This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Security 217 Subjects with security class TS will see R as: cid carname Security Class 1 Honda U 1 Porsche C 2 Toyota C 3 Mazda C 3 Ferrari TS 4. Trojan horse tables are an example where discretionary access controls are not sucient. If a malicious user creates a table and has access to the source code of some other user with privileges to other tables, then the malicious user can modify the source code to copy tuples from privileged tables to his or her non-privileged table. 5. Manditory access controls do not distinguish between people in the same clearance level so it is not possible to limit permissions to certain users within the same clearance level. Also, it is not possible to give only insert or select privileges to different users in the same level: all users in the same clearance level have select, insert, delete and update privileges. 6. Yes, especially if the data is transmitted over a network in a distributed environ- ment. In these cases it is important to encrypt the data so people listening on the wire cannot directly access the information. 7. (a) If a user can issue an unlimited number of queries, he or she can repeatedly decompose statistical information by gathering the statistics at each level (for example, at age 20, age 21, etc.). (b) If a malicious subject can query a database and retrieve single rows of statis- tical information, he or she may be able to isolate sensitive information such as maximum and minimum values. (c) Often the information from two queries can be combined to deduce or infer specific values. This is often the case with average and total aggregates. This can be prevented by restricting the tuple overlap between queries. 8. The audit trail is a log of updates with the authorization id of the user who issued the update. Since it is possible to infer information from statistical databases using repeated queries, or queries that target a common set of tuples, the DBA...
View Full Document
This note was uploaded on 01/17/2012 for the course EGN 4302 taught by Professor Dr.vishak during the Fall '12 term at University of Central Florida.
- Fall '12