Penyerangan yang sering terjadi dalam Database
• Informasi
sensitif yang tersimpan di dalam database dapat terbuka (disclosed) bagi
orang‐orang yang tidak diizinkan (unauthorized ).
• Informasi
sensitif yang tersimpan di dalam database dapat altered in an
unacceptable manner
• Informasi
sensitif yang tersimpan di dalam database dapat inaccessible bagi
orang‐orang yang diizinkan.
• the underlying
operating system may be attacked ‐‐ most difficult problem
Database Inference Problem
• Malicious attacker
may infer sensitive information (that is hidden) from information on a
database that is deemed not sensitive (made public)
• More difficult
problem: attacker may infer information combining what’s on the database with
what is already known
Database Aggregation Problem
• Bagian‐bagian
informasi tidak sensitive, dan menjadi sensitive ketika digabungkan secara
bersamaan.
• Controls for
the aggregation problem
o Honeywell LOCK Data Views (LDV) database system ;
pieces of data labeled as nonsensitive, aggregates labeled as sensitive
o SRI SeaView database system ; pieces of data labeled
as sensitive, aggregates may then be labeled as non sensitive
Polyinstantiation, a Control
Against Disclosure
• This approach
involves different views of a database object existing for users with different
security attributes
• Addresses the aggregation
problem by providing different security labels to different aggregates
separately
• Addresses the inference
problem by providing a means for hiding information that may be used to
make inferences
Database Applications on Secure
Bases
• Most database applications rely on underlying services
of an operating system
• Exporting these services from a TCB would enhance the security of the database
o database keys implemented using security labels from
underlying TCB
o TCB keeps audit records of operations on database
o OS file system protection extended to database
0 komentar:
Posting Komentar