Multi-Level Secure Databases: Security and Privacy

Speaker:  RK Shyamasundar – Mumbai, India
Topic(s):  Security and Privacy


Ever since databases became a ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied
much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or restrict the data that can be viewed by a user. Privacy is about the responsible maintenance of private information. This responsibility is hard to defi ne, which is why laws are necessary. With a vast accumulation of personal data in databases, there has been a heightened awareness and concern about the storage and use of private information leading to privacy-related guidelines, regulations and legislations. Generally, privacy in DBs have been addressed through access control techniques including multi-level security (MLS) based on mandatory access control (MAC), and restricted views to the users. As view definitions to comply with regulations became quite complex for accommodating all the restrictions in one view, explicit constructs for specifying privacy policies were introduced for complying with medical regulations like HIPAA (Health Insurance Portability and Accountability Act) from USA, in relational database systems. These enabled fine grained access control (FGAC) capable of enforcing disclosure control enunciated databases. Application of information flow control needed for MLS databases to preserve privacy among multiple users but have their challenges like new abstractions for managing information flow in a relational database system, handling transactions and integrity constraints without introducing covert channels etc. As the DBs need to work alongside information flow-controlled programming languages and operating systems for tracking flows, there is a need to enforce the security policy not only on the DBMS but also on the application platform. Due to the underlying requirement of decentralization, it calls for declassification/endorsement and santization requirements on the DB.

In this talk, we shall first review some of the major privacy enhancing techniques used traditionally for DBs including MLS DBs. Then explore application of decentralized information flow control models for realizing information flow secure DBs in a robust manner discuss how they can be adapted for cloud computing paradigms to maintain privacy.

About this Lecture

Number of Slides:  70
Duration:  60 minutes
Languages Available:  English
Last Updated: 

Request this Lecture

To request this particular lecture, please complete this online form.

Request a Tour

To request a tour with this speaker, please complete this online form.

All requests will be sent to ACM headquarters for review.