Cyber security Unit 3 Cryptography and Network security
eticket4403
15 views
207 slides
Mar 05, 2025
Slide 1 of 207
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
About This Presentation
Cyber security Unit 3
Slide Content
Cryptography And Network
Security
Security
UNIT-III
DEFENCES: SECURITY COUNTERMEASURES
Cryptography in Network Security – Firewalls-Intrusion
Detection and Prevention Systems-Network Management-
Databases-Security Requirements of Databases- Reliability and
Integrity- Database Disclosure.
DEFENCES: SECURITY COUNTERMEASURES
Cryptography in Network Security – Firewalls-Intrusion
Detection and Prevention Systems-Network Management-
Databases-Security Requirements of Databases- Reliability and
Integrity- Database Disclosure.
CRYPTOGRAPHY IN NETWORK
SECURITY
Cryptography is the study of secure communications
techniques that allow only the sender and intended
recipient of a message to view its contents. The term is
derived from the Greek word kryptos, which means
hidden.
SECURITY
Cryptography is the study of secure communications
techniques that allow only the sender and intended
recipient of a message to view its contents. The term is
derived from the Greek word kryptos, which means
hidden.
CRYPTOGRAPHY
Cryptography refers to the science and art of
transforming messages to make them secure and
immune to attacks. It is a method of storing and
transmitting data in a particular form so that
only those for whom it is intended can read and
process it.
Cryptography refers to the science and art of
transforming messages to make them secure and
immune to attacks. It is a method of storing and
transmitting data in a particular form so that
only those for whom it is intended can read and
process it.
Cryptography not only protects data from theft or
alteration but can also be used for user
authentication.
Thus preventing unauthorized access to
information. The prefix “crypt” means “hidden”
and suffix graphy means “writing”.
alteration but can also be used for user
authentication.
Thus preventing unauthorized access to
information. The prefix “crypt” means “hidden”
and suffix graphy means “writing”.
In Cryptography the techniques which are use to
protect information are obtained from
mathematical concepts and a set of rule based
calculations known as algorithms to convert
messages in ways that make it hard to decode it.
protect information are obtained from
mathematical concepts and a set of rule based
calculations known as algorithms to convert
messages in ways that make it hard to decode it.
These algorithms are used for cryptographic key
generation, digital signing, verification to protect
data privacy, web browsing on internet and to
protect confidential transactions such as credit
card and debit card transactions.
generation, digital signing, verification to protect
data privacy, web browsing on internet and to
protect confidential transactions such as credit
card and debit card transactions.
Encryption or cryptography—the name means
secret writing—is probably the strongest defense
in the arsenal of computer security protection
secret writing—is probably the strongest defense
in the arsenal of computer security protection
ENCRYPTION
Encryption is the process of encoding a message so that
its meaning is not obvious; decryption is the reverse
process, transforming an encrypted message back into
its normal, original form.
Alternatively, the terms encode and decode or encipher
and decipher are used instead of encrypt and decrypt.
That is, we say we encode, encrypt, or encipher the
original message to hide its meaning. Then, we decode,
decrypt, or decipher it to reveal the original message
Encryption is the process of encoding a message so that
its meaning is not obvious; decryption is the reverse
process, transforming an encrypted message back into
its normal, original form.
Alternatively, the terms encode and decode or encipher
and decipher are used instead of encrypt and decrypt.
That is, we say we encode, encrypt, or encipher the
original message to hide its meaning. Then, we decode,
decrypt, or decipher it to reveal the original message
A system for encryption and decryption is called
a cryptosystem. The original form of a message is
known as plaintext, and the encrypted form is
called ciphertext .
a cryptosystem. The original form of a message is
known as plaintext, and the encrypted form is
called ciphertext .
CIPHERTEXT: ENCRYPTED MATERIAL;
PLAINTEXT: MATERIAL IN INTELLIGIBLE
FORM
PLAINTEXT: MATERIAL IN INTELLIGIBLE
FORM
For example, we write C = E(P) and P = D(C),
where C represents the ciphertext, E is the
encryption rule, P is the plaintext, and D is the
decryption rule.
What we seek is a cryptosystem for which
P = D(E(P)).
where C represents the ciphertext, E is the
encryption rule, P is the plaintext, and D is the
decryption rule.
What we seek is a cryptosystem for which
P = D(E(P)).
In other words, we want to be able to convert the
plaintext message to ciphertext to protect it from an
intruder, but we also want to be able to get the
original message back so that the receiver can read it
properly.
Encryption Keys A cryptosystem involves a set of
rules for how to encrypt the plaintext and decrypt the
ciphertext.
plaintext message to ciphertext to protect it from an
intruder, but we also want to be able to get the
original message back so that the receiver can read it
properly.
Encryption Keys A cryptosystem involves a set of
rules for how to encrypt the plaintext and decrypt the
ciphertext.
The encryption and decryption rules, called
algorithms, often use a device called a key, denoted
by K, so that the resulting ciphertext depends on the
original plaintext message, the algorithm, and the
key value. We write this dependence as C = E(K, P).
Essentially, E is a set of encryption algorithms, and
the key K selects one specific algorithm from the set.
algorithms, often use a device called a key, denoted
by K, so that the resulting ciphertext depends on the
original plaintext message, the algorithm, and the
key value. We write this dependence as C = E(K, P).
Essentially, E is a set of encryption algorithms, and
the key K selects one specific algorithm from the set.
TYPES OF CRYPTOGRAPHY:
There are three types Of cryptography:
Symmetric Key Cryptography:
It is an encryption system where the
sender and receiver of message use a single
common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler
but the problem is that sender and receiver have
to somehow exchange key in a secure manner.
The most popular symmetric key cryptography
system is Data Encryption System(DES ).
There are three types Of cryptography:
Symmetric Key Cryptography:
It is an encryption system where the
sender and receiver of message use a single
common key to encrypt and decrypt messages.
Symmetric Key Systems are faster and simpler
but the problem is that sender and receiver have
to somehow exchange key in a secure manner.
The most popular symmetric key cryptography
system is Data Encryption System(DES ).
Hash Functions:
There is no usage of any key in this algorithm.
A hash value with fixed length is calculated as per
the plain text which makes it impossible for contents
of plain text to be recovered. Many operating
systems use hash functions to encrypt passwords.
There is no usage of any key in this algorithm.
A hash value with fixed length is calculated as per
the plain text which makes it impossible for contents
of plain text to be recovered. Many operating
systems use hash functions to encrypt passwords.
Asymmetric Key Cryptography:
Under this system a pair of keys is used to
encrypt and decrypt information. A public key is used
for encryption and a private key is used for decryption.
Public key and Private Key are different. Even if the
public key is known by everyone the intended receiver
can only decode it because he alone knows the private
key.
Under this system a pair of keys is used to
encrypt and decrypt information. A public key is used
for encryption and a private key is used for decryption.
Public key and Private Key are different. Even if the
public key is known by everyone the intended receiver
can only decode it because he alone knows the private
key.
STREAM AND BLOCK CIPHERS
A stream cipher is an encryption algorithm
that uses a symmetric key to encrypt and
decrypt a given amount of data.
Block ciphers and stream ciphers are two
separate methods of encrypting data with
symmetric encryption algorithms:
A stream cipher is an encryption algorithm
that uses a symmetric key to encrypt and
decrypt a given amount of data.
Block ciphers and stream ciphers are two
separate methods of encrypting data with
symmetric encryption algorithms:
Encrypting information in chunks . A block
cipher breaks down plaintext messages into
fixed-size blocks before converting them into
ciphertext using a key.
Encrypting information bit-by-bit. A stream
cipher, on the other hand, breaks a plaintext
message down into single bits, which then are
converted individually into ciphertext using key
bits.
cipher breaks down plaintext messages into
fixed-size blocks before converting them into
ciphertext using a key.
Encrypting information bit-by-bit. A stream
cipher, on the other hand, breaks a plaintext
message down into single bits, which then are
converted individually into ciphertext using key
bits.
Block ciphers are the algorithms that form the
backbone of many of the cryptographic
technologies and processes that are in use today
in computer communications. Basically, you can
find block ciphers just about anywhere in cyber
security.
backbone of many of the cryptographic
technologies and processes that are in use today
in computer communications. Basically, you can
find block ciphers just about anywhere in cyber
security.
FEATURES OF CRYPTOGRAPHY
ARE AS FOLLOWS
Confidentiality:
Information can only be accessed by the person for
whom it is intended and no other person except
him can access it.
Integrity:
Information cannot be modified in storage or
transition between sender and intended receiver
without any addition to information being
detected.
ARE AS FOLLOWS
Confidentiality:
Information can only be accessed by the person for
whom it is intended and no other person except
him can access it.
Integrity:
Information cannot be modified in storage or
transition between sender and intended receiver
without any addition to information being
detected.
Non-repudiation:
The creator/sender of information cannot deny
his intention to send information at later stage.
Authentication:
The identities of sender and receiver are
confirmed. As well as destination/origin of
information is confirmed.
The creator/sender of information cannot deny
his intention to send information at later stage.
Authentication:
The identities of sender and receiver are
confirmed. As well as destination/origin of
information is confirmed.
CRYPTOGRAPHY IN NETWORK
SECURITY
There are two broad classes of encryption:
symmetric (secret key) and asymmetric (public
key) systems.
In network applications, encryption can be
applied either between two hosts (called link
encryption) or between two applications (called
end-to-end encryption).
SECURITY
There are two broad classes of encryption:
symmetric (secret key) and asymmetric (public
key) systems.
In network applications, encryption can be
applied either between two hosts (called link
encryption) or between two applications (called
end-to-end encryption).
Link Encryption
In link encryption, data are encrypted just before
the system places them on the physical
communications link. In this case, encryption
occurs at layer 1 or 2 in the OSI model. (A similar
situation occurs with TCP/IP protocols, which
have a similar but shorter layered model.)
the system places them on the physical
communications link. In this case, encryption
occurs at layer 1 or 2 in the OSI model. (A similar
situation occurs with TCP/IP protocols, which
have a similar but shorter layered model.)
Similarly, decryption occurs just as the communication
arrives at and enters the receiving computer. As you
can see, the data travel in plaintext through the top
layers of the model until they are encrypted just prior
to transmission, at level 1. Addressing occurs at level 3.
Therefore, in the intermediate node, the encryption
must be removed in order to determine where next to
forward the data, and so the content is exposed.
arrives at and enters the receiving computer. As you
can see, the data travel in plaintext through the top
layers of the model until they are encrypted just prior
to transmission, at level 1. Addressing occurs at level 3.
Therefore, in the intermediate node, the encryption
must be removed in order to determine where next to
forward the data, and so the content is exposed.
END-TO-END ENCRYPTION
As its name implies, end-to-end encryption
provides security from one end of a transmission
to the other. The encryption can be applied
between the user and the host by a hardware
device
As its name implies, end-to-end encryption
provides security from one end of a transmission
to the other. The encryption can be applied
between the user and the host by a hardware
device
FIREWALLS
A firewall is a network security device, either
hardware or software-based, which monitors all
incoming and outgoing traffic and based on a
defined set of security rules it accepts, rejects or
drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an
“unreachable error”
Drop : block the traffic with no reply
.
A firewall is a network security device, either
hardware or software-based, which monitors all
incoming and outgoing traffic and based on a
defined set of security rules it accepts, rejects or
drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an
“unreachable error”
Drop : block the traffic with no reply
.
INTRODUCTION
Firewalls control the flow of network traffic
Firewalls have applicability in networks where
there is no internet connectivity
Firewalls operate on number of layers
Can also act as VPN gateways
Active content filtering technologies
Firewalls control the flow of network traffic
Firewalls have applicability in networks where
there is no internet connectivity
Firewalls operate on number of layers
Can also act as VPN gateways
Active content filtering technologies
A firewall establishes a barrier between secured
internal networks and outside untrusted
network, such as the Internet
internal networks and outside untrusted
network, such as the Internet
Before Firewalls, network security was
performed by Access Control Lists (ACLs)
residing on routers. ACLs are rules that
determine whether network access should be
granted or denied to specific IP address.
But ACLs cannot determine the nature of the
packet it is blocking. Also, ACL alone does not
have the capacity to keep threats out of the
network. Hence, the Firewall was introduced.
performed by Access Control Lists (ACLs)
residing on routers. ACLs are rules that
determine whether network access should be
granted or denied to specific IP address.
But ACLs cannot determine the nature of the
packet it is blocking. Also, ACL alone does not
have the capacity to keep threats out of the
network. Hence, the Firewall was introduced.
Accessing the Internet provides benefits to the
organization; it also enables the outside world to
interact with the internal network of the
organization. This creates a threat to the
organization. In order to secure the internal
network from unauthorized traffic, we need a
Firewall.
organization; it also enables the outside world to
interact with the internal network of the
organization. This creates a threat to the
organization. In order to secure the internal
network from unauthorized traffic, we need a
Firewall.
From the perspective of a server, network traffic
can be either outgoing or incoming. Firewall
maintains a distinct set of rules for both the cases.
Mostly the outgoing traffic, originated from the
server itself, allowed to pass. Still, setting a rule on
outgoing traffic is always better in order to achieve
more security and prevent unwanted
communication.
can be either outgoing or incoming. Firewall
maintains a distinct set of rules for both the cases.
Mostly the outgoing traffic, originated from the
server itself, allowed to pass. Still, setting a rule on
outgoing traffic is always better in order to achieve
more security and prevent unwanted
communication.
Incoming traffic is treated differently. Most traffic
which reaches on the firewall is one of these three
major Transport Layer protocols- TCP, UDP or
ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port
numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.
which reaches on the firewall is one of these three
major Transport Layer protocols- TCP, UDP or
ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port
numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.
If default policy on the firewall is set to accept,
then any computer outside of your office can
establish an SSH connection to the server.
Therefore, setting default policy as drop (or
reject) is always a good practice.
then any computer outside of your office can
establish an SSH connection to the server.
Therefore, setting default policy as drop (or
reject) is always a good practice.
EXAMPLE
FIREWALLCONFIGURATION
FIREWALLCONFIGURATION
inbound traffic toport 25 (mail transfer) or port
69 (so-called trivial file transfer) is allowed to or
from anyhost on the 192.168.1 subnetwork.
By rule 3 any inside host is allowed outbound
trafficanywhere on port 80 (web page fetches).
Furthermore, by rule 4 outside traffic to the
internal host at destination address
192.168.1.18(presumablyawebserver)is allowed.
All other traffic to the 192.168.1
networkisdenied.
69 (so-called trivial file transfer) is allowed to or
from anyhost on the 192.168.1 subnetwork.
By rule 3 any inside host is allowed outbound
trafficanywhere on port 80 (web page fetches).
Furthermore, by rule 4 outside traffic to the
internal host at destination address
192.168.1.18(presumablyawebserver)is allowed.
All other traffic to the 192.168.1
networkisdenied.
A firewall is a reference monitor,
positioned to monitor all traffic, not
accessible to outside attacks, and
implementing only accesscontrol.
positioned to monitor all traffic, not
accessible to outside attacks, and
implementing only accesscontrol.
Henr
ic
John
son
4
4
FIREWALL DESIGN PRINCIPLESFIREWALL DESIGN PRINCIPLES
The firewall is inserted between the premises
network and the Internet
Aims:
Establish a controlled link
Protect the premises network from Internet-
based attacks
Provide a single choke point
ic
John
son
4
4
FIREWALL DESIGN PRINCIPLESFIREWALL DESIGN PRINCIPLES
The firewall is inserted between the premises
network and the Internet
Aims:
Establish a controlled link
Protect the premises network from Internet-
based attacks
Provide a single choke point
Henr
ic
John
son
4
5
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Design goals:
All traffic from inside to outside must pass
through the firewall (physically blocking all
access to the local network except via the
firewall)
Only authorized traffic (defined by the local
security police) will be allowed to pass
ic
John
son
4
5
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Design goals:
All traffic from inside to outside must pass
through the firewall (physically blocking all
access to the local network except via the
firewall)
Only authorized traffic (defined by the local
security police) will be allowed to pass
Henr
ic
John
son
4
6
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Design goals:
The firewall itself is immune to penetration
(use of trusted system with a secure operating
system)
ic
John
son
4
6
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Design goals:
The firewall itself is immune to penetration
(use of trusted system with a secure operating
system)
Henr
ic
John
son
4
7
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Four general techniques:
Service control
Determines the types of Internet services that
can be accessed, inbound or outbound
Direction control
Determines the direction in which particular
service requests are allowed to flow
ic
John
son
4
7
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
Four general techniques:
Service control
Determines the types of Internet services that
can be accessed, inbound or outbound
Direction control
Determines the direction in which particular
service requests are allowed to flow
Henr
ic
John
son
4
8
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
User control
Controls access to a service according to
which user is attempting to access it
Behavior control
Controls how particular services are used (e.g.
filter e-mail)
ic
John
son
4
8
FIREWALL CHARACTERISTICSFIREWALL CHARACTERISTICS
User control
Controls access to a service according to
which user is attempting to access it
Behavior control
Controls how particular services are used (e.g.
filter e-mail)
Henr
ic
John
son
4
9
TYPES OF FIREWALLSTYPES OF FIREWALLS
Three common types of Firewalls:
Packet-filtering routers
Application-level gateways
Circuit-level gateways
(Bastion host)
ic
John
son
4
9
TYPES OF FIREWALLSTYPES OF FIREWALLS
Three common types of Firewalls:
Packet-filtering routers
Application-level gateways
Circuit-level gateways
(Bastion host)
Henr
ic
John
son
5
0
TYPES OF FIREWALLSTYPES OF FIREWALLS
Packet-filtering Router
ic
John
son
5
0
TYPES OF FIREWALLSTYPES OF FIREWALLS
Packet-filtering Router
Henr
ic
John
son
5
1
TYPES OF FIREWALLSTYPES OF FIREWALLS
Packet-filtering Router
Applies a set of rules to each incoming IP
packet and then forwards or discards the
packet
Filter packets going in both directions
The packet filter is typically set up as a list of
rules based on matches to fields in the IP or
TCP header
Two default policies (discard or forward)
ic
John
son
5
1
TYPES OF FIREWALLSTYPES OF FIREWALLS
Packet-filtering Router
Applies a set of rules to each incoming IP
packet and then forwards or discards the
packet
Filter packets going in both directions
The packet filter is typically set up as a list of
rules based on matches to fields in the IP or
TCP header
Two default policies (discard or forward)
Henr
ic
John
son
5
2
TYPES OF FIREWALLSTYPES OF FIREWALLS
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
ic
John
son
5
2
TYPES OF FIREWALLSTYPES OF FIREWALLS
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Henr
ic
John
son
5
3
TYPES OF FIREWALLSTYPES OF FIREWALLS
Possible attacks and appropriate
countermeasures
IP address spoofing
Source routing attacks
Tiny fragment attacks
ic
John
son
5
3
TYPES OF FIREWALLSTYPES OF FIREWALLS
Possible attacks and appropriate
countermeasures
IP address spoofing
Source routing attacks
Tiny fragment attacks
Henr
ic
John
son
5
4
TYPES OF FIREWALLSTYPES OF FIREWALLS
Application-level Gateway
ic
John
son
5
4
TYPES OF FIREWALLSTYPES OF FIREWALLS
Application-level Gateway
Henr
ic
John
son
5
5
TYPES OF FIREWALLSTYPES OF FIREWALLS
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
ic
John
son
5
5
TYPES OF FIREWALLSTYPES OF FIREWALLS
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
Henr
ic
John
son
5
6
TYPES OF FIREWALLSTYPES OF FIREWALLS
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable
applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each
connection (gateway as splice point)
ic
John
son
5
6
TYPES OF FIREWALLSTYPES OF FIREWALLS
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable
applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each
connection (gateway as splice point)
Henr
ic
John
son
5
7
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
ic
John
son
5
7
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
Henr
ic
John
son
5
8
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments
from one connection to the other without
examining the contents
ic
John
son
5
8
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments
from one connection to the other without
examining the contents
Henr
ic
John
son
5
9
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
The security function consists of determining
which connections will be allowed
Typically use is a situation in which the
system administrator trusts the internal users
An example is the SOCKS package
ic
John
son
5
9
TYPES OF FIREWALLSTYPES OF FIREWALLS
Circuit-level Gateway
The security function consists of determining
which connections will be allowed
Typically use is a situation in which the
system administrator trusts the internal users
An example is the SOCKS package
Henr
ic
John
son
6
0
TYPES OF FIREWALLSTYPES OF FIREWALLS
Bastion Host
A system identified by the firewall
administrator as a critical strong point in the
network´s security
The bastion host serves as a platform for an
application-level or circuit-level gateway
ic
John
son
6
0
TYPES OF FIREWALLSTYPES OF FIREWALLS
Bastion Host
A system identified by the firewall
administrator as a critical strong point in the
network´s security
The bastion host serves as a platform for an
application-level or circuit-level gateway
Henr
ic
John
son
6
1
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
In addition to the use of simple configuration of a single
system (single packet filtering router or single gateway),
more complex configurations are possible
Three common configurations
ic
John
son
6
1
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
In addition to the use of simple configuration of a single
system (single packet filtering router or single gateway),
more complex configurations are possible
Three common configurations
Henr
ic
John
son
6
2
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall system (single-homed
bastion host)
ic
John
son
6
2
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall system (single-homed
bastion host)
Henr
ic
John
son
6
3
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall, single-homed bastion
configuration
Firewall consists of two systems:
A packet-filtering router
A bastion host
ic
John
son
6
3
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall, single-homed bastion
configuration
Firewall consists of two systems:
A packet-filtering router
A bastion host
Henr
ic
John
son
6
4
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Configuration for the packet-filtering router:
Only packets from and to the bastion host are
allowed to pass through the router
The bastion host performs authentication and
proxy functions
ic
John
son
6
4
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Configuration for the packet-filtering router:
Only packets from and to the bastion host are
allowed to pass through the router
The bastion host performs authentication and
proxy functions
Henr
ic
John
son
6
5
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Greater security than single configurations
because of two reasons:
This configuration implements both packet-
level and application-level filtering (allowing
for flexibility in defining security policy)
An intruder must generally penetrate two
separate systems
ic
John
son
6
5
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Greater security than single configurations
because of two reasons:
This configuration implements both packet-
level and application-level filtering (allowing
for flexibility in defining security policy)
An intruder must generally penetrate two
separate systems
Henr
ic
John
son
6
6
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
This configuration also affords flexibility in
providing direct Internet access (public
information server, e.g. Web server)
ic
John
son
6
6
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
This configuration also affords flexibility in
providing direct Internet access (public
information server, e.g. Web server)
Henr
ic
John
son
6
7
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall system (dual-homed
bastion host)
ic
John
son
6
7
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall system (dual-homed
bastion host)
Henr
ic
John
son
6
8
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall, dual-homed bastion
configuration
The packet-filtering router is not completely
compromised
Traffic between the Internet and other hosts on
the private network has to flow through the
bastion host
ic
John
son
6
8
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened host firewall, dual-homed bastion
configuration
The packet-filtering router is not completely
compromised
Traffic between the Internet and other hosts on
the private network has to flow through the
bastion host
Henr
ic
John
son
6
9
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened-subnet firewall system
ic
John
son
6
9
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened-subnet firewall system
Henr
ic
John
son
7
0
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened subnet firewall configuration
Most secure configuration of the three
Two packet-filtering routers are used
Creation of an isolated sub-network
ic
John
son
7
0
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Screened subnet firewall configuration
Most secure configuration of the three
Two packet-filtering routers are used
Creation of an isolated sub-network
Henr
ic
John
son
7
1
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Advantages:
Three levels of defense to thwart intruders
The outside router advertises only the
existence of the screened subnet to the
Internet (internal network is invisible to the
Internet)
ic
John
son
7
1
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Advantages:
Three levels of defense to thwart intruders
The outside router advertises only the
existence of the screened subnet to the
Internet (internal network is invisible to the
Internet)
Henr
ic
John
son
7
2
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Advantages:
The inside router advertises only the existence
of the screened subnet to the internal network
(the systems on the inside network cannot
construct direct routes to the Internet)
ic
John
son
7
2
FIREWALL CONFIGURATIONSFIREWALL CONFIGURATIONS
Advantages:
The inside router advertises only the existence
of the screened subnet to the internal network
(the systems on the inside network cannot
construct direct routes to the Internet)
Henr
ic
John
son
7
3
DATA ACCESS CONTROLDATA ACCESS CONTROL
General models of access control:
Access matrix
Access control list
Capability list
ic
John
son
7
3
DATA ACCESS CONTROLDATA ACCESS CONTROL
General models of access control:
Access matrix
Access control list
Capability list
Henr
ic
John
son
7
4
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Matrix
ic
John
son
7
4
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Matrix
Henr
ic
John
son
7
5
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Matrix: Basic elements of the model
Subject: An entity capable of accessing objects,
the concept of subject equates with that of process
Object: Anything to which access is controlled
(e.g. files, programs)
Access right: The way in which an object is
accessed by a subject (e.g. read, write, execute)
ic
John
son
7
5
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Matrix: Basic elements of the model
Subject: An entity capable of accessing objects,
the concept of subject equates with that of process
Object: Anything to which access is controlled
(e.g. files, programs)
Access right: The way in which an object is
accessed by a subject (e.g. read, write, execute)
Henr
ic
John
son
7
6
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Control List: Decomposition of the
matrix by columns
ic
John
son
7
6
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Control List: Decomposition of the
matrix by columns
Henr
ic
John
son
7
7
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Control List
An access control list lists users and their
permitted access right
The list may contain a default or public entry
ic
John
son
7
7
DATA ACCESS CONTROLDATA ACCESS CONTROL
Access Control List
An access control list lists users and their
permitted access right
The list may contain a default or public entry
Henr
ic
John
son
7
8
DATA ACCESS CONTROLDATA ACCESS CONTROL
Capability list: Decomposition of the matrix by
rows
ic
John
son
7
8
DATA ACCESS CONTROLDATA ACCESS CONTROL
Capability list: Decomposition of the matrix by
rows
Henr
ic
John
son
7
9
DATA ACCESS CONTROLDATA ACCESS CONTROL
Capability list
A capability ticket specifies authorized objects
and operations for a user
Each user have a number of tickets
ic
John
son
7
9
DATA ACCESS CONTROLDATA ACCESS CONTROL
Capability list
A capability ticket specifies authorized objects
and operations for a user
Each user have a number of tickets
DIFFERENCE BETWEEN
CYBERSECURITY AND
CRYPTOGRAPHY
Cyber Security Cryptography
It is a process of keeping networks,
devices, programs, data secret and
safe from damage or unauthorized
access.
It is a process of keeping information
secret and safe simply by converting it
into unintelligible information and
vice-versa.
It is all about managing cyber risks in
all aspects such as people, process,
technology, etc.
It is all about math functions and can
be applied in technical solutions for
increasing cybersecurity.
Its main objective is to prevent or
mitigate harm or destruction of
computer networks, applications,
devices, and data.
Its main objective is to keep plain text
secret from eaves or droppers who are
trying to have access to some
information about the plain text.
It is generally used for the protection
of internet-connected systems like
software, hardware, and data, risk
management, disaster planning,
access control, policies.
It is generally used for integrity,
entity authentication, data origin
authentication, non-repudiation, etc.
CYBERSECURITY AND
CRYPTOGRAPHY
Cyber Security Cryptography
It is a process of keeping networks,
devices, programs, data secret and
safe from damage or unauthorized
access.
It is a process of keeping information
secret and safe simply by converting it
into unintelligible information and
vice-versa.
It is all about managing cyber risks in
all aspects such as people, process,
technology, etc.
It is all about math functions and can
be applied in technical solutions for
increasing cybersecurity.
Its main objective is to prevent or
mitigate harm or destruction of
computer networks, applications,
devices, and data.
Its main objective is to keep plain text
secret from eaves or droppers who are
trying to have access to some
information about the plain text.
It is generally used for the protection
of internet-connected systems like
software, hardware, and data, risk
management, disaster planning,
access control, policies.
It is generally used for integrity,
entity authentication, data origin
authentication, non-repudiation, etc.
DIFFERENCE BETWEEN
STEGANOGRAPHY AND
CRYPTOGRAPHY
Steganography Cryptography
Steganography means covered
writing.
Cryptography means secret writing.
Steganography is less popular
than Cryptography.
While cryptography is more popular than
Steganography.
Attack’s name in
Steganography is
Steganalysis.
While in cryptography, Attack’s name is
Cryptanalysis.
In steganography, structure of
data is not usually altered.
While in cryptography, structure of data is
altered.
Steganography supports
Confidentiality and
Authentication security
principles.
While cryptography supports Confidentiality and
Authentication security principles as well as Data
integrity and Non-repudiation.
In steganography, the fact
that a secret communication
is taking place is hidden.
While in cryptography only secret message is
hidden.
STEGANOGRAPHY AND
CRYPTOGRAPHY
Steganography Cryptography
Steganography means covered
writing.
Cryptography means secret writing.
Steganography is less popular
than Cryptography.
While cryptography is more popular than
Steganography.
Attack’s name in
Steganography is
Steganalysis.
While in cryptography, Attack’s name is
Cryptanalysis.
In steganography, structure of
data is not usually altered.
While in cryptography, structure of data is
altered.
Steganography supports
Confidentiality and
Authentication security
principles.
While cryptography supports Confidentiality and
Authentication security principles as well as Data
integrity and Non-repudiation.
In steganography, the fact
that a secret communication
is taking place is hidden.
While in cryptography only secret message is
hidden.
CRYPTOGRAPHY IN EVERYDAY
LIFE
Authentication/Digital Signatures
Time Stamping
Electronic Money
Encryption/Decryption in email
Encryption in WhatsApp
Encryption in Instagram
Sim card Authentication
LIFE
Authentication/Digital Signatures
Time Stamping
Electronic Money
Encryption/Decryption in email
Encryption in WhatsApp
Encryption in Instagram
Sim card Authentication
CRYPTOGRAPHY – BENEFITS
Confidentiality − Encryption technique can guard the
information and communication from unauthorized
revelation and access of information.
Authentication − The cryptographic techniques such
as MAC and digital signatures can protect information
against spoofing and forgeries.
Data Integrity − The cryptographic hash functions are
playing vital role in assuring the users about the data
integrity.
Non-repudiation − The digital signature provides the
non-repudiation service to guard against the dispute
that may arise due to denial of passing message by the
sender.
Confidentiality − Encryption technique can guard the
information and communication from unauthorized
revelation and access of information.
Authentication − The cryptographic techniques such
as MAC and digital signatures can protect information
against spoofing and forgeries.
Data Integrity − The cryptographic hash functions are
playing vital role in assuring the users about the data
integrity.
Non-repudiation − The digital signature provides the
non-repudiation service to guard against the dispute
that may arise due to denial of passing message by the
sender.
INTRUSION
DETECTION SYSTEMS
(IDS)
DETECTION SYSTEMS
(IDS)
INTRUSION DETECTION SYSTEM
(IDS)
An
Intrusion Detection System (IDS) is a
system that monitors
network traffic for
suspicious activity and issues alerts when such
activity is discovered.
It is a software application that scans a
network or a system for the harmful activity
or policy breaching.
(IDS)
An
Intrusion Detection System (IDS) is a
system that monitors
network traffic for
suspicious activity and issues alerts when such
activity is discovered.
It is a software application that scans a
network or a system for the harmful activity
or policy breaching.
Any malicious venture or violation is normally
reported either to an administrator or collected
centrally using a security information and event
management (SIEM) system.
A SIEM system integrates outputs from multiple
sources and uses alarm filtering techniques to
differentiate malicious activity from false
alarms.
reported either to an administrator or collected
centrally using a security information and event
management (SIEM) system.
A SIEM system integrates outputs from multiple
sources and uses alarm filtering techniques to
differentiate malicious activity from false
alarms.
Organizations need to fine-tune their IDS products
when they first install them. It means properly
setting up the intrusion detection systems to
recognize what normal traffic on the network looks
like as compared to malicious activity.
Intrusion prevention systems also monitor network
packets inbound the system to check the malicious
activities involved in it and at once send the warning
notifications.
when they first install them. It means properly
setting up the intrusion detection systems to
recognize what normal traffic on the network looks
like as compared to malicious activity.
Intrusion prevention systems also monitor network
packets inbound the system to check the malicious
activities involved in it and at once send the warning
notifications.
CLASSIFICATION OF INTRUSION
DETECTION SYSTEM:
IDS are classified into 5 types:
Network Intrusion Detection System
(NIDS):
Network intrusion detection systems (NIDS) are
set up at a planned point within the network to
examine traffic from all devices on the network.
It performs an observation of passing traffic on
the entire subnet and matches the traffic that is
passed on the subnets to the collection of known
attacks. Once an attack is identified or abnormal
behavior is observed, the alert can be sent to the
administrator.
An example of a NIDS is installing it on the
subnet where firewalls are located in order to see
if someone is trying to crack the firewall.
DETECTION SYSTEM:
IDS are classified into 5 types:
Network Intrusion Detection System
(NIDS):
Network intrusion detection systems (NIDS) are
set up at a planned point within the network to
examine traffic from all devices on the network.
It performs an observation of passing traffic on
the entire subnet and matches the traffic that is
passed on the subnets to the collection of known
attacks. Once an attack is identified or abnormal
behavior is observed, the alert can be sent to the
administrator.
An example of a NIDS is installing it on the
subnet where firewalls are located in order to see
if someone is trying to crack the firewall.
Host Intrusion Detection System (HIDS):
Host intrusion detection systems (HIDS)
run on independent hosts or devices on the
network. A HIDS monitors the incoming and
outgoing packets from the device only and will
alert the administrator if suspicious or malicious
activity is detected.
It takes a snapshot of existing system files and
compares it with the previous snapshot. If the
analytical system files were edited or deleted, an
alert is sent to the administrator to investigate.
Host intrusion detection systems (HIDS)
run on independent hosts or devices on the
network. A HIDS monitors the incoming and
outgoing packets from the device only and will
alert the administrator if suspicious or malicious
activity is detected.
It takes a snapshot of existing system files and
compares it with the previous snapshot. If the
analytical system files were edited or deleted, an
alert is sent to the administrator to investigate.
An example of HIDS usage can be seen on
mission-critical machines, which are not expected
to change their layout.
Protocol-based Intrusion Detection System
(PIDS):
Protocol-based intrusion detection system
(PIDS) comprises a system or agent that would
consistently resides at the front end of a server,
controlling and interpreting the protocol between
a user/device and the server
mission-critical machines, which are not expected
to change their layout.
Protocol-based Intrusion Detection System
(PIDS):
Protocol-based intrusion detection system
(PIDS) comprises a system or agent that would
consistently resides at the front end of a server,
controlling and interpreting the protocol between
a user/device and the server
. It is trying to secure the web server by regularly
monitoring the HTTPS protocol stream and
accept the related HTTP protocol.
As HTTPS is un-encrypted and before instantly
entering its web presentation layer then this
system would need to reside in this interface,
between to use the HTTPS.
monitoring the HTTPS protocol stream and
accept the related HTTP protocol.
As HTTPS is un-encrypted and before instantly
entering its web presentation layer then this
system would need to reside in this interface,
between to use the HTTPS.
APPLICATION PROTOCOL-BASED
INTRUSION DETECTION SYSTEM
(APIDS):
Application Protocol-based Intrusion Detection
System (APIDS) is a system or agent that
generally resides within a group of servers. It
identifies the intrusions by monitoring and
interpreting the communication on application-
specific protocols.
For example, this would monitor the SQL
protocol explicit to the middleware as it transacts
with the database in the web server.
INTRUSION DETECTION SYSTEM
(APIDS):
Application Protocol-based Intrusion Detection
System (APIDS) is a system or agent that
generally resides within a group of servers. It
identifies the intrusions by monitoring and
interpreting the communication on application-
specific protocols.
For example, this would monitor the SQL
protocol explicit to the middleware as it transacts
with the database in the web server.
HYBRID INTRUSION DETECTION
SYSTEM
Hybrid intrusion detection system is made by the
combination of two or more approaches of the
intrusion detection system. In the hybrid intrusion
detection system, host agent or system data is
combined with network information to develop a
complete view of the network system. Hybrid
intrusion detection system is more effective in
comparison to the other intrusion detection
system. Prelude is an example of Hybrid IDS.
SYSTEM
Hybrid intrusion detection system is made by the
combination of two or more approaches of the
intrusion detection system. In the hybrid intrusion
detection system, host agent or system data is
combined with network information to develop a
complete view of the network system. Hybrid
intrusion detection system is more effective in
comparison to the other intrusion detection
system. Prelude is an example of Hybrid IDS.
DETECTION METHOD OF IDS:
Signature-based Method:
Signature-based IDS detects the attacks
on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s
in the network traffic. It also detects on the basis
of the already known malicious instruction
sequence that is used by the malware. The
detected patterns in the IDS are known as
signatures.
Signature-based Method:
Signature-based IDS detects the attacks
on the basis of the specific patterns such as
number of bytes or number of 1’s or number of 0’s
in the network traffic. It also detects on the basis
of the already known malicious instruction
sequence that is used by the malware. The
detected patterns in the IDS are known as
signatures.
Signature-based IDS can easily detect the
attacks whose pattern (signature) already exists
in system but it is quite difficult to detect the
new malware attacks as their pattern (signature)
is not known.
attacks whose pattern (signature) already exists
in system but it is quite difficult to detect the
new malware attacks as their pattern (signature)
is not known.
Anomaly-based Method:
Anomaly-based IDS was introduced to detect
unknown malware attacks as new malware are
developed rapidly. In anomaly-based IDS there is use
of machine learning to create a trustful activity
model and anything coming is compared with that
model and it is declared suspicious if it is not found in
model. Machine learning-based method has a better-
generalized property in comparison to signature-
based IDS as these models can be trained according
to the applications and hardware configurations.
Anomaly-based IDS was introduced to detect
unknown malware attacks as new malware are
developed rapidly. In anomaly-based IDS there is use
of machine learning to create a trustful activity
model and anything coming is compared with that
model and it is declared suspicious if it is not found in
model. Machine learning-based method has a better-
generalized property in comparison to signature-
based IDS as these models can be trained according
to the applications and hardware configurations.
COMPARISON OF IDS WITH
FIREWALLS:
IDS and firewall both are related to network security
but an IDS differs from a firewall as a firewall looks
outwardly for intrusions in order to stop them from
happening. Firewalls restrict access between
networks to prevent intrusion and if an attack is
from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened
and then signals an alarm.
FIREWALLS:
IDS and firewall both are related to network security
but an IDS differs from a firewall as a firewall looks
outwardly for intrusions in order to stop them from
happening. Firewalls restrict access between
networks to prevent intrusion and if an attack is
from inside the network it doesn’t signal. An IDS
describes a suspected intrusion once it has happened
and then signals an alarm.
GOALS FOR INTRUSION DETECTION
SYSTEMS
An IDS could use some—or all—of the following
design approaches: • Filter on packet headers. •
Filter on packet content. • Maintain connection
state. • Use complex, multipacket signatures. • Use
minimal number of signatures with maximum
effect. • Filter in real time, online. • Hide its
presence. • Use optimal sliding-time window size to
match signatures.
SYSTEMS
An IDS could use some—or all—of the following
design approaches: • Filter on packet headers. •
Filter on packet content. • Maintain connection
state. • Use complex, multipacket signatures. • Use
minimal number of signatures with maximum
effect. • Filter in real time, online. • Hide its
presence. • Use optimal sliding-time window size to
match signatures.
IDS STRENGTHS AND
LIMITATIONS
IDSs detect an ever-growing number of serious
problems. And as we learn more about problems,
we can add their signatures to the IDS model.
Thus, over time, IDSs continue to improve. At
the same time, they are becoming cheaper and
easier to administer.
LIMITATIONS
IDSs detect an ever-growing number of serious
problems. And as we learn more about problems,
we can add their signatures to the IDS model.
Thus, over time, IDSs continue to improve. At
the same time, they are becoming cheaper and
easier to administer.
commercial IDSs are pretty good at identifying
attacks. Another IDS limitation is its sensitivity,
which is difficult to measure and adjust. IDSs
will never be perfect, so finding the proper
balance is critical.
attacks. Another IDS limitation is its sensitivity,
which is difficult to measure and adjust. IDSs
will never be perfect, so finding the proper
balance is critical.
INTRUSION PREVENTION SYSTEM
Intrusion Prevention System is also known as
Intrusion Detection and Prevention System. It is
a network security application that monitors
network or system activities for malicious
activity. Major functions of intrusion prevention
systems are to identify malicious activity, collect
information about this activity, report it and
attempt to block or stop it.
Intrusion Prevention System is also known as
Intrusion Detection and Prevention System. It is
a network security application that monitors
network or system activities for malicious
activity. Major functions of intrusion prevention
systems are to identify malicious activity, collect
information about this activity, report it and
attempt to block or stop it.
CLASSIFICATION OF INTRUSION
PREVENTION SYSTEM (IPS):
Intrusion Prevention System (IPS) is classified into
4 types:
Network-based intrusion prevention system
(NIPS):
It monitors the entire network for suspicious
traffic by analyzing protocol activity.
Wireless intrusion prevention system
(WIPS):
It monitors a wireless network for
suspicious traffic by analyzing wireless networking
protocols.
PREVENTION SYSTEM (IPS):
Intrusion Prevention System (IPS) is classified into
4 types:
Network-based intrusion prevention system
(NIPS):
It monitors the entire network for suspicious
traffic by analyzing protocol activity.
Wireless intrusion prevention system
(WIPS):
It monitors a wireless network for
suspicious traffic by analyzing wireless networking
protocols.
Network behavior analysis (NBA):
It examines network traffic to identify threats
that generate unusual traffic flows, such as
distributed denial of service attacks, specific forms of
malware and policy violations.
Host-based intrusion prevention system
(HIPS):
It is an inbuilt software package which
operates a single host for doubtful activity by
scanning events that occur within that host.
It examines network traffic to identify threats
that generate unusual traffic flows, such as
distributed denial of service attacks, specific forms of
malware and policy violations.
Host-based intrusion prevention system
(HIPS):
It is an inbuilt software package which
operates a single host for doubtful activity by
scanning events that occur within that host.
THE MAIN DIFFERENCE BETWEEN
INTRUSION PREVENTION SYSTEM (IPS)
WITH INTRUSION DETECTION SYSTEMS
(IDS) ARE:
Intrusion prevention systems are placed in-line
and are able to actively prevent or block
intrusions that are detected.
IPS can take such actions as sending an alarm,
dropping detected malicious packets, resetting a
connection or blocking traffic from the offending
IP address.
INTRUSION PREVENTION SYSTEM (IPS)
WITH INTRUSION DETECTION SYSTEMS
(IDS) ARE:
Intrusion prevention systems are placed in-line
and are able to actively prevent or block
intrusions that are detected.
IPS can take such actions as sending an alarm,
dropping detected malicious packets, resetting a
connection or blocking traffic from the offending
IP address.
IPS also can correct cyclic redundancy check
(CRC) errors, defragment packet streams,
mitigate TCP sequencing issues and clean up
unwanted transport and network layer options.
(CRC) errors, defragment packet streams,
mitigate TCP sequencing issues and clean up
unwanted transport and network layer options.
Host Based
Narrow in scope (watches only
specific host activities)
More complex setup
Better for detecting attacks from the
inside
More expensive to implement
Detection is based on what any
single host can record
Does not see packet headers
Usually only responds after a
suspicious log entry has been made
OS-specific
Detects local attacks before they hit
the network
Verifies success or failure of attacks
COMPARISON
Network Based
Broad in scope (watches all
network activities)
Easier setup
Better for detecting attacks from
the outside
Less expensive to implement
Detection is based on what can be
recorded on the entire network
Examines packet headers
Near real-time response
OS-independent
Detects network attacks as payload
is analyzed
Detects unsuccessful attack
attempts
Narrow in scope (watches only
specific host activities)
More complex setup
Better for detecting attacks from the
inside
More expensive to implement
Detection is based on what any
single host can record
Does not see packet headers
Usually only responds after a
suspicious log entry has been made
OS-specific
Detects local attacks before they hit
the network
Verifies success or failure of attacks
COMPARISON
Network Based
Broad in scope (watches all
network activities)
Easier setup
Better for detecting attacks from
the outside
Less expensive to implement
Detection is based on what can be
recorded on the entire network
Examines packet headers
Near real-time response
OS-independent
Detects network attacks as payload
is analyzed
Detects unsuccessful attack
attempts
1
0
8
NETWORK MANAGEMENT
SCENARIOS
Detecting failure of an interface card in a device
Host monitoring
Traffic monitoring to optimize resource deployment
Detecting rapid changes in routing tables
Intrusion detection
0
8
NETWORK MANAGEMENT
SCENARIOS
Detecting failure of an interface card in a device
Host monitoring
Traffic monitoring to optimize resource deployment
Detecting rapid changes in routing tables
Intrusion detection
The administrator can take actions to prefer one
stream of network traffic over another, either to
promote fair use of resources or to block a
malicious traffic stream so that nonmalicious
communication does go through.
To do this kind of tuning the administrator
needs an accurate image of the network’s status.
stream of network traffic over another, either to
promote fair use of resources or to block a
malicious traffic stream so that nonmalicious
communication does go through.
To do this kind of tuning the administrator
needs an accurate image of the network’s status.
Tools called security information and event
management devices collect status indications
from a range of products—including firewalls,
IDSs, routers, load balancers—and put these
separate data streams together into a unified
view.
management devices collect status indications
from a range of products—including firewalls,
IDSs, routers, load balancers—and put these
separate data streams together into a unified
view.
MANAGEMENT TO ENSURE
SERVICE
Networks are not set-and-forget kinds of
systems; because network activity is dynamic,
administrators need to monitor network
performance and adjust characteristics as
necessary
SERVICE
Networks are not set-and-forget kinds of
systems; because network activity is dynamic,
administrators need to monitor network
performance and adjust characteristics as
necessary
CAPACITY PLANNING
One benign cause of denial of service is
insufficient capacity: too much data for too little
capability. Not usually viewed as a security
issue, capacity planning involves monitoring
network traffic load and performance to
determine when to upgrade which aspects.
One benign cause of denial of service is
insufficient capacity: too much data for too little
capability. Not usually viewed as a security
issue, capacity planning involves monitoring
network traffic load and performance to
determine when to upgrade which aspects.
A network or component running at or near
capacity has little margin for error, meaning that
a slight but normal surge in traffic can put the
network over the top and cause significant
degradation in service. Websites are especially
vulnerable to unexpected capacity problems.
capacity has little margin for error, meaning that
a slight but normal surge in traffic can put the
network over the top and cause significant
degradation in service. Websites are especially
vulnerable to unexpected capacity problems.
Launching a new product with advertising can
also cause an overload; events such as opening
sales of tickets for a popular concert or sporting
event have swamped websites. Network
administrators need to be aware of these
situations that can cause unexpected demand.
also cause an overload; events such as opening
sales of tickets for a popular concert or sporting
event have swamped websites. Network
administrators need to be aware of these
situations that can cause unexpected demand.
LOAD BALANCING
Popular websites such as those of Google,
Microsoft, and the New York Times are not run
on one computer alone; no single computer has
the capacity to support all the traffic these sites
receive at once. Instead, these places rely on
many computers to handle the volume. The
public is unaware of these multiple servers,
Popular websites such as those of Google,
Microsoft, and the New York Times are not run
on one computer alone; no single computer has
the capacity to support all the traffic these sites
receive at once. Instead, these places rely on
many computers to handle the volume. The
public is unaware of these multiple servers,
A load balancer is an appliance that redirects
traffic to different servers while working to
ensure that all servers have roughly equivalent
workloads.
traffic to different servers while working to
ensure that all servers have roughly equivalent
workloads.
NETWORK TUNING
Similarly, network engineers can adjust traffic
on individual network segments. If two clients on
one segment are responsible for a large
proportion of the traffic, it may be better to place
them on separate segments to even the traffic
load. Engineers can install new links, restructure
network segments, or upgrade connectivity to
ensure good network performance
Similarly, network engineers can adjust traffic
on individual network segments. If two clients on
one segment are responsible for a large
proportion of the traffic, it may be better to place
them on separate segments to even the traffic
load. Engineers can install new links, restructure
network segments, or upgrade connectivity to
ensure good network performance
In a real attack, network administrators can
adjust bandwidth allocation to segments, and
they can monitor incoming traffic, selectively
dropping packets that seem to be malicious.
adjust bandwidth allocation to segments, and
they can monitor incoming traffic, selectively
dropping packets that seem to be malicious.
RATE LIMITING
It is a countermeasure that reduces the impact of
an attack. With rate limiting, the volume of traffic
allowed to a particular address is reduced. Routers
can send a quench signal back to another router
that is forwarding traffic; such a signal informs
the sending router that the receiving router is
overloaded and cannot keep up, therefore asking
the sender to hold up on transmitting data.
It is a countermeasure that reduces the impact of
an attack. With rate limiting, the volume of traffic
allowed to a particular address is reduced. Routers
can send a quench signal back to another router
that is forwarding traffic; such a signal informs
the sending router that the receiving router is
overloaded and cannot keep up, therefore asking
the sender to hold up on transmitting data.
NETWORK ADDRESSING
A problem inherent in Internet (IPv4) addressing
is that any packet can claim to come from any
address: A system at address A can send a packet
that shows address B as its source. That
statement requires a bit of elaboration because
address spoofing is not simply a matter of filling
in a blank on a web page.
A problem inherent in Internet (IPv4) addressing
is that any packet can claim to come from any
address: A system at address A can send a packet
that shows address B as its source. That
statement requires a bit of elaboration because
address spoofing is not simply a matter of filling
in a blank on a web page.
Most users interact with the Internet through
higher-level applications, such as browsers and
mail handlers, that craft communications
streams and pass them to protocol handlers, such
as bind and socks. The protocol handlers perform
the network interaction, supplying accurate data
in the communication stream. Thus, someone can
spoof an address only by overriding these
protocol handlers, which requires privilege in an
operating system
higher-level applications, such as browsers and
mail handlers, that craft communications
streams and pass them to protocol handlers, such
as bind and socks. The protocol handlers perform
the network interaction, supplying accurate data
in the communication stream. Thus, someone can
spoof an address only by overriding these
protocol handlers, which requires privilege in an
operating system
SHUNNING
With reliable source addresses, network
administrators can set edge routers to drop
packets engaging in a denial-of-service attack.
This practice, called shunning,
the attacker might make it appear as if the
attack is originating at google.com or
facebook.com, for example; shunning that
apparent attack has the negative outcome of
denying legitimate traffic from Google or
Facebook.
With reliable source addresses, network
administrators can set edge routers to drop
packets engaging in a denial-of-service attack.
This practice, called shunning,
the attacker might make it appear as if the
attack is originating at google.com or
facebook.com, for example; shunning that
apparent attack has the negative outcome of
denying legitimate traffic from Google or
Facebook.
BLACKLISTING AND SINKHOLING
In extreme cases, the network administrator may
decide to effectively disconnect the targeted
system. The administrator can blacklist the target
address, meaning that no traffic goes to that
address, from legitimate or malicious sources alike.
Alternatively, the administrator may redirect
traffic to a valid address where the incoming traffic
can be analyzed; this process is called sinkholing.
In extreme cases, the network administrator may
decide to effectively disconnect the targeted
system. The administrator can blacklist the target
address, meaning that no traffic goes to that
address, from legitimate or malicious sources alike.
Alternatively, the administrator may redirect
traffic to a valid address where the incoming traffic
can be analyzed; this process is called sinkholing.
SECURITY INFORMATION AND EVENT
MANAGEMENT (SIEM)
networking and security products, including
routers, switches, VPNs, and many varieties of
firewalls, IDSs, and IPSs. A large enterprise can
have hundreds or even thousands of such
products, often of different brands and models, as
well as tens of thousands of servers and
workstations, all of which need to be monitored
by security personnel.
MANAGEMENT (SIEM)
networking and security products, including
routers, switches, VPNs, and many varieties of
firewalls, IDSs, and IPSs. A large enterprise can
have hundreds or even thousands of such
products, often of different brands and models, as
well as tens of thousands of servers and
workstations, all of which need to be monitored
by security personnel.
In this section, we discuss the tools that make it
possible for a small security team to monitor and
respond to security issues from all over such an
enterprise.
A Security Operations Center
Security Operations Center (SOC) at a single
location, perhaps their headquarters. A SOC is a
team of security personnel dedicated to
monitoring a network for security incidents and
investigating and remediating those incidents
possible for a small security team to monitor and
respond to security issues from all over such an
enterprise.
A Security Operations Center
Security Operations Center (SOC) at a single
location, perhaps their headquarters. A SOC is a
team of security personnel dedicated to
monitoring a network for security incidents and
investigating and remediating those incidents
For instance, a SOC analyst might notice a spike
in login events in the middle of the night and
want to investigate. The SIEM would allow the
analyst to search for all login events between the
hours of, say, 1:00–4:00 AM Eastern Time, and
then continue to investigate based on other
factors, such as IP address, apparent source
country, targeted systems, or targeted
usernames.
in login events in the middle of the night and
want to investigate. The SIEM would allow the
analyst to search for all login events between the
hours of, say, 1:00–4:00 AM Eastern Time, and
then continue to investigate based on other
factors, such as IP address, apparent source
country, targeted systems, or targeted
usernames.
The ability to run searches like these and quickly
investigate hunches across all of a company’s
systems is a fundamental breakthrough for near
real-time security analysis. The functions of a SOC
are like those of an air traffic control center or
nuclear reactor control room: Large amounts of
data accumulate from a variety of sources
investigate hunches across all of a company’s
systems is a fundamental breakthrough for near
real-time security analysis. The functions of a SOC
are like those of an air traffic control center or
nuclear reactor control room: Large amounts of
data accumulate from a variety of sources
. The control staff has to use both experience and
intuition to ensure that the system runs properly, so
any technological help to organize and digest the data
helps the staff be more effective. As long as the
system runs properly, monitoring is mostly passive.
However, when an anomaly occurs, the control staff
need plenty of background data to determine what is
happening and decide what to do next. We explore
this active system management role, called incident
response.
intuition to ensure that the system runs properly, so
any technological help to organize and digest the data
helps the staff be more effective. As long as the
system runs properly, monitoring is mostly passive.
However, when an anomaly occurs, the control staff
need plenty of background data to determine what is
happening and decide what to do next. We explore
this active system management role, called incident
response.
Section 6: Database Security
Protecting data is at the heart of many secure
systems, and many users (people, programs, or
systems) rely on a database management system
(DBMS) to manage the protection of structured
data.
systems, and many users (people, programs, or
systems) rely on a database management system
(DBMS) to manage the protection of structured
data.
Databases are essential to many business and
government organizations, holding data that reflect
the organization’s core activities. Often, when
business processes are reengineered to make them
more effective and more in tune with new or
revised goals, one of the first systems to receive
careful scrutiny is the set of databases supporting
the business processes. Thus, databases are more
than software-related repositories. Their
organization and contents are considered valuable
corporate assets that must be carefully protected.
government organizations, holding data that reflect
the organization’s core activities. Often, when
business processes are reengineered to make them
more effective and more in tune with new or
revised goals, one of the first systems to receive
careful scrutiny is the set of databases supporting
the business processes. Thus, databases are more
than software-related repositories. Their
organization and contents are considered valuable
corporate assets that must be carefully protected.
CONCEPT OF A DATABASE
A database is a collection of data and a set of
rules that organize the data by specifying certain
relationships among the data
A database administrator is a person who defines
the rules that organize the data and also controls
who should have access to what parts of the data.
A database is a collection of data and a set of
rules that organize the data by specifying certain
relationships among the data
A database administrator is a person who defines
the rules that organize the data and also controls
who should have access to what parts of the data.
The user interacts with the database through a
program called a database manager or a
database management system (DBMS),
informally known as a front end.
Components of Databases
The database file consists of records, each of
which contains one related group of data.
Each record contains fields or elements, the
elementary data items themselves
program called a database manager or a
database management system (DBMS),
informally known as a front end.
Components of Databases
The database file consists of records, each of
which contains one related group of data.
Each record contains fields or elements, the
elementary data items themselves
The fields in the name and address record are
NAME, ADDRESS, CITY, STATE, and ZIP
(where ZIP is the U.S. postal code). This
database can be viewed as a two-dimensional
table, where a record is a row and each field of a
record is an element of the table.
NAME, ADDRESS, CITY, STATE, and ZIP
(where ZIP is the U.S. postal code). This
database can be viewed as a two-dimensional
table, where a record is a row and each field of a
record is an element of the table.
The logical structure of a database is called a
schema. A particular user may have access to
only part of the database, called a subschema
schema. A particular user may have access to
only part of the database, called a subschema
QUERIES
Users interact with database managers through
commands to the DBMS that retrieve, modify,
add, or delete fields and records of the database.
A command is called a query.
Database management systems have precise
rules of syntax for queries. Most query languages
use an English-like notation, and many are based
on SQL, a structured query language originally
developed by IBM
Users interact with database managers through
commands to the DBMS that retrieve, modify,
add, or delete fields and records of the database.
A command is called a query.
Database management systems have precise
rules of syntax for queries. Most query languages
use an English-like notation, and many are based
on SQL, a structured query language originally
developed by IBM
6. Database Security – Outline - 1
6.1. Introduction - a DB refresher –
6.2. Security Requirements
a.Physical database integrity requirements
b.Logical database integrity requirements
c.Element integrity requirements
d.Auditability requirements
e.Access control requirements
f.User authentication requirements
g.Availability requirements
6.3. Reliability and Integrity
6.4. Sensitive Data
6.1. Introduction - a DB refresher –
6.2. Security Requirements
a.Physical database integrity requirements
b.Logical database integrity requirements
c.Element integrity requirements
d.Auditability requirements
e.Access control requirements
f.User authentication requirements
g.Availability requirements
6.3. Reliability and Integrity
6.4. Sensitive Data
Terms you know from database courses:
a) Database
b)Database management system (front end)
c)Records
d)Fields (elements)
e)Schema (logical design)
f)Subschema (user view)
g)Entity
h)Attributes
i)Relation
j)Queries (results in subschema)
Terms you know from database courses:
a) Database
b)Database management system (front end)
c)Records
d)Fields (elements)
e)Schema (logical design)
f)Subschema (user view)
g)Entity
h)Attributes
i)Relation
j)Queries (results in subschema)
FILE ORGANIZATION
BIT: Binary Digit (0,1; Y,N; On,Off)
BYTE:
Combination of BITS representing a CHARACTER
FIELD:
Collection of BYTES representing a DATUM or Fact
RECORD:
Collection of FIELDS reflecting a TRANSACTION
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
BIT: Binary Digit (0,1; Y,N; On,Off)
BYTE:
Combination of BITS representing a CHARACTER
FIELD:
Collection of BYTES representing a DATUM or Fact
RECORD:
Collection of FIELDS reflecting a TRANSACTION
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
FILE ORGANIZATION
FILE:
Collection of similar RECORDS
DATABASE:
Organization’s Electronic Library of FILES
Organized to serve business applications
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
FILE:
Collection of similar RECORDS
DATABASE:
Organization’s Electronic Library of FILES
Organized to serve business applications
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
FILE ORGANIZATION
ENTITY:
Person, place, thing, event about which data must
be kept
ATTRIBUTE:
Description of a particular ENTITY
KEY FIELD:
Field used to retrieve, update, sort RECORD
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
ENTITY:
Person, place, thing, event about which data must
be kept
ATTRIBUTE:
Description of a particular ENTITY
KEY FIELD:
Field used to retrieve, update, sort RECORD
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Laudon & Laudonr
KEY FIELD
Field in Each Record
Uniquely Identifies THIS Record
For RETRIEVAL
UPDATING
SORTING
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Field in Each Record
Uniquely Identifies THIS Record
For RETRIEVAL
UPDATING
SORTING
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Data redundancy
Program / data dependency
Lack of flexibility
Poor security
Lack of data sharing & availability
PROBLEMS WITH TRADITIONAL
FILE ENVIRONMENT
Flat FileFlat File
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Program / data dependency
Lack of flexibility
Poor security
Lack of data sharing & availability
PROBLEMS WITH TRADITIONAL
FILE ENVIRONMENT
Flat FileFlat File
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
SEQUENTIAL VS. DIRECT FILE
ORGANIZATION
SEQUENTIAL:
Tape-oriented;
One file follows another--physical sequence
DIRECT:
Disk-oriented;
Accessible without regard to physical sequence
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ORGANIZATION
SEQUENTIAL:
Tape-oriented;
One file follows another--physical sequence
DIRECT:
Disk-oriented;
Accessible without regard to physical sequence
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
FILING METHODS
Indexed sequential access method (ISAM) :
Each record identified by key
Grouped in blocks and cylinders
Keys in index
Virtual storage access method (VSAM) :
Memory divided into areas & intervals
Dynamic file space
VSAM widely used for relational DBs
Direct file access method (next)
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Indexed sequential access method (ISAM) :
Each record identified by key
Grouped in blocks and cylinders
Keys in index
Virtual storage access method (VSAM) :
Memory divided into areas & intervals
Dynamic file space
VSAM widely used for relational DBs
Direct file access method (next)
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DIRECT FILE ACCESS
METHOD
Each record has key field
Key field fed into transformation algorithm
Algorithm generates physical storage location of record
(record address)
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
METHOD
Each record has key field
Key field fed into transformation algorithm
Algorithm generates physical storage location of record
(record address)
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE MANAGEMENT SYSTEM
(DBMS)
Software to create & maintain data
Enables business apps to extract data
Independent of specific computer programs
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
(DBMS)
Software to create & maintain data
Enables business apps to extract data
Independent of specific computer programs
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
COMPONENTS OF DBMSS
DATA DEFINITION LANGUAGE :
Defines data elements in database
DATA MANIPULATION LANGUAGE :
Manipulates data for applications
DATA DICTIONARY :
Formal definitions of all variables in database
Controls variety of database contents
Data elements
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATA DEFINITION LANGUAGE :
Defines data elements in database
DATA MANIPULATION LANGUAGE :
Manipulates data for applications
DATA DICTIONARY :
Formal definitions of all variables in database
Controls variety of database contents
Data elements
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
STRUCTURED QUERY
LANGUAGE (SQL)
Emerging standard
Data manipulation language
For relational databases
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
LANGUAGE (SQL)
Emerging standard
Data manipulation language
For relational databases
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ELEMENTS OF SQL
SELECT:
List of columns from tables desired
FROM:
IDs tables from which columns will be selected
WHERE:
Includes conditions for selecting specific rows, conditions
for joining multiple tables
Example:
SELECT (name, phone)
FROM employees_table
WHERE employer = ‘MWU’ and city = ‘Kalamazoo’
DBM
S
Source: Laudon & Laudon
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
SELECT:
List of columns from tables desired
FROM:
IDs tables from which columns will be selected
WHERE:
Includes conditions for selecting specific rows, conditions
for joining multiple tables
Example:
SELECT (name, phone)
FROM employees_table
WHERE employer = ‘MWU’ and city = ‘Kalamazoo’
DBM
S
Source: Laudon & Laudon
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
TWO VIEWS OF
DATA
PHYSICAL VIEW: Where is data physically?
Drive, disk, surface, track, sector (block), record
Tape, block, record number (key)
LOGICAL VIEW: What data is needed by
application?
Succession of facts needed by application
Name, type, length of field
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATA
PHYSICAL VIEW: Where is data physically?
Drive, disk, surface, track, sector (block), record
Tape, block, record number (key)
LOGICAL VIEW: What data is needed by
application?
Succession of facts needed by application
Name, type, length of field
DBM
S
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
STORAGE HIERARCHY
BIT
BYTE
FIELD
RECORD
FILE
DATABASE
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
BIT
BYTE
FIELD
RECORD
FILE
DATABASE
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
RELATIONAL DATA MODEL
Data in table format
RELATION: Table
TUPLE: Row (record) in table
FIELD: Column (attribute) in table
HOURS RATE TOTAL
ABLE 40.50$ 10.35$ 419.18$
BAXTER 38.00$ 8.75$ 332.50$
CHEN 42.70$ 9.25$ 394.98$
DENVER 35.90$ 9.50$ 341.05$
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Data in table format
RELATION: Table
TUPLE: Row (record) in table
FIELD: Column (attribute) in table
HOURS RATE TOTAL
ABLE 40.50$ 10.35$ 419.18$
BAXTER 38.00$ 8.75$ 332.50$
CHEN 42.70$ 9.25$ 394.98$
DENVER 35.90$ 9.50$ 341.05$
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
TYPES OF
RELATIONS
ONE-TO-ONE: ONE-TO-ONE: STUDENT ID
ONE-TO-MANY:ONE-TO-MANY:
CLASS
STUDENT
A
STUDENT
B
STUDENT
C
MANY-TO-MANY:MANY-TO-MANY:
STUDENT
A
STUDENT
B
STUDENT
C
CLASS
1
CLASS
2
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
RELATIONS
ONE-TO-ONE: ONE-TO-ONE: STUDENT ID
ONE-TO-MANY:ONE-TO-MANY:
CLASS
STUDENT
A
STUDENT
B
STUDENT
C
MANY-TO-MANY:MANY-TO-MANY:
STUDENT
A
STUDENT
B
STUDENT
C
CLASS
1
CLASS
2
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ROOT
1st
Child
2nd
Child
RatingsRatingsSalarySalary
CompensationCompensation
JobJob
AssignmentsAssignments
PensionPensionInsurInsuranceanceHealthHealth
BenefitsBenefits
EmployerEmployer
HIERARCHICAL DATA
MODEL
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
1st
Child
2nd
Child
RatingsRatingsSalarySalary
CompensationCompensation
JobJob
AssignmentsAssignments
PensionPensionInsurInsuranceanceHealthHealth
BenefitsBenefits
EmployerEmployer
HIERARCHICAL DATA
MODEL
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
NETWORK DATA MODEL
Variation of hierarchical model
Best suited for many-to-many relationships
NETWORK
A
NETWORK
B
NETWORK
C
NETWORK
1
NETWORK
2
Source: Laudon & Laudon
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Variation of hierarchical model
Best suited for many-to-many relationships
NETWORK
A
NETWORK
B
NETWORK
C
NETWORK
1
NETWORK
2
Source: Laudon & Laudon
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
OTHER SYSTEMS
LEGACY SYSTEM: older system
OBJECT - ORIENTED DBMS:
stores data & procedures as objects
OBJECT - RELATIONAL DBMS: hybrid
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
LEGACY SYSTEM: older system
OBJECT - ORIENTED DBMS:
stores data & procedures as objects
OBJECT - RELATIONAL DBMS: hybrid
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
CREATING A DATABASE
Conceptual Design
Physical Design
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Conceptual Design
Physical Design
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
CREATING A DATABASE —
CONCEPTUAL DESIGN
Abstract model, business perspective
How will data be grouped?
Relationships among elements
Establish end-user needs
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
CONCEPTUAL DESIGN
Abstract model, business perspective
How will data be grouped?
Relationships among elements
Establish end-user needs
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Detailed model by database specialists
Entity-relationship diagram
Normalization
Hardware / software specific
CREATING A DATABASE —
PHYSICAL DESIGN
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Entity-relationship diagram
Normalization
Hardware / software specific
CREATING A DATABASE —
PHYSICAL DESIGN
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ELEMENTS OF DATABASE
ENVIRONMENT
DATABASE
MANAGEMENT
SYSTEM
DATA
ADMINISTRATION
DATABASE
TECHNOLOGY &
MANAGEMENT
USERS
DATA
PLANNING &
MODELING
METHODOLOGY
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ENVIRONMENT
DATABASE
MANAGEMENT
SYSTEM
DATA
ADMINISTRATION
DATABASE
TECHNOLOGY &
MANAGEMENT
USERS
DATA
PLANNING &
MODELING
METHODOLOGY
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ENTITY- RELATIONSHIP
DIAGRAM
1
1
M
1
ORDER
CAN
HAVE
PART
SUPPLIER
CAN
HAVE
ORDER: #, DATE, PART #, QUANTITY
PART: #, DESCRIPTION, UNIT PRICE,
SUPPLIER #
SUPPLIER: #, NAME,
ADDRESS
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DIAGRAM
1
1
M
1
ORDER
CAN
HAVE
PART
SUPPLIER
CAN
HAVE
ORDER: #, DATE, PART #, QUANTITY
PART: #, DESCRIPTION, UNIT PRICE,
SUPPLIER #
SUPPLIER: #, NAME,
ADDRESS
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
NORMALIZATION
= Process of creating small data structures
from complex groups of data
EXAMPLES:
Accounts Receivable
Personnel Records
Payroll
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
= Process of creating small data structures
from complex groups of data
EXAMPLES:
Accounts Receivable
Personnel Records
Payroll
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DISTRIBUTED DATABASES
PARTITIONED:
remote CPUs (connected to host) have files unique
to that site,
e.g., records on local customers
REPLICATED (DUPLICATED as a special case)
ea. remote CPU has copies of common files
e.g., layouts for standard reports and forms
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
PARTITIONED:
remote CPUs (connected to host) have files unique
to that site,
e.g., records on local customers
REPLICATED (DUPLICATED as a special case)
ea. remote CPU has copies of common files
e.g., layouts for standard reports and forms
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE
ADMINISTRATION
A person or a group of people
Defines / organizes database structure and content
Develops security procedures
Develops database documentation
Maintains DBMS
E.g., software patches and updates
Source: Laudon & Laudonr
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
ADMINISTRATION
A person or a group of people
Defines / organizes database structure and content
Develops security procedures
Develops database documentation
Maintains DBMS
E.g., software patches and updates
Source: Laudon & Laudonr
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE TRENDS - 1
Multidimensional Data Analysis:
3D (or higher dimension) groupings to store complex data
Hypermedia:
Nodes contain text, graphics, sound, video,
programs
Organizes data as nodes
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Multidimensional Data Analysis:
3D (or higher dimension) groupings to store complex data
Hypermedia:
Nodes contain text, graphics, sound, video,
programs
Organizes data as nodes
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE TRENDS - 2
Data Warehouse:
Organization’s electronic library stores
consolidated current & historic data for
management reporting & analysis
On-Line Analytical Processing (OLAP):
Tools for multi-dimensional data analysis
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Data Warehouse:
Organization’s electronic library stores
consolidated current & historic data for
management reporting & analysis
On-Line Analytical Processing (OLAP):
Tools for multi-dimensional data analysis
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
COMPONENTS OF DATA
WAREHOUSE
INFORMATION
DIRECTORY
INTERNAL
DATA
SOURCES
EXTERNAL
DATA
SOURCES
OPERATIONAL,
HISTORICAL DATA
DATA WAREHOUSE
EXTRACT,
TRANSFORM
DATA
ACCESS &
ANALYSIS
QUERIES &
REPORTS
OLAP
DATA MINING
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
WAREHOUSE
INFORMATION
DIRECTORY
INTERNAL
DATA
SOURCES
EXTERNAL
DATA
SOURCES
OPERATIONAL,
HISTORICAL DATA
DATA WAREHOUSE
EXTRACT,
TRANSFORM
DATA
ACCESS &
ANALYSIS
QUERIES &
REPORTS
OLAP
DATA MINING
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE TRENDS -3
DATA MART:
Small data warehouse for special function
E.g., focused marketing based on customer info
DATA MINING:
Tools for finding hidden patterns, relationships, for
predicting trends, etc.
Source: Laudon & Laudonr
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATA MART:
Small data warehouse for special function
E.g., focused marketing based on customer info
DATA MINING:
Tools for finding hidden patterns, relationships, for
predicting trends, etc.
Source: Laudon & Laudonr
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE TRENDS - 4
Linking Databases to The Web:
Web user connects to vendor database
Special software converts users query ‘in’ html to SQL
SQL finds data,
server converts result to HTML
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Linking Databases to The Web:
Web user connects to vendor database
Special software converts users query ‘in’ html to SQL
SQL finds data,
server converts result to HTML
Source: Laudon & Laudonr
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
6.2. Security Requirements
Security requirements for databases and DBMSs:
a.Physical database integrity requirements
DB immune to physical problems (e.g., power failure, flood)
b.Logical database integrity requirements
DB structure preserved (e.g., update of a field doen’t affect another)
c.Element integrity requirements
Accuracy of values of elements
d.Auditability requirements
Able to track who accessed (read, wrote) what
e.Access control requirements
Restricts DB access (read, write) to legitinmate users
f.User authentication requirements
Only authorized users can access DB
g.Availability requirements
DB info available to all authorized users 24/7
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source:
Pfleeger &
Pfleeger
Security requirements for databases and DBMSs:
a.Physical database integrity requirements
DB immune to physical problems (e.g., power failure, flood)
b.Logical database integrity requirements
DB structure preserved (e.g., update of a field doen’t affect another)
c.Element integrity requirements
Accuracy of values of elements
d.Auditability requirements
Able to track who accessed (read, wrote) what
e.Access control requirements
Restricts DB access (read, write) to legitinmate users
f.User authentication requirements
Only authorized users can access DB
g.Availability requirements
DB info available to all authorized users 24/7
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source:
Pfleeger &
Pfleeger
--OPTIONAL– CONFIDENT. / INTEGRITY /
AVAILABILITYRequirements can be rephrased / sumarized as follows:
Data must be trusted
DBMS designed to manage trust
DBMS must reconstruct reality
Data must be accurate
Field checks
Access control (CRUD)
CRUD = Create, Read, Update, and Delete
Change log
Trade-offs
Audit vs. performance
Access vs. performance
Self-authentication
High availability
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Pfleeger & Pfleeger
AVAILABILITYRequirements can be rephrased / sumarized as follows:
Data must be trusted
DBMS designed to manage trust
DBMS must reconstruct reality
Data must be accurate
Field checks
Access control (CRUD)
CRUD = Create, Read, Update, and Delete
Change log
Trade-offs
Audit vs. performance
Access vs. performance
Self-authentication
High availability
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Pfleeger & Pfleeger
6.3. Reliability and Integrity
Reliable software runs long time without failures
Reliable DBMS preserves:
DB Integrity / Element Integrity / Element Accuracy
Basic protection provided by OS underlying DBMS
a)File back ups
b)Access controls
c)Integrity checks
DBMS needs more CIA controls
a)E.g. two-phase commit protocols for updates
b)Redundancy/internal consistency controls
c)DB recovery
d)Concurrency/consistency control
e)Monitors to enforce DB constraints
Range, state, transition constraints
Control structural DB integrity
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Pfleeger & Pfleeger
Reliable software runs long time without failures
Reliable DBMS preserves:
DB Integrity / Element Integrity / Element Accuracy
Basic protection provided by OS underlying DBMS
a)File back ups
b)Access controls
c)Integrity checks
DBMS needs more CIA controls
a)E.g. two-phase commit protocols for updates
b)Redundancy/internal consistency controls
c)DB recovery
d)Concurrency/consistency control
e)Monitors to enforce DB constraints
Range, state, transition constraints
Control structural DB integrity
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Source: Pfleeger & Pfleeger
--SKIP-- A) TWO-PHASE UPDATE
(2PC)
Intent Phase
Check value of COMMIT-FLAG
Gathers resources
Data
Dummy records
Open files
Lock out others
Calculate final answers
Write COMMIT-FLAG
Permanent Change Phase
Update made
Rollback ability at each phase
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
(2PC)
Intent Phase
Check value of COMMIT-FLAG
Gathers resources
Data
Dummy records
Open files
Lock out others
Calculate final answers
Write COMMIT-FLAG
Permanent Change Phase
Update made
Rollback ability at each phase
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
--SKIP-- B)-E) DETECTING
INCONSISTENCIES
b) Redundancy/internal consistency controls
Error detection / error correction
Hamming codes
Parity bits
Cyclic redundancy check
Shadow fields
c) DB recovery
Uses DBMS access log
d) Concurrency control
Checks/enforcement
e) Monitors for DB constraints
Range comparisons
State constraints
Transition constraints
More sophisticated
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
INCONSISTENCIES
b) Redundancy/internal consistency controls
Error detection / error correction
Hamming codes
Parity bits
Cyclic redundancy check
Shadow fields
c) DB recovery
Uses DBMS access log
d) Concurrency control
Checks/enforcement
e) Monitors for DB constraints
Range comparisons
State constraints
Transition constraints
More sophisticated
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
--OPTIONAL-- 6.4. Sensitive Data
Managing access
Hiding existence
Sharing vs. confidentiality
Security vs. precision
Perfect confidentiality
Maximum precision
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Managing access
Hiding existence
Sharing vs. confidentiality
Security vs. precision
Perfect confidentiality
Maximum precision
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
6.5. INFERENCE (INFERENCE
PROBLEMS)
Inference attack - inferring sensitive data
from nonsensitive data
Types of inference attacks:
1) Direct attack
Infer sens. data from results of queries run by attacker
n-item k-percent rule:
Data withheld if n items represent > k percent of the
result reported
Most obvious case: 1-item 100-percent case: 1
person represents 100 % of results reported
2) Indirect attack
Infer sens. info from statistics (Sum, Count, Median)
also from info external to the attacked DB
Tracker attacks (intersection of sets)
Linear system vulnerability
Use algebra of multiple equations to infer
Source: Pfleeger & Pfleeger
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
PROBLEMS)
Inference attack - inferring sensitive data
from nonsensitive data
Types of inference attacks:
1) Direct attack
Infer sens. data from results of queries run by attacker
n-item k-percent rule:
Data withheld if n items represent > k percent of the
result reported
Most obvious case: 1-item 100-percent case: 1
person represents 100 % of results reported
2) Indirect attack
Infer sens. info from statistics (Sum, Count, Median)
also from info external to the attacked DB
Tracker attacks (intersection of sets)
Linear system vulnerability
Use algebra of multiple equations to infer
Source: Pfleeger & Pfleeger
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
INDIRECT INFORMATION FLOW
CHANNELS
Indirect Information Flow Channels
1) Covert channels
Discussed earlier –
in the general context of program security
Recall:
Overt Channel: designed into a system and documented
Covert Channel: not documented
Covert channels may be deliberately inserted into a
system, but most are accidents of the system design.
2) Inference channels
Discussed next–
in the context of DBMS
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
CHANNELS
Indirect Information Flow Channels
1) Covert channels
Discussed earlier –
in the general context of program security
Recall:
Overt Channel: designed into a system and documented
Covert Channel: not documented
Covert channels may be deliberately inserted into a
system, but most are accidents of the system design.
2) Inference channels
Discussed next–
in the context of DBMS
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
INFERENCE CONTROLS -
OUTLINE1) Query controls — applied to queries
Primarily against direct attacks
Query analysis to prevent inferences
Query inventory (history) per person
2) Data item controls —applied to individual DB items
Useful for indirect attacks
Two types:
a) Suppression — data not provided to querying user
Suppress combinations of rows and columns
Combine results (to hide actual answers)
b) Concealing — close answers, not exact given to
querying user
Rounding
Present range of results
Present random sample results
Perturb random data (generate small + and – error)
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
OUTLINE1) Query controls — applied to queries
Primarily against direct attacks
Query analysis to prevent inferences
Query inventory (history) per person
2) Data item controls —applied to individual DB items
Useful for indirect attacks
Two types:
a) Suppression — data not provided to querying user
Suppress combinations of rows and columns
Combine results (to hide actual answers)
b) Concealing — close answers, not exact given to
querying user
Rounding
Present range of results
Present random sample results
Perturb random data (generate small + and – error)
Source: Pfleeger & Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
DATABASE INFERENCE PROBLEM
& TYPES
DB inference problem:
where meta-data:
Working knowledge about the attributes
Supplementary knowledge (not stored in database)
DB inference types:
1) Statistical database inferences
2) General-purpose database inferences
+Meta-data
Sensitive
information
Non-sensitive
information
=
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
& TYPES
DB inference problem:
where meta-data:
Working knowledge about the attributes
Supplementary knowledge (not stored in database)
DB inference types:
1) Statistical database inferences
2) General-purpose database inferences
+Meta-data
Sensitive
information
Non-sensitive
information
=
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
1) STATISTICAL DATABASE
INFERENCE
Statistical database goal: provide aggregate information
about groups of individuals
E.g., average grade point of students
Security risk in statistical database:
disclosure of specific information about a particular
individual
E.g., grade point of student John Smith
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
INFERENCE
Statistical database goal: provide aggregate information
about groups of individuals
E.g., average grade point of students
Security risk in statistical database:
disclosure of specific information about a particular
individual
E.g., grade point of student John Smith
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--OPTIONAL-- TYPES OF STATISTICS
Macro-statistics: collections of related statistics
presented in 2-dimensional tables
Micro-statistics: Individual data records used for
statistics after identifying information is removed
Sex\Year 1997 1998 Sum
Female 4 1 5
Male 6 13 19
Sum 10 14 24
Sex Course GPA Year
F CSCE 590 3.5 2000
M CSCE 590 3.0 2000
F CSCE 790 4.0 2001
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Macro-statistics: collections of related statistics
presented in 2-dimensional tables
Micro-statistics: Individual data records used for
statistics after identifying information is removed
Sex\Year 1997 1998 Sum
Female 4 1 5
Male 6 13 19
Sum 10 14 24
Sex Course GPA Year
F CSCE 590 3.5 2000
M CSCE 590 3.0 2000
F CSCE 790 4.0 2001
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
STATISTICAL COMPROMISE
Exact compromise:
Find exact value of an attribute of an individual
E.g., finding that John Smith’s GPA is 3.8
Partial compromise:
Find an estimate of an attribute value corresponding to
an individual
E.g., finding that John Smith’s GPA is between 3.5
and 4.0)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Exact compromise:
Find exact value of an attribute of an individual
E.g., finding that John Smith’s GPA is 3.8
Partial compromise:
Find an estimate of an attribute value corresponding to
an individual
E.g., finding that John Smith’s GPA is between 3.5
and 4.0)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
METHODS OF ATTACKS AND
PROTECTION
Small/Large Query Set Attack
C: characteristic formula that identifies groups of
individuals
If C identifies a single individual I, e.g., count(C) = 1
Find out existence of another property D for I
If count(C and D)= 1 means I has property D
If count(C and D)= 0 means I does not have D
OR
Find value of property
Sum(C, D), gives value of D
If value of C known already
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
PROTECTION
Small/Large Query Set Attack
C: characteristic formula that identifies groups of
individuals
If C identifies a single individual I, e.g., count(C) = 1
Find out existence of another property D for I
If count(C and D)= 1 means I has property D
If count(C and D)= 0 means I does not have D
OR
Find value of property
Sum(C, D), gives value of D
If value of C known already
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
PREVENTION
Protection from small/large query set attack:
query-set-size control
A query q(C) is permitted only if
N-n |C| n
where:
n 0 is a parameter of the database, and
N is the number of records in the database
E.g. a query q(C) in a DB describing 100 individuals is
permitted only if
100 – 5 = 95 |C| 5
that is if it can’t give statistics on a group smaller than
5 individuals
(Note: If it gives statistics on C for e.g., 96 people, it
gives statistics on not-C for 4 people.)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Protection from small/large query set attack:
query-set-size control
A query q(C) is permitted only if
N-n |C| n
where:
n 0 is a parameter of the database, and
N is the number of records in the database
E.g. a query q(C) in a DB describing 100 individuals is
permitted only if
100 – 5 = 95 |C| 5
that is if it can’t give statistics on a group smaller than
5 individuals
(Note: If it gives statistics on C for e.g., 96 people, it
gives statistics on not-C for 4 people.)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
TRACKER ATTACK 1 (SIMPLE)
T - TrackerC
C1
C2
C = C1 and C2
T = C1 and ~C2
Attacker runs instead 2 queries: q(C1) and q(T)
where q(C) = q(C1) – q(T)
=> infers q(C) from q(C1) and q(T)
Query q(C) is disallowed
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
T - TrackerC
C1
C2
C = C1 and C2
T = C1 and ~C2
Attacker runs instead 2 queries: q(C1) and q(T)
where q(C) = q(C1) – q(T)
=> infers q(C) from q(C1) and q(T)
Query q(C) is disallowed
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--OPTIONAL-- Tracker Attack 2 (more complex)
C = C1 and C2
T = C1 and ~C2
Tracker
C
C1
C2
D
C and D
Query q(C and D)
is disallowed
Attacker runs instead 2 queries: q(T or C and D) and q(T)
where q(C and D) = q(T or C and D) – q(T)
=> infers q(C and D) from q(T or C and D) and q(T)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
C = C1 and C2
T = C1 and ~C2
Tracker
C
C1
C2
D
C and D
Query q(C and D)
is disallowed
Attacker runs instead 2 queries: q(T or C and D) and q(T)
where q(C and D) = q(T or C and D) – q(T)
=> infers q(C and D) from q(T or C and D) and q(T)
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--OPTIONAL-- QUERY OVERLAP
ATTACK
C1
C2
John
Kathy
Max
Fred
Eve
Paul
Mitch
Q(John)=q(C1)-q(C2)
Protection: need query-overlap control
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
ATTACK
C1
C2
John
Kathy
Max
Fred
Eve
Paul
Mitch
Q(John)=q(C1)-q(C2)
Protection: need query-overlap control
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--OPTIONAL-- INSERTION/DELETION
ATTACK
Observing changes over time
q
1=q(C)
Insert(i)
q
2
=q(C)
q(i) = q
2 „-” q
1
where „-” means compensation for insertion that permist to infer
Protection: insertion/deletion performed as pairs
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
ATTACK
Observing changes over time
q
1=q(C)
Insert(i)
q
2
=q(C)
q(i) = q
2 „-” q
1
where „-” means compensation for insertion that permist to infer
Protection: insertion/deletion performed as pairs
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
STATISTICAL INFERENCE
THEORY
Given unlimited number of statistics and correct statistical
answers, all statistical databases can be compromised
[Ullman]
Fortunately:
Number of statistics can be limited by statistical DB
controls
Statistical DB can give approximate rather than
‘correct’ statistical answers
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
THEORY
Given unlimited number of statistics and correct statistical
answers, all statistical databases can be compromised
[Ullman]
Fortunately:
Number of statistics can be limited by statistical DB
controls
Statistical DB can give approximate rather than
‘correct’ statistical answers
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
2) INFERENCES IN GENERAL-
PURPOSE
DATABASES
Inference types:
a) Inference via queries based on sensitive data
b) Inference via DB constraints
c) Inference via updates
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
PURPOSE
DATABASES
Inference types:
a) Inference via queries based on sensitive data
b) Inference via DB constraints
c) Inference via updates
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
a)INFERENCE VIA QUERIES
BASED ON
SENSITIVE DATASensitive information is used in selection condition but
not returned to the user
Example: Salary: secret, Name: public
Name
Salary=$25,000
(- projection, - selection)
Name
Salary=$26,000
• • •
Name
Salary=$110,000
Sensitive info (salary) used in selection condition, but
not returned to the user
Returns only Name to user
“Infers” (quite mechanically – no intelligence needed) salary for
everybody making between $25,000 and $110,000
Protection: apply query of database views at different
security levels
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
BASED ON
SENSITIVE DATASensitive information is used in selection condition but
not returned to the user
Example: Salary: secret, Name: public
Name
Salary=$25,000
(- projection, - selection)
Name
Salary=$26,000
• • •
Name
Salary=$110,000
Sensitive info (salary) used in selection condition, but
not returned to the user
Returns only Name to user
“Infers” (quite mechanically – no intelligence needed) salary for
everybody making between $25,000 and $110,000
Protection: apply query of database views at different
security levels
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
B) INFERENCE VIA DB CONSTRAINTS
Database constraints:
b-1) Integrity constraints
b-2) DB dependencies
b-3) Key integrity
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Database constraints:
b-1) Integrity constraints
b-2) DB dependencies
b-3) Key integrity
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
B-1) INFERING VIA INTEGRITY
CONSTRAINTS
C = A+B
A - public, C - public, and B - secret
B can be calculated from A and C
I.e., secret information can be calculated from public
data
CONSTRAINTS
C = A+B
A - public, C - public, and B - secret
B can be calculated from A and C
I.e., secret information can be calculated from public
data
B-2) INFERING VIA DB
DEPENDENCIES
DB dependencies (metadata):
Functional dependencies
Multi-valued dependencies
Join dependencies
etc.
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
DEPENDENCIES
DB dependencies (metadata):
Functional dependencies
Multi-valued dependencies
Join dependencies
etc.
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
FUNCTIONAL DEPENDENC IES
Functional dependency (FD) for attributes A B:
For any two tuples in the relation, if they have the same
value for A, they must have the same value for B
Example: Exploiting the FD: Rank Salary to infer
secret info
Secret information: Name and Salary together
Query1: Name and Rank
Query2: Rank and Salary
Combined answers for Q1 and Q2 reveal Name and
Salary together
Only because we have Rank Salary
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Functional dependency (FD) for attributes A B:
For any two tuples in the relation, if they have the same
value for A, they must have the same value for B
Example: Exploiting the FD: Rank Salary to infer
secret info
Secret information: Name and Salary together
Query1: Name and Rank
Query2: Rank and Salary
Combined answers for Q1 and Q2 reveal Name and
Salary together
Only because we have Rank Salary
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--OPTIONAL--B-3) INFERING VIA KEY
INTEGRITY
Every tuple in the relation has a unique key
Users at different security levels see different versions
of the database
User with ‘top secret’ clearance sees more than one
with ‘secret’ clearance
Users might attempt to update data that is not visible
for them
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
INTEGRITY
Every tuple in the relation has a unique key
Users at different security levels see different versions
of the database
User with ‘top secret’ clearance sees more than one
with ‘secret’ clearance
Users might attempt to update data that is not visible
for them
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--SKIP--EXAMPLE – INFERING VIA KEY
INTEGRITY
Name (key)Salary Address
Black P 38,000 P Columbia S
Red S 42,000 S Irmo S
Secret View
Name (key)Salary Address
Black P 38,000 P Null P
Public View
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
INTEGRITY
Name (key)Salary Address
Black P 38,000 P Columbia S
Red S 42,000 S Irmo S
Secret View
Name (key)Salary Address
Black P 38,000 P Null P
Public View
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--SKIP-- EXAMPLE (CTD) - UPDATES
Public User:
Name (key)Salary Address
Black P 38,000 P Null P
1.Update Black’s address to Orlando
2.Add new tuple: (Red, 22,000, Manassas)
If
Refuse update => covert channel
Allow update =>
•Overwrite high data – may be incorrect
•Create new tuple – which data it correct
(polyinstantiation) – violate key constraints
polyinstantiation – given record instantiated many times,
each time with different security level
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Public User:
Name (key)Salary Address
Black P 38,000 P Null P
1.Update Black’s address to Orlando
2.Add new tuple: (Red, 22,000, Manassas)
If
Refuse update => covert channel
Allow update =>
•Overwrite high data – may be incorrect
•Create new tuple – which data it correct
(polyinstantiation) – violate key constraints
polyinstantiation – given record instantiated many times,
each time with different security level
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
--SKIP-- EXAMPLE (CTD) - UPDATES
Name (key)Salary Address
Black P 38,000 P Columbia S
Red S 42,000 S Irmo S
Secret user:
1.Update Black’s salary to 45,000
If
Refuse update => denial of service
Allow update =>
•Overwrite ‘low’ data – covert channel
•Create new tuple – which data it corrects
(polyinstantiation) – violate key constraints
polyinstantiation – given record instantiated many times, each
time with different security level
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
Name (key)Salary Address
Black P 38,000 P Columbia S
Red S 42,000 S Irmo S
Secret user:
1.Update Black’s salary to 45,000
If
Refuse update => denial of service
Allow update =>
•Overwrite ‘low’ data – covert channel
•Create new tuple – which data it corrects
(polyinstantiation) – violate key constraints
polyinstantiation – given record instantiated many times, each
time with different security level
c
f
:
P
r
o
f
.
C
s
illa
F
a
r
k
a
s
CONCLUSIONS ON
INFERENCE
No general technique is available to solve the inference
problems
Need assurance of protection
Hard to incorporate outside knowledge
Optimal plan:
Suppress obviously sensitive information
Track what user knows (expensive)
Disguise data
--OPTIONAL-- Aggregation—additional problem
Inferences from aggregating data
Data mining increases risks
Source: Pfleeger & Pfleeger
c
f
:
P
r
o
f
.
C
.
F
a
r
k
a
s
a
n
d
B
.
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
INFERENCE
No general technique is available to solve the inference
problems
Need assurance of protection
Hard to incorporate outside knowledge
Optimal plan:
Suppress obviously sensitive information
Track what user knows (expensive)
Disguise data
--OPTIONAL-- Aggregation—additional problem
Inferences from aggregating data
Data mining increases risks
Source: Pfleeger & Pfleeger
c
f
:
P
r
o
f
.
C
.
F
a
r
k
a
s
a
n
d
B
.
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
6.6. MULTILEVEL DATABASES
Multilevel databases - store data with different
sensitivity levels (e.g.: public, confidential, secret, top_secret)
Problems
Polyinstantiation – multiple (“poly”) instantiations of a record, each
at a different security level
Example:
[John, Kalamazoo-MI] -- Public level
[John, 19_Main_Ave-Kalamazoo-MI] -- Confidential level
…
[John, 19_Main_Ave-Kalamazoo-MI, …, SSN=123-45-6789] --
Top_Secret level
-- OPTIONAL below --
Global actions (i.e., backup)
Small items controlled
Cost and performance
Consumer resistance to military model
Granularity
Access control policy
Guarantee values not changed by unauthorized person
Source: Pfleeger & Pfleeger
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Multilevel databases - store data with different
sensitivity levels (e.g.: public, confidential, secret, top_secret)
Problems
Polyinstantiation – multiple (“poly”) instantiations of a record, each
at a different security level
Example:
[John, Kalamazoo-MI] -- Public level
[John, 19_Main_Ave-Kalamazoo-MI] -- Confidential level
…
[John, 19_Main_Ave-Kalamazoo-MI, …, SSN=123-45-6789] --
Top_Secret level
-- OPTIONAL below --
Global actions (i.e., backup)
Small items controlled
Cost and performance
Consumer resistance to military model
Granularity
Access control policy
Guarantee values not changed by unauthorized person
Source: Pfleeger & Pfleeger
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
--OPTIONAL-- 6.7. PROPOSALS FOR
MULTILEVEL SECURITY -
SEPARATION MECHANISMS
1) Partitioning
Redundancy
Accuracy (multiple field update)
2) Encryption per level
Cumbersome decrypting with queries
3) Integrity lock
Data item
Sensitivity level
Checksum (above 2)
Cryptographic checksums
4) Sensitivity lock
Unique identifier
Sensitivity level
Source: Pfleeger &
Pfleeger
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
MULTILEVEL SECURITY -
SEPARATION MECHANISMS
1) Partitioning
Redundancy
Accuracy (multiple field update)
2) Encryption per level
Cumbersome decrypting with queries
3) Integrity lock
Data item
Sensitivity level
Checksum (above 2)
Cryptographic checksums
4) Sensitivity lock
Unique identifier
Sensitivity level
Source: Pfleeger &
Pfleeger
c
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
--OPTIONAL-- IMPLEMENTATIONS OF
SEPARATION - 1
1) Integrity lock
Expands size of element
Processing time efficiency
Untrusted DBM subject to Trojan horse
2) Trusted front end
Guard ~ reference monitor
One-way filter—filters out reports
Inefficient—calls, then releases much data
3) Commutative filters
Interface between user and DB
Reformats query
Addresses inefficiencies (above)
Source: Pfleeger &
Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
SEPARATION - 1
1) Integrity lock
Expands size of element
Processing time efficiency
Untrusted DBM subject to Trojan horse
2) Trusted front end
Guard ~ reference monitor
One-way filter—filters out reports
Inefficient—calls, then releases much data
3) Commutative filters
Interface between user and DB
Reformats query
Addresses inefficiencies (above)
Source: Pfleeger &
Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
--OPTIONAL-- IMPLEMENTATIONS OF
SEPARATION - 2
4) Distributed DB
Separate DB’s based on sensitivity
Front end sends query to right DB
5) Views
Logical / functional divisions
Source: Pfleeger &
Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
SEPARATION - 2
4) Distributed DB
Separate DB’s based on sensitivity
Front end sends query to right DB
5) Views
Logical / functional divisions
Source: Pfleeger &
Pfleeger
C
o
u
r
t
e
s
y
o
f
:
P
r
o
f
.
B
a
r
b
a
r
a
E
n
d
ic
o
t
t
-
P
o
p
o
v
s
k
y
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 15
- Slides 207
- Age 272 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views