we have discussed the basic security measures in both DBMS and SQL commands that provide necessary permissions to the users. However, in practice there are many database systems where information can be determined without having the access rights to do so. This is a breach of data confidentiality. In the subsequent subsection we discuss this problem and the way to resolve it
Types of Disclosures
Data of an organisation is a very sensitive resource. Even the characteristics of data are quite sensitive. For example, existence of a piece of data such as “use of health related drugs” is sensitive information and is a form of disclosure. The various type of disclosure may be:
Security vs. Decisions
Disclosure of data as indicated in the previous section is a major problem as disclosure may result in breach of security in some form or the other, and thus, is not acceptable. Thus, the first step in this direction would be to reject any query that directly asks for sensitive information that is hidden. But, how about a sequence of queries that are raised for the purpose of statistics (management information)? For example, we may be able to determine the average marks obtained in a class of 50 student, but if only 2 students have opted for a subject then the first student who knows his/her marks can find the marks of the other student by issuing the average marks query. Thus, statistical queries should be permitted only when some minimum number of records satisfies a condition. Thus, the overall objectives are to make sure that security is not compromised.
Let us discuss some of the queries that may result in the disclosure of sensitive data.
Consider the relation in the following Table:
Assume that a student can not only view his/her details in the Table, but also the names of his/her colleagues, and that s/
Types of Disclosures
Data of an organisation is a very sensitive resource. Even the characteristics of data are quite sensitive. For example, existence of a piece of data such as “use of health related drugs” is sensitive information and is a form of disclosure. The various type of disclosure may be:
- Exact Data: It may be defined as the determination of the value of an item by using a sequence of complex queries.
- Bounds: It is defined as finding the value of data item between two values. The bounds in such cases may be lowered using binary search. This may lead to a very narrow range.
- Negative Result: Sometimes it may be possible to determine a negative result.This is also a form of disclosure.
- Existence: The existence of data value in itself is a sensitive piece of information, regardless of the actual value. For example, existence of a record regarding defence expenses may be a disclosure.
Security vs. Decisions
Disclosure of data as indicated in the previous section is a major problem as disclosure may result in breach of security in some form or the other, and thus, is not acceptable. Thus, the first step in this direction would be to reject any query that directly asks for sensitive information that is hidden. But, how about a sequence of queries that are raised for the purpose of statistics (management information)? For example, we may be able to determine the average marks obtained in a class of 50 student, but if only 2 students have opted for a subject then the first student who knows his/her marks can find the marks of the other student by issuing the average marks query. Thus, statistical queries should be permitted only when some minimum number of records satisfies a condition. Thus, the overall objectives are to make sure that security is not compromised.
Let us discuss some of the queries that may result in the disclosure of sensitive data.
Consider the relation in the following Table:
Assume that a student can not only view his/her details in the Table, but also the names of his/her colleagues, and that s/
No comments:
Post a Comment