Database and Applications Security : Integrating Information Security and Data Management (Hardcover)

Foreword -- Preface -- Acknowledgments -- About the Author -- 1 Introduction -- 1.1 Trends -- 1.2 Supporting Technologies for Database and Applications Security -- 1.3 Discretionary Security in Database Systems -- 1.4 Multilevel Secure Data Management -- 1.5 Multilevel Secure Relational Data Models and Systems -- 1.6 Inference Problem -- 1. 7 Secure Distributed Database Systems -- 1.8 Secure Object and Multimedia Data Systems -- 1.9 Data Warehousing, Data Mining, Security, and Privacy -- 1.10 Secure Web Information Management Technologies -- 1.11 Emerging Secure Information Management Technologies -- 1.12 Organization of This Book -- 1.13 Next Steps -- PART 1: SUPPORTING TECHNOLOGIES -- FOR DATABASE AND APPLICATIONS SECURITY -- 2 Data Management Technologies -- 2.1 Overview -- 2.2 Relational and Entity-Relationship Data Models -- 2.2.1 Overview -- 2.2.2 Relational Data Model -- 2.2.3 Entity-Relationship Data Model -- 2.3 Architectural Issues -- 2.4 Database Design -- 2.5 Database Administration -- 2.6 Database Management System Functions -- 2.6.1 Overview -- 2.6.2 Query Processing -- 2.6.3 Transaction Management -- 2.6.4 Storage Management -- 2.6.5 Metadata Management -- 2.6.6 Database Integrity -- 2.6.7 Fault Tolerance -- 2.6.8 Other Functions -- 2.7 Distributed Databases -- 2.8 Heterogeneous Database Integration -- 2.9 Federated Databases -- 2.10 Client/Server Databases -- 2.11 Migrating Legacy Databases and Applications -- 2.12 Data Warehousing -- 2.13 Data Mining -- 2.14 Impact of the Web -- 2.15 Object Technology -- 2.15.1 Overview -- 2.15.2 Object Data Model -- 2.15.3 Other Object Technologies -- 2.16 Other Database Systems -- 2.17 Summary and Directions -- References -- Exercises -- 3 Information Security -- 3.1 Overview -- 3.2 Access Control and Other Security Concepts -- 3.3 Secure Systems -- 3.4 Secure Operating Systems -- 3.5 Secure Database Systems -- 3.6 Secure Networks -- 3.7 Emerging Trends -- 3.8 Impact of the Web -- 3.9 Steps to Building Secure Systems -- 3.10 Summary and Directions -- References -- Exercises -- 4 Information Management Technologies -- 4.1 Overview -- 4.2 Information Retrieval Systems -- 4.2.1 Text Retrieval -- 4.2.2 Image Retrieval -- 4.2.3 Video Retrieval -- 4.2.4 Audio Retrieval -- 4.3 Multimedia Data and Information Management -- 4.4 Digital Libraries -- 4.4.1 Overview -- 4.4.2 Web Database Management -- 4.4.3 Markup Languages -- 4.4.4 Search Engines -- 4.4.5 Question-Answering Systems -- 4.5 Knowledge Management -- 4.6 Collaboration and Data Management -- 4.7 E-Commerce Technologies -- 4.8 Semantic Web Technologies -- 4.9 Wireless and Sensor Information Management -- 4.10 Real-Time Processing and Quality-of-Service Aspects -- 4.11 High-Performance Computing Technologies -- 4.12 Some Other Information Management Technologies -- 4.12.1 Overview -- 4.12.2 Visualization -- 4.12.3 Decision Support -- 4.12.4 Agents -- 4.12.5 Peer-to-Peer Data Management -- 4.13 Summary and Directions -- References -- Exercises -- Conclusion to Part I -- PART II: DISCRETIONARY SECURITY -- FOR DATABASE SYSTEMS -- 5 Security Policies -- 5.1 Overview -- 5.2 Access-Control Policies -- 5.2.1 Overview -- 5.2.2 Authorization Policies -- 5.2.3 Role-Based Access Control -- 5.3 Administration Policies -- 5.4 Identification and Authentication -- 5.5 Auditing a Database System -- 5.6 Views for Security -- 5.7 Summary and Directions -- References -- Exercises -- 6 Policy Enforcement and Related Issues -- 6.1 Overview -- 6.2 SQL Extensions for Security -- 6.3 Query Modification -- 6.4 Discretionary Security and Database Functions -- 6.5 Visualization of Policies -- 6.6 Prototypes and Products -- 6.7 Summary and Directions -- References -- Exercises -- Conclusion to Part ll -- PART Ill: MANDATORY SECURITY -- FOR OAT ABASE SYSTEMS -- 7 Historical Developments -- 7.1 Overview -- 7.2 Early Efforts -- 7.3 Air Force Summer Study -- 7.4 Major Research and Development Efforts -- 7.5 Trusted Database Interpretation -- 7.6 Types of Multilevel Secure Database Systems -- 7.6.1 Overview -- 7.6.2 Relational Database Systems -- 7.6.3 Entity-Relationship Systems -- 7.6.4 Object Database Systems -- 7.6.5 Distributed and Heterogeneous Database Systems -- 7.6.6 Deductive Database Systems -- 7.6.7 Functional Database Systems -- 7.6.8 Parallel Database Systems -- 7.6.9 Real-Time Database Systems -- 7.7 Hard Problems -- 7.8 Emerging Technologies -- 7.9 Summary and Directions -- References -- Exercises -- 8 Design Principles -- 8.1 Overview -- 8.2 Mandatory Access Control -- 8.2.1 Overview -- 8.2.2 Mandatory Access-Control Policies -- 8.3 Security Architectures -- 8.3.1 Overview -- 8.3.2 Integrity Lock -- 8.3.3 Operating System Providing Access Control -- 8.3.4 Kernel Extensions Architecture -- 8.3.5 Trusted Subject Architecture -- 8.3.6 Distributed Architecture -- 8.4 Summary and Directions -- References -- Exercises -- Conclusion to Part m -- PART IV: MULTILEVEL SECURE RELATIONAL -- OAT ABASE SYSTEMS -- 9 Multilevel Relational Data Models -- 9.1 Overview -- 9.2 Granularity of Classification -- 9.3 Polyinstantiation -- 9.4 Toward Developing a Standard Multilevel Relational -- Data Model -- 9.5 Summary and Directions -- References -- Exercises -- 1 0 Security Impact on Database Functions -- 10.1 Overview -- 10.2 Query Processing -- 10.3 Transaction Processing -- 10.4 Storage Management -- 10.5 Metadata Management -- 10.6 Other Functions -- 10.7 Summary and Directions -- References -- Exercises -- 11 Prototypes and Products -- 11.1 Overview -- 11.2 Prototypes -- 11.2.1 Overview -- 11.2.2 Discussion of Prototypes -- 11.2.2.1 Hinke-Schaefer -- 11.2.2.2 Naval Surveillance Model -- 11.2.2.3 Integrity Lock Prototypes -- 11.2.2.4 SeaView -- 11.2.2.5 Lock Data Views -- 11.2.2.6 ASD and ASD-Views -- 11.2.2.7 SINTRA and SDDBMS -- 11.2.2.8 SWORD -- 11.3 Products -- 11.3.1 Overview -- 11.3.2 Discussion of Products -- 11.3.2.1 TRUDATA -- 11.3.2.2 Sybase Secure SQL Server -- 11.3.2.3 Trusted Oracle -- 11.3.2.4 Trusted Informix -- 11.3.2.5 Trusted Rubix -- 11.3.2.6 SERdb -- 11.3.2.7 Secure Teradata Machine -- 11.3.2.8 INGRES -- 11.4 Summary and Directions -- References -- Exercises -- Conclusion to Part IV -- PART V: THE INFERENCE PROBLEM -- 12 A Perspective of the Inference Problem -- 12.1 Overview -- 12.2 Statistical Database Inference -- 12.3 Discussion of Approaches for Handling Inference -- in a MLS/DBMS -- 12.4 Complexity of the Inference Problem -- 12.5 Summary and Directions -- References -- Exercises -- 13 Security-Constraint Processing for Inference Control -- 13.1 Overview -- 13.2 Background -- 13.3 Security Constraints -- 13.3.1 Simple Constraints -- 13.3.2 Content-Based Constraints -- 13.3.3 Association-Based Constraints (also Called Context -- or Together Constraints) -- 13.3.4 Event-Based Constraints -- 13.3.5 General Release-Based Constraints -- 13.3.6 Individual Release-Based Constraints -- 13.3.7 Aggregate Constraints -- 13.3.8 Logical Constraints -- 13.3.9 Constraints with Conditions -- 13.3.10 Other Constraints -- 13.3.11 Level-Based Constraints -- 13.3.12 Fuzzy Constraints -- 13.3.13 Complex Constraints -- 13.4 Approach to Security Constraint Processing -- 13.5 Consistency and Completeness of the Constraints -- 13.5.1 Algorithm A: Consistency and Completeness Checker -- 13.6 Design of the Query Processor -- 13.6.1 Security Policy -- 13.6.2 Functionality of the Query Processor -- 13.6.2.1 Query Modification -- 13.6.2.2 Response Processing -- 13.7 Design of the Update Processor -- 13.7.1 Security Policy -- 13.7.2 Functionality of the Update Processor -- 13.8 Handling Security Constraints During Database Design -- 13.8.1 Overview -- 13.9 Security Control Processing and Release Control -- 13.10 Summary and Directions -- References -- Exercises -- 14 Conceptual Structures for Inference Control -- 14.1 Overview -- 14.2 Semantic Nets and the Inference Problem -- 14.2.1 Overview -- 14.2.2 Multilevel Semantic Nets -- 14.2.3 Reasoning with Multilevel Semantic Nets -- 14.2.3.1 Implicit Information -- 14.2.4 Conditional Statements and Auxiliary Nets -- 14.2.5 Enforcing Security Constraints -- 14.2.6 Universal and Existential Conditionals -- 14.2.7 Semantics -- 14.2.7.1 Multilevel Worlds -- 14.2.7.2 Interpretations -- 14.2.7.3 Ground Vectors -- 14.2.7.4 Ground Conditionals -- 14.2.7.5 Universal Conditionals -- 14.2.7.6 Existential Conditionals -- 14.2.8 Refutations -- 4.3 Summary and Directions -- References -- Exercises -- Conclusion to Part V -- PART VI: SECURE DISTRIBUTED AND -- HETEROGENEOUS DATABASE SYSTEMS -- 15 Discretionary Security for Distributed Database Systems -- 15.1 Overview -- 15.2 Discretionary Security -- 15.2.1 Overview -- 15.2.2 Access-Control Policies -- 15.2.2.1 Distributed Access Control -- 15.2.2.2 Role-Based Access Control -- 15.2.3 Identification and Authentication -- 15.2.4 Auditing a Distributed Database System -- 15.2.5 Security Policy Integration -- 15.2.6 Query Modification -- 15.2.7 View Mechanism -- 15.2.8 SQL for Distributed Database Security -- 15.3 Security Impact on Distributed Database Functions -- 15.4 Security for Emerging Distributed System Technologies -- 15.5 Summary and Directions -- References -- Exercises -- 16 Multilevel Security for Distributed Database Systems -- 16.1 Overview -- 16.2 Background -- 16.3 Architectures -- 16.3.1 Distributed Data and Centralized Control -- 16.3.2 Distributed Data and Distributed Control -- 16.4 Data Modeling -- 16.5 Functions -- 16.6 Inference Problem for a MLS/DDBMS -- 16.7 Summary and Directions -- References -- Exercises -- 17 Secure Heterogeneous and Federated Database Systems -- 17.1 Overview -- 17.2 Background -- 17.3 Architectures -- 17.4 Schema Integration -- 17.5 Policy Integration -- 17.6 Functions -- 17.7 Inference Problem -- 17.8 Secure Client/Server Database Management -- 17.9 Secure Migration of Legacy Databases and Applications -- 17.10 Summary and Directions -- References -- Exercises -- Conclusion to Part VI -- PART VII: SECURE OBJECT AND MULTIMEDIA SYSTEMS -- 18 Discretionary and Multilevel Security for Object -- Database Systems -- 18.1 Overview -- 18.2 Discretionary Security -- 18.2.1 Overview -- 18.2.2 Policy Issues -- 18.2.3 Policy Enforcement -- 18.2.4 Example Systems -- 18.2.4.1 Overview -- 18.2.4.2 ORION -- 18.2.4.3 IRIS -- 18.2.4.4 STARBURST -- 18.2.4.5 GEMSTONE -- 18.3 Multilevel Security -- 18.3.1 Overview -- 18.3.2 Policy Issues -- 18.3.3 System Design Issues -- 18.3.4 Example Systems -- 18.3.4.1 Overview -- 18.3.4.2 SODA System -- 18.3.4.3 SORION Model -- 18.3.4.4 S02 Model -- 18.3.4.5 Millen-Lunt Model -- 18.3.4.6 Jajodia-Kogan Model -- 18.3.4.7 Morgenstern's Model -- 18.3.4.8 UFOS Model. -- 18.4 Summary and Directions -- References -- Exercises -- 19 Aspects of Objects and Security -- 19.1 Overview -- 19.2 Security for Object Request Brokers -- 19.2.1 Overview -- 19.2.2 OMG Security Services -- 19.2.3 Secure Components and Frameworks -- 19.3 Object Modeling for Secure Applications -- 19.3.1 Overview -- 19.3.2 Multilevel OMT -- 19.3.3 UML and Security -- 19.4 Summary and Directions -- References -- Exercises -- 20 Secure Multimedia Data Management Systems -- 20.1 Overview -- 20.2 Security for Multimedia Data Management Systems -- 20.2.1 Overview -- 20.2.2 Security Policy -- 20.2.3 Secure System Architectures for Multimedia -- Database Systems -- 20.2.4 Secure Data Models for Multimedia Database Systems -- 20.2.5 Security Impact on Multimedia Data and Information -- Management Functions -- 20.2.6 Secure Distributed Multimedia Data Management -- 20.2.7 Inference Problem -- 20.3 Secure Geospatial Information Systems -- 20.4 Summary and Directions -- References -- Exercises -- Conclusion to Part Vll -- PART VIII: DATA WAREHOUSING, DATA MINING, -- SECURITY, AND PRIVACY -- 21 Secure Data Warehousing -- 21.1 Overview -- 21.2 Background -- 21.3 Secure Information Technologies for Data Warehousing -- 21.4 Designing a Secure Data Warehouse -- 21.5 Data Quality and Data Warehousing -- 21.6 A Note on Multilevel Security -- 21.7 Secure Data Warehousing, Data Mining, and Decision Support -- 21.8 Summary and Directions -- References -- Exercises -- 22 Data Mining for Security Applications -- 22.1 Overview -- 22.2 Data Mining for National Security -- 22.2.1 Overview -- 22.2.2 Non-Information-Related Terrorism -- 22.2.2.1 Terrorist Attacks and External Threats -- 22.2.2.2 Insider Threats -- 22.2.2.3 Transportation and Border Security Violations -- 22.2.3 Data Mining for National Security Applications -- 22.2.3.1 Non-Real-Time Threats -- 22.2.3.2 Real-Time Threats -- 22.2.3.3 Analyzing the Techniques -- 22.2.3.4 Link Analysis -- 22.3 Data Mining for Cyber-Security -- 22.3.1 Overview -- 22.3.2 Cyber-Terrorism, Insider Threats, and External Attacks -- 22.3.3 Malicious Intrusions -- 22.3.4 Credit Card Fraud and Identity Theft -- 22.3.5 Attacks on Critical Infrastructure -- 22.3.6 Data Mining for Cyber-Security -- 22.4 Summary and Directions -- References -- Exercises -- 23 Privacy -- 23.1 Overview -- 23.2 Privacy Considerations -- 23.3 Data Warehousing, Data Mining, Security, and Privacy -- 23.4 Inference Problem and Privacy -- 23.5 Privacy-Enhanced/Sensitive/Preserving Data Mining -- 23.6 Confidentiality and Privacy -- 23.7 Civil Liberties and National Security -- 23.8 Federated Data Management, Data Sharing, and Privacy -- 23.9 Summary and Directions -- References -- Exercises -- Conclusion to Part VIll -- PART IX: SECURE WEB DATA AND INFORMATION -- MANAGEMENT TECHNOLOGIES -- 24 Secure Web Data Management and Digitallibraries -- 24.1 Overview -- 24.2 Threats to Web Security -- 24.2.1 Overview -- 24.2.2 General Cyber-Threats -- 24.2.3 Threats to Web Databases -- 24.3 Web Security Solutions -- 24.3.1 Overview -- 24.3.2 Solutions for General Threats -- 24.3.2.1 Securing Components and Firewalls -- 24.3.2.2 Cryptography -- 24.3.2.3 Risk Analysis -- 24.3.2.4 Biometrics, Forensics, and Other Solutions -- 24.3.3 Solutions for Threats to Web Databases -- 24.3.3.1 Data Mining -- 24.3.3.2 Constraint Processing -- 24.3.3.3 Role-Based Access Control -- 24.3.3.4 Fault-Tolerant Processing, Recovery, and -- Replication -- 24.4 Secure Digital Libraries -- 24.4.1 Overview -- 24.4.2 Secure Web Database Functions -- 24.4.3 Secure Information Retrieval -- 24.4.4 Secure Search Engines -- 24.4.5 Secure Markup Languages -- 24.4.6 Secure Question-Answering Systems -- 24.5 Summary and Directions -- References -- Exercises -- 25 Security for XML, RDF, and the Semantic Web -- 25.1 Overview -- 25.2 Security for the Semantic Web -- 25.2.1 Overview -- 25.2.2 XML Security -- 25.2.3 RDF Security -- 25.2.4 Secure Information Interoperability -- 25.2.5 Secure Query and Rules Processing for the -- Semantic Web -- 25.2.6 Trust for the Semantic Web -- 25.3 Access Control and Dissemination of XML Documents -- 25.4 Privacy and the Semantic Web -- 25.4.1 Overview -- 25.4.2 Data Mining, National Security, Privacy, and the -- Semantic Web -- 25.4.3 Solutions to the Privacy Problem -- 25.5 Secure Web Services -- 25.6 Secure Agents and Related Technologies -- 25.7 Secure Grid and Secure Semantic Grid -- 25.8 Security Impact on the Database as a Service Model -- 25.9 Summary and Directions -- References -- Exercises ~ -- 26 Secure E-Commerce, Collaboration, and Knowledge -- Management -- 26.1 Overview -- 26.2 Secure E-Commerce -- 26.3 Secure Workflow and Collaboration -- 26.4 Secure Knowledge Management -- 26.5 Secure Peer-to-Peer Data Management -- 26.6 Secure Dynamic Coalitions and Virtual Organizations -- 26.7 Trust and Rights Management -- 26.8 Security Informatics -- 26.9 Summary and Directions -- References -- Exercises -- Conclusion to Part IX -- PART X: EMERGING SECURE DATA MANAGEMENT -- lECHNOLOGIES AND APPLICATIONS -- 27 Secure Dependable -- Data Management -- 27.1 Overview -- 27.2 Dependable Systems -- 27.3 Dependable Infrastructure and Data Management -- 27.3.1 Overview -- 27.3.2 Dependable Infrastructure -- 27.3.3 Dependable Data Managers -- 27.3.4 Security Issues -- 27.4 Data Quality -- 27.4.1 Overview -- 27.4.2 Developments in Data Quality -- 27.4.3 Annotations for Data Quality -- 27.4.4 Semantic Web and Data Quality -- 27.4.5 Data Mining and Data Quality -- 27.4.6 Security and Data Quality -- 27. 5 Critical Infrastructure Protection -- 27.6 Summary and Directions -- References -- Exercises -- 28 Secure Sensor and Wireless Information Management -- 28.1 Overview -- 28.2 Security for Sensor Databases -- 28.2.1 Overview -- 28.2.2 Security Policy -- 28.2.3 Security Architectures -- 28.2.4 Security Impact on Sensor Database Functions -- 28.2.5 Secure Distributed Sensor Data Management -- 28.2.6 Inference Problem -- 28.2.7 Privacy Considerations -- 28.3 Secure Sensor Data Management Issues Unique to Sensor -- Networks -- 28.3.1 Overview -- 28.3.2 Strategic Path Reliability in Information-Gathering -- Sensor Networks -- 28.3.3 Handling Non-overlapping and Incomparable -- Security Levels -- 28.3.4 Security Architectural Impact on Sensor Networks -- 28.3.5 Handling Unique Constraints -- 28.4 Secure Wireless and Mobile Data Management -- 28.5 A Note on Secure Telecommunications Information -- Management. -- 28.6 Security for Moving Databases -- 28.7 Summary and Directions -- References -- Exercises -- 29 Digital Identity, Forensics, and Related Topics -- 29.1 Overview -- 29.2 Digital Identity -- 29.3 Identity Theft Management -- 29.4 Biometrics -- 29.5 Digital Forensics -- 29.6 Steganography and Digital Watermarking -- 29.7 Risk and Economic Analysis -- 29.8 Other Secure Systems and Applications -- 29.9 The Role of Database and Applications Security -- for Homeland Security -- 29.10 Summary and Directions -- References -- Exercises -- Conclusion to Part X -- 30 Summary and Directions -- 30.1 About This Chapter -- 30.2 Summary of This Book -- 30.3 Directions for Database and Applications Security -- 30.4 Where Do We Go from Here? -- Appendices -- A Data Management Systems: Developments -- Trends -- A.1 Overview -- A.2 Developments in Database Systems -- A.3 Status, Vision, and Issues -- A.4 Data Management Systems Framework -- A.5 Building Information Systems from the Framework -- A.6 Relationship between the Texts -- A.7 Summary -- References -- B Suggested Reading: Books in Database Systems and -- Information Security -- Database Systems -- Information and Database Security -- Distributed Database Systems -- Object Databases, Distributed Objects, and Object Modeling -- Multimedia Databases -- Intelligent and Deductive Database Systems -- Data Warehousing and Mining -- Digital Libraries, Web Database Management, and the Semantic Web -- Knowledge Management -- Sensor Networks and Sensor Information Management -- Index.