DB Security

Involves physical, OS, and DBMS levels

*Has legal, ethical, and policy requriments
-Just because you had access to data doesn't mean you should interact with it

Threats to DBs
*Loss of integrity: Information needs to be protected from improper
modificationunauthorized changes
*Loss of availablity to legitimate, authorized users - Login notifications of who
is in and when
*Loss of confidentiality: protect from uthorized, unanticipated, or unintentional
disclosure

Access Control
User accounts and passwords to control login process by DBMS

Inference Control
*Statistical databases are used to produce statistics on various populations. You
don't use individual info but aggregates, but you have the individual data
on individuals which is confidential. Access controls allow you to collect details
but stastical users are now allowed to retrieve individual data. No attribute
values, only aggregates.
*Big example is in genome sequencing and genetic information collecting. Could be a
genetic trait that only 10 people have that you can use to find people.
Set a threshold requriment to hide data that can identify X number of people,
doesn't matter if people can figure out threshold numbers, all that's important
is hiding the data.
*Can introduce noise into the results - when someone runs query below threshold,
add noise to make it reach the threshold. Let the requesting user be aware of
noise.
*Partition databse - records stored in groups of minimum size. Allow queries only
on complete groups or sets of groups; never on subsets within a group

Flow Control
*Prevents data from flowing in such a way that it reaches unauthorized users
-Watch for packet sniffing - people can capture data
*Covert channels are pathways for information to flow implicitly in ways that
violate the security policy of an organization
-Storage channels do not required any temporal synchronization: conveyed by
accessing system or what is otherwise inaccessible to the user
-Timing channels allow the information to be conveyed by the timing of events or
processes
Avoid convert channels by not allowing programmers to have access to sensitive data
that a program is supossed to process after program
has been put into operation - don't allow you to change production server.
Development system, staging system, deploying system, and production system.