The last several years have been characterized by global companies building up massive databases containing computer users’ search queries and sites visited; government agencies accruing sensitive data and extrapolating knowledge from uncertain data with little incentive to provide citizens ways of correcting false data; and individuals who can easily combine publicly available data to derive information that – in former times – was not so readily accessible. Security in data warehouses becomes more important as reliable and appropriate security mechanisms are required to achieve the desired level of privacy protection.
TopIntroduction
Landwehr (2001) defines how the etymological roots of the term “secure” are found in “se” which means “without,” or “apart from,” and “cure,” i.e. “to care for,” or “to be concerned about”.
While there are many definitions of the primary requirements of security, the classical requirements are summarized by the acronym CIA. CIA is the acronym for confidentiality, integrity, and availability. All other security requirements such as non-repudiation can be traced back to these three basic properties.
Avizienis (2004) defines confidentiality as the absence of unauthorized disclosure of information, integrity as the absence of improper system alterations and availability as readiness for correct service.
- •
Dependability is a broader concept that encompasses all primary aspects of security save confidentiality, and, in addition.
- •
Reliability, which refers to the continuity of correct service.
- •
Safety, defined as the absence of catastrophic consequences for user(s) and environment.
- •
Maintainability, which is the ability to undergo modifications and repairs.
TopBackground
While security obviously encompasses the requirements of the CIA triad this article will focus on the mechanism of access control (AC) as this addresses both confidentiality and—to some extent—integrity. Database security was addressed in the 1960s by introducing mandatory access control (MAC), driven mainly by military requirements. Today, role-based access control (RBAC) is the commonly used access control model in commercial databases.
There is a difference between trusting a person and trusting a program. For instance, Alice gives Bob a program that Alice trusts. Since Bob trusts Alice he trusts the program. However neither of them is aware that the program contains a Trojan. This security threat leads to the introduction of MAC. In MAC, the system itself imposes an access control policy and object owners cannot change that policy. MAC is often implemented in systems with mulitlevel security (MLS). In MLS information objects are classified in different levels and subjects are cleared for levels.
The need-to-know principle, also known from the military, stipulates that every subject receives only the information required to perform its task. To comply with this principle, it is not sufficient to use sensitivity labels to classify objects. Every object is associated with a set of compartments. Subjects are classified according to their security clearance for each given area/compartment.
Classification labels are of the form (Ss,Sc) where Sr is a sensitivity and Sc a set of compartments. (Os,Oc) dominates (Ss,Sc) if (Ss,Sc)<=(Os,Oc).
This <= relation is true when
- •
Ss<=Os where the <= relationship here is with respect to the classified < sensitive < secret < top secret sensitivity classification, and
- •
Sc<=Oc where the <= relationship is a subset relation of sets.
The Bell LaPadula (BLP) model (1975) forms the fundamental architectural idea behind guarantee of secrecy in MLS. The Biba model by the Mitre Corporation (1997) is used to protect integrity: BLP’s no-read-up and no-write-down properties are inverted to the no-write-up and no-read-down rules. Today, Oracle’s Label Security and DB2’s Label Access Control are contemporary examples of this security model.