187 research outputs found
Performance study of a COTS Distributed DBMS adapted for multilevel security
Multilevel secure database management system (MLS/DBMS) products
no longer enjoy direct commercial-off-the-shelf (COTS) support.
Meanwhile, existing users of these MLS/DBMS products continue to
rely on them to satisfy their multilevel security requirements.
This calls for a new approach to developing MLS/DBMS systems, one
that relies on adapting the features of existing COTS database
products rather than depending on the traditional custom design
products to provide continuing MLS support.
We advocate fragmentation as a good basis for implementing
multilevel security in the new approach because it is well
supported in some current COTS database management systems. We
implemented a prototype that utilises the inherent advantages of
the distribution scheme in distributed databases for controlling
access to single-level fragments; this is achieved by augmenting
the distribution module of the host distributed DBMS with MLS code
such that the clearance of the user making a request is always
compared to the classification of the node containing the
fragments referenced; requests to unauthorised nodes are simply
dropped.
The prototype we implemented was used to instrument a series of
experiments to determine the relative performance of the tuple,
attribute, and element level fragmentation schemes. Our
experiments measured the impact on the front-end and the network
when various properties of each scheme, such as the number of
tuples, attributes, security levels, and the page size, were
varied for a Selection and Join query. We were particularly
interested in the relationship between performance degradation and
changes in the quantity of these properties. The performance of
each scheme was measured in terms of its response time.
The response times for the element level fragmentation scheme
increased as the numbers of tuples, attributes, security levels,
and the page size were increased, more significantly so than when
the number of tuples and attributes were increased. The response
times for the attribute level fragmentation scheme was the
fastest, suggesting that the performance of the attribute level
scheme is superior to the tuple and element level fragmentation
schemes. In the context of assurance, this research has also shown
that the distribution of fragments based on security level is a
more natural approach to implementing security in MLS/DBMS
systems, because a multilevel database is analogous to a
distributed database based on security level.
Overall, our study finds that the attribute level fragmentation
scheme demonstrates better performance than the tuple and element
level schemes. The response times (and hence the performance) of
the element level fragmentation scheme exhibited the worst
performance degradation compared to the tuple and attribute level
schemes
âEnhanced Encryption and Fine-Grained Authorization for Database Systems
The aim of this research is to enhance fine-grained authorization and encryption
so that database systems are equipped with the controls necessary to help
enterprises adhere to zero-trust security more effectively. For fine-grained
authorization, this thesis has extended database systems with three new
concepts: Row permissions, column masks and trusted contexts. Row
permissions and column masks provide data-centric security so the security
policy cannot be bypassed as with database views, for example. They also
coexist in harmony with the rest of the database core tenets so that enterprises
are not forced to compromise neither security nor database functionality. Trusted
contexts provide applications in multitiered environments with a secure and
controlled manner to propagate user identities to the database and therefore
enable such applications to delegate the security policy to the database system
where it is enforced more effectively. Trusted contexts also protect against
application bypass so the application credentials cannot be abused to make
database changes outside the scope of the applicationâs business logic. For
encryption, this thesis has introduced a holistic database encryption solution to
address the limitations of traditional database encryption methods. It too coexists
in harmony with the rest of the database core tenets so that enterprises are not
forced to choose between security and performance as with column encryption,
for example. Lastly, row permissions, column masks, trusted contexts and holistic
database encryption have all been implemented IBM DB2, where they are relied
upon by thousands of organizations from around the world to protect critical data
and adhere to zero-trust security more effectively
Digital archives : comparative study and interoperability framework
EstĂĄgio realizado na ParadigmaXis e orientado pelo Eng.Âș Filipe CorreiaTese de mestrado integrado. Engenharia InformĂĄtca e Computação. Faculdade de Engenharia. Universidade do Porto. 200
Spartan Daily, September 19, 1997
Volume 109, Issue 15https://scholarworks.sjsu.edu/spartandaily/9162/thumbnail.jp
Database Principles and Technologies â Based on Huawei GaussDB
This open access book contains eight chapters that deal with database technologies, including the development history of database, database fundamentals, introduction to SQL syntax, classification of SQL syntax, database security fundamentals, database development environment, database design fundamentals, and the application of Huaweiâs cloud database product GaussDB database. This book can be used as a textbook for database courses in colleges and universities, and is also suitable as a reference book for the HCIA-GaussDB V1.5 certification examination. The Huawei GaussDB (for MySQL) used in the book is a Huawei cloud-based high-performance, highly applicable relational database that fully supports the syntax and functionality of the open source database MySQL. All the experiments in this book can be run on this database platform. As the worldâs leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huaweiâs products range from digital data communication, cyber security, wireless technology, data storage, cloud computing, and smart computing to artificial intelligence
Decentralized information flow control for databases
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (p. 177-194).Privacy and integrity concerns have been mounting in recent years as sensitive data such as medical records, social network records, and corporate and government secrets are increasingly being stored in online systems. The rate of high-profile breaches has illustrated that current techniques are inadequate for protecting sensitive information. Many of these breaches involve databases that handle information for a multitude of individuals, but databases don't provide practical tools to protect those individuals from each other, so that task is relegated to the application. This dissertation describes a system that improves security in a principled way by extending the database system and the application platform to support information flow control. Information flow control has been gaining traction as a practical way to protect information in the contexts of programming languages and operating systems. Recent research advocates the decentralized model for information flow control (DIFC), since it provides the necessary expressiveness to protect data for many individuals with varied security concerns.However, despite the fact that most applications implicated in breaches rely on relational databases, there have been no prior comprehensive attempts to extend DIFC to a database system. This dissertation introduces IFDB, which is a database management system that supports DIFC with minimal overhead. IFDB pioneers the Query by Label model, which provides applications with a simple way to delineate constraints on the confidentiality and integrity of the data they obtain from the database. This dissertation also defines new abstractions for managing information flows in a database and proposes new ways to address covert channels. Finally, the IFDB implementation and case studies with real applications demonstrate that database support for DIFC improves security, is easy for developers to use, and has good performance.by David Andrew Schultz.Ph.D
Training of Crisis Mappers and Map Production from Multi-sensor Data: Vernazza Case Study (Cinque Terre National Park, Italy)
This aim of paper is to presents the development of a multidisciplinary project carried out by the cooperation between Politecnico di Torino and ITHACA (Information Technology for Humanitarian Assistance, Cooperation and Action). The goal of the project was the training in geospatial data acquiring and processing for students attending Architecture and Engineering Courses, in order to start up a team of "volunteer mappers". Indeed, the project is aimed to document the environmental and built heritage subject to disaster; the purpose is to improve the capabilities of the actors involved in the activities connected in geospatial data collection, integration and sharing. The proposed area for testing the training activities is the Cinque Terre National Park, registered in the World Heritage List since 1997. The area was affected by flood on the 25th of October 2011. According to other international experiences, the group is expected to be active after emergencies in order to upgrade maps, using data acquired by typical geomatic methods and techniques such as terrestrial and aerial Lidar, close-range and aerial photogrammetry, topographic and GNSS instruments etc.; or by non conventional systems and instruments such us UAV, mobile mapping etc. The ultimate goal is to implement a WebGIS platform to share all the data collected with local authorities and the Civil Protectio
Database Principles and Technologies â Based on Huawei GaussDB
This open access book contains eight chapters that deal with database technologies, including the development history of database, database fundamentals, introduction to SQL syntax, classification of SQL syntax, database security fundamentals, database development environment, database design fundamentals, and the application of Huaweiâs cloud database product GaussDB database. This book can be used as a textbook for database courses in colleges and universities, and is also suitable as a reference book for the HCIA-GaussDB V1.5 certification examination. The Huawei GaussDB (for MySQL) used in the book is a Huawei cloud-based high-performance, highly applicable relational database that fully supports the syntax and functionality of the open source database MySQL. All the experiments in this book can be run on this database platform. As the worldâs leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huaweiâs products range from digital data communication, cyber security, wireless technology, data storage, cloud computing, and smart computing to artificial intelligence
- âŠ