraints Relationship among data elements DBMS should enforce the constraints Types – – – – – Farkas Farkas Keys Foreign­key (referential integrity) Value­based constraints Integrity constraints Database dependencies (e.g., functional dependencies) CSCE 824 ­ Fall 2011 29 Next Class Overview of Information Security Farkas Farkas CSCE 824 ­ Fall 2011 30 ...
View Full Document

Ask a homework question - tutors are online