 So, if anybody has questions please raise your hand, I saw that 3 or 4 centers had already raised their hands earlier, but I do not know if they still have that question. So, please raise your hand online if there is a question. So, we are going to Netaji Subash in Kolkata. Yes sir, my question is that you in the last point you what you have discussed that you cannot keep the password in a script file. So, usually when we go for the student project we use the session variable and which gone through the whole sessions say when we are swapping from one value to other page, on that time you usually use the session variable. So, you told me that you just keep in the config file. So, sir is there any problems if we keep it in the session variable. Yeah, the session variable is not an issue because you cannot directly access the session variable except through the application program itself. So, there is no security vulnerability in storing it in the session variable. The session variable by the way is never passed back to the user, it is completely stored at the application server. The user's browser only sees some session identifier, but not the actual session variable. So, there is no vulnerability there. Does that answer your question? Thank you sir. Vidya Pratishtan Pune, please go ahead. Sir, my question is how even the SQL injection at the database level. You cannot actually prevent SQL injection completely at the database level, but there are certain things you can do to reduce the vulnerability at the database level. But that actually requires cooperation with the application and I am going to talk about that in the next half of the talk. So, I will answer your question in that part. What is it? Knowledge Institute, Salem, please go ahead. Hello sir, is it possible to use a key distribution center in Manit? In Manit we won't have any nodes. So, all the nodes will be at independently. So, is there any possibility to use the key distribution center in Manit? So, that is a different aspect of security. I don't want to take that up here. I also don't know much about it. You should ask Professor Bernard those questions. It is not a database security aspect. Santhakajan and Maharaj, Bulldana, please go ahead. Good morning, Dr. Sudarshan sir. I do have one question. The question is how the, what kind of mechanism is provided to the security website, particularly HTTPS? Typically when we are doing internet banking, HTTPS occurs. What kind of security mechanism the database people is provided to the security side? So, HTTPS is at the network level and I am sure it will be covered in this course. If it is not already been covered, it will be covered. So, I am not going to repeat that. That is not a database level thing. So, this session is focusing purely at the database level. So, HTTPS protects the data in transit. It also helps to identify the website. So, you know that you are talking to the authenticated website rather than talking to somebody else. So, it protects against certain things such as somebody roots your packets to a malicious site by hacking into the network and you think you are talking to Google, but you are talking to somebody else. HTTPS is supposed to protect against this. There are limitations. There is not a 100 percent solution because it is based on notion of digital certificates and if somebody is able to break into the certifying authority and create fake certificates then even which HTTPS you can get fooled. So, there is no such thing as 100 percent bullet proof thing, but it is basically making the task of hacking harder. So, again that will be covered elsewhere in this course. I am not going to get into further details. I am going to. So, we are going to assume that data in transit is protected and that you are not talking to a malicious server. You are talking to the actual database and security at the database and application program layer is what we are going to focus on. Thank you sir. We will take one last question before we get back. Vaishnav Institute. What should be the security measures in neural network DBMS? The network DBMS. Neural network. Neural network. Neural network DBMS. I think I do not understand what you are talking about. Neural networks are used for many tasks classification and so on. What is the concept of security there? I do not know. I do not see the connection with database security specifically. There are other connections with privacy and data mining which we will come to later in the talk. But at this point I do not have any answer to your particular question. Sri Shankaracharya Chhattisgarh. How can we break into websites using authentication bypass? So, that is exactly the example I had with SQL injection. I will go back to that slide and then after that I am going to. So, I am going to hang up on you and go back to the slide and explain that answer and after this we will get back to it. So, let us say that for authenticating the user, the application programmer had a query like this. Select star from user where user id equal to and this is a thing in let us say the type data in Java single code plus user id which is taken from the web application plus and now a double code single code close for the user id and password equals single code then the Java string closes plus password plus and then a single code to terminate the SQL string. So, this was the query that was constructed by concatenating user id and password. So, here if the user types instead of a real user id he types you want to get in as a particular user let us say x, y, z. So, the person types x, y, z code dash dash then what happens is that this whole query which is actually executed is just select star from user where user id equal to x, y, z after that everything is commented out. So, now the password is not checked at all and this is an example of authentication bypass using SQL injection. So, it is just that particular term authentication bypass which I did not mention earlier, but this is how this is one way in which you can bypass authentication. There are probably many other ways, but this is one particular way. So, that let us get back to the slides. So, where we were talking of passwords in scripts. So, coming back to SQL injection we had things like somebody who bypassed authorization that is one kind. Another kind was people who ran a delete star from our drop table or malicious things like that which go and modify some other table. So, the problem is that the whole application is running under a common privilege and the database authorization is doing nothing to prevent SQL injection. So, there is a question about can the database do something about SQL injection. So, the answer is not directly, but if you extend the authorization mechanism in certain ways which is not currently supported unfortunately you can partially safeguard against it is not a 100 percent thing. So, the key point here is that this particular user should have only had access to their records whatever their authorized to see and not the authorization to drop a table. But the problem is that the database has no idea who the application user is. It only sees the single user the application database ID which has complete privileges. So, what you would like is an SQL feature where two things have to happen. First of all the database should be aware of who is the end user accessing this particular application on whose behalf a query is being executed. And B there should be an extended authorization mechanism that allows the database to restrict that particular application user to only certain rows of certain tables. So, if you have a grades table it has grades of all students, but you want to restrict a particular student to see only their own grades not other student's grades. So, you need an extended authorization mechanism which can restrict people to see only some rows of a grades table not other rows. This is something which SQL does not support today although there are some extensions which I will talk about which can provide this partial. And it turns out that when the SQL authorization mechanism was conceptualized long back 20, 30 years ago the web was pretty much unknown. And the typical model was employee of an organization connected to a database either directly or through reporting interface and then ran queries on the database. So, then the database knew who that employee was and authorization made sense. But now that web applications are the dominant way of accessing a database that is pretty much useless and you need something different. So, today the fine grained authorization this is called fine grained authorization where you allow people to see only certain rows, but not other that is implemented only at the application level not at the database today. And because of this if you can bypass the application authorization some way you can do anything to the database. So, the applications implement certain checks such as which users allow to access which screen and then there are parameters in there. So, for example, there is a screen which shows grades to faculty members it shows students grades to faculty members. But it may look at the department of the faculty member and only show grades belonging to CSE or only show grades of CSE students not of other students. So, these are forms of access control which cannot today be implemented in SQL, but they are typically implemented in the application layer. So, you would like all these kinds of things to be done at some level in SQL itself. So, coming to this what is there today is application only in the authorization only in the application layer. And since you are doing it in a language such as Java or PHP you get a lot of control on what goes on. So, it is easy to implement fine grained authorization to specific tuple. And the authorization can be based on business logic such as this user is allowed to create a purchase order that does not go into steps of to create a purchase order you get authorization to this table and to that table and something else all that is encapsulated you do not have to worry about it. So, that makes life easier for authorization, but the drawback is the following that authorization checks have to be done in the application code in every single application interface has to implement authorization checks. Now, if you had the complete plan for authorization checks upfront you code it and the plan never changes may be it is feasible, but in reality over time authorization policies change. And sometimes when you tighten an authorization policy you may forget to fix one of the interface which was more relaxed. And sometimes they may be forgotten authorization check which we saw earlier. So, it is hard to check for this and the amount of code written the application is enormous checking this entire bunch of code for vulnerabilities is very hard. So, the problem is this is called the surface area of this code is very large the amount of code that is there is very large. In contrast if you could somehow do this in the database then the only way to access the database is through SQL query. So, if you have authorization at this level it is easy to enforce a policy, but it is difficult to enforce complex policies. Simple policies can be reliably enforced with no way to bypass it. So, it is not vulnerable, but complex policies are harder to enforce. So, what you need is a wire media between these. In particular what you need is some form of fine grained authorization in database. And one of the early databases to provide this oracle which implemented a feature called virtual private database. So, what this does physically is the following it provides a way to specify policies which act add automatically extra authorization checks to query. So, take this particular query here the user ran select star from grades. Let us say that this user is a student. Now oracle allows you to register a function with the table grade. So, whenever a query uses the table grade the function is called and that function is going to return a string which gets appended to the query. So, now that particular function can check what is the user the current user is a student in which case we will do the following the function returns the string roll number equal to user ID. Now, the user ID is taken from the application and is provided by VPD to the database system as a function. So, when the function SQL function user ID is executed it is going to return the ID of the user on whose behalf this query is being executed. Note that this is an application user the database really has no idea about application user. The database only knows one user which is the entire application runs as one user. The application knows about application user and is it is actually passing this information to the database through this function user ID. So, now the SQL query can run this user defined function user ID and get the ID and check that roll number matches ID. So, now the student can only see their own grades all other grades are filtered out. They ran this query thinking they could see the grades of all users, but low and behold all they see are their own grades which is what they are authorized to be. So, that is the physical implementation and there are many applications for this. One of the major applications is hosted application where you have a single database which is shared amongst many organizations. Now, some of you might have heard of companies like salesforce.com and other which allow you to run an entire application on the web you just create an ID for your organization create ID's for individual users and you are off you can learn it. Now, many different organizations may be sharing a single database. What VPD goal was was to ensure that organization a cannot by mistake get access to organization V's data even if a programmer groups up in the application program. So, in VPD what you enforce is that you get the organization ID and make sure that the only the rows belonging to your organization are visible to you. So, that is the check that gets added here instead of roll number is used for ID a more common use cases organization equal to your organization ID. And that ensures a prediction of different organizations from each other on the shared database. Now, that is Oracle's VPD other databases have provided some similar support, but it is been very limited. For example, DB2 supports something called label based access control and Oracle also has something called label based access control which is not quite as powerful as VPD, but it does allow many things to be done. And so, that can end is used by many customers. So, that was authorization at a fine grain level. Now, let us get back to the next level. So, what about insider attack? So far we have been talking of outsider attack. The outsider is trying to hack into the application or into the database and how do we predict. But most database is actually a lot more vulnerable to insider. For example, at IIT Bombay, there are all a grades, salaries, so many other things are on databases. And there are many people who are access to these databases. And as a result, there are many people who could potentially go in and modify the data. So, we are trusting a lot of people to not do anything back. And in fact, you know, people have lived up to the trust. By many, I mean something like 3, 4. I am not talking of hundreds. When you have hundreds, you have no idea what is going on. When you have 3, 4, people know that if something goes wrong, it will be traced back to them. And of course, you also make sure you pick honest people and do not allow access to others. So, among the things which any application system should do is to keep this, the database password of the master database restricted to a few people and do not give it to the development team. So, there is another. So, we have many programmers. We have four or five people with the master password. We have many people who develop applications, but do not have the password to the main database. They have passwords to a test database. They can run their application on the test database, but they cannot access the actual database. And that password is stored on a configuration file on the live server, which the others do not have access to. So, that is how IIT safeguards the database password. But of course, when you have something like RTO office, which inherently has a lot of corruption, even these few trusted people can become untrusted. So, you need to do something about it, which could involve maybe keeping audit trails of what happened, who access the data and I will briefly mention this later. But some researchers have been asking, why should we do it this way? Why should we have the application connect to the database is using a password? Can the OS authenticate the application to the database? So, this is called trusted application. So, the OS looks at the code of the application and knows that this code belongs to this particular application, which is trusted. And the OS authenticates the application to the database. So, this is, I do not know if it is there in products yet, but there is a lot of research on this and it is used for certain applications. I do not know if it is currently available for databases. I do not think it is, partly because the databases today tend to be decoupled from the application. So, now, we know that insiders can access the database. Can we do something to prevent them from doing too much damage, if they can access the data? One obvious thing is to have digital signatures. So, the person sitting in the data center, who has access to the database, does not have access to your signature key. So, the person who is updating the data, maybe a registrar or a professor or whatever, is able to sign the data and then, the signed data is stored in the database. So, this is good for certain things, which are updated rarely. You can have a smart card to store the key. So, nobody else can store it except the person who physically has access to the smart card. And so, the database administrator cannot do anything to that data to some extent. They cannot put new data, fake data, but they can very much delete data. So, if you have registered your property, somebody goes in there, deletes your registration and then, somebody comes in and registers your property again, you have a problem. So, this has some benefits, but it is not a 100 percent solution. There are lower tech solutions in use today. For example, if you register property in India, pretty much anywhere, you need a photograph to be taken at the registration center, so that they know that the person who owns the property is actually selling the property. The last bullet here talks of restricting access to the database. It turns out that many places had, every RTO have a local database. That means, you are trusting many, many people. So, these days, they have moved these to a central system. So, there are hundreds of RTO offices, but only one central database with all the data. And therefore, the number of people who have insider access is limited now. Instead of a few per RTO office or registration office, you have a few across the whole state or across the nation. So, then it is a lot more secure. And then, there are many more application level predictions against insider attacks. For example, multi-person approval is standard practice in banks and accounts. One person creates it, another person approves it. If one person's user idea is compromised, you can still guard against the other person. If one person is corrupt, you can still guard against illegal states unless the second person also becomes corrupt. And then, there is an issue of who gets authorization to do what. Now, there is actually a trade off here. One way is to be very careful in restrict authorization to only a few people. But practically, what happens is people go and leave. And if one of the people with authorization is not around, then others cannot do work which is needed for the organization to function. And so, in practice, authorizations are granted fairly loosely by destroying the prediction of the database. So, these are human problems. So, now if something bad has happened, you want to find out what has happened. Now, how do you do this? And you do this typically by using Nordic trade. I do not know if this has been covered in your course. It probably will be. But let me very briefly tell you what happens in audit trail. First of all, there is an application level audit trail. The application typically logs everything that was done. So, if a particular user is doing something which looks weird, you may not detect it immediately, but you may have a separate application running in the background looking at the log records and looking for patterns of fraudulent access. Supposing, for example, you have credit card authorization on a particular credit card happening in India today at 5 a.m. of 5 p.m. And happening in Russia at 6 p.m. Now, if that was a Russian website, maybe that is okay. But if it was a Russian shop, then it is impossible for a credit card to fly from here to Russia in a few hours. So, you know it must be fraudulent. If it happened one day later, maybe it is fraudulent, maybe it is not. So, depending on the history of the user's travel or whatever, the system may either block it or allow it. So, you can use the audit trail to find patterns and alert people. And if something bad has happened, you can look at the audit trail and see who accessed this data from where and thereby try to identify the actual human behind it. Then there is a database level audit trail which is even lower than the application level. It turns out that the way application is written today with a single database user, the database audit trail is not terribly useful to know who did it. But it might be useful to know what had happened. If you find an update has happened at this time, maybe you can correlate it with who was logged in from where and then narrowed down the user who did that particular update. So, even though the database does not know who is the user, you can correlate it with other log information and track it down. I think this is a good point to take some more questions before I come back to two research level topics which will be the last two topics for this talk. So, let's take some questions. BH Ghazi College Rajkot, please go ahead. Sir, my question is any particular tool for finding SQL injection for in a particular web server which we develop for each and every list out the particular where the look polls are there? Yes, there are a lot of tools which are available on the web you can search for them. So, most of them will look for form interfaces and then type in strings like what I told you, code star star star and look for error messages of various forms to be returned. So, I don't have a specific tool to recommend, but if you search on the web you will find tools for vulnerability analysis. So, if you have built an application, I would highly recommend you run these tools. Dronacharya, Farukh Nagar, Haryana please go ahead. Sir, my question is can database encryption and database user ID and password encryptions can solve the problem of database security over to you sir? So, there are many aspects to database security. So, encryption handles certain things. So, let's say you have a house with three doors. Locking one door is required to protect that door, but it's not going to protect you from somebody coming in through other doors. So, encryption is going to protect against somebody who gets physical access to the data may be by copying the disk or something and it is not going to protect against certain other things such as somebody using SQL injection to hack into the application. So, encryption is not going to protect against that. So, it is required for many things, but it's not the end all. So, there is no one thing which will cover everything. You have to take multiple steps to protect against multiple types of attack. You have to check for and rewrite applications to remove SQL injection. You have to make sure database passwords are stored securely. You have to guard against cross site scripting attacks. I didn't talk about it because I assume it will be covered elsewhere in your course, but when you build an application, this is a very important thing. You have to protect against cross site scripting attacks by essentially what is called sanitizing of user input. If you have not already seen this, you remove certain HTML commands from user input. So, when that is displayed, the ability to run cross site script attacks is removed. Then there are also things which can be done at the browser level to protect different, for example, you have multiple tabs open in the browser. So, script running on one tab might be able to access data, access sites which are opened by a separate tab. So, there are browsers like Chrome which actually run these in separate processes and protect against some of these attacks. So, there are many different things which need to be done. Only if you do all of them, can you actually ensure security. Even if you do all of them, there may still be holes you don't know about. For example, very recently, there was a hole in the SSH algorithm which was a bug which was found, which meant that intruders could actually eavesdrop on supposedly secure communication between browsers and web servers. So, that was discovered and then the web servers has to be patched to protect against that bug. So, if a web server is not patched, for example, it still remains vulnerable to that bug and then you have a problem. So, patching these things to fix security flaws which have been discovered in fix is another important part of security. So, there are many, many aspects even to just data security. Any other questions? Thank you sir. Perumail College. What is stored procedure? What is the difference between stored procedure and other statements? And last question is, where we can use the stored procedure effectively? A stored procedure is like a function which you can record in the database and then you can call the function with certain parameters. So, those parameters have to be of type string or int or whatever it is. So, now, if you want to call a stored procedure from a Java program, there is a JDBC call, API call to call a procedure, passing it certain parameters. So, that is similar in some sense to a prepared statement in the sense that if that string has codes in it, it is going to add backslashes and so on. So, that what goes to the database is a properly escaped string and then the database is predicted from SQL injection. So, that is basically an alternative to prepared statements, but as I told you it is not a good alternative because you have to create a procedure for every single query that you might want to do. But there are certain cases where it is useful and could be used. So, the main use for stored procedures is when you want to do certain updates within the database without doing them from JDBC. So, if you have a series of statements that have to be executed, series of database queries, instead of back and forth with the application server and the web server, it is all done inside of the database server and that can speed up performance. So, that is one use. Second use is if you have certain things which you might want to keep one copy in the database of a procedure which you might need to update and you do not want to update the application program, but you want to update the stored procedure periodically that might be another reason for using a stored procedure. So, there are multiple reasons for it and most databases today support stored procedure. Does that answer your question? Thank you sir. Then one more question as we know that lot of security tools is available for cyber security. Likewise is there any tool for database security and SQL itself can be provide securities without using Oracle or nothing, the front end itself? So, in terms of database security, there are tools which are specific to, for example, tools which will look for SQL injection by probing system, but you also have static analysis tools which can look at your code and say that this part of your code is vulnerable to SQL injection. So, there are such tools which can analyze your code and look for vulnerabilities which are specific to databases. So, that is what you would use. Now, coming back to the second part of your question, I am not sure what you meant by at the SQL level. As I told you the authorization mechanisms, if extended today what is there is not sufficient to provide any meaningful degree of protection, but there are extensions which have been proposed in research papers and some of which have been implemented by some databases like Oracle, but they are not part of the SQL standard yet, which you could use to give some extra level of protection. Thank you sir. Techno India, Bengal, please go ahead. Good afternoon sir. My question is, instead of centralized database, if we keep our data in distributed environment, that is distributed database, what is the security issues there? And if data is, we keep data, there is, we allow replication, then what are the security issues in that case? That's a good question. So, first of all, there are two types of security issues here. The first is when you have multiple systems which store the data, you obviously have to protect all the systems, but today the, by far the largest use of this kind of distributed data store, they are actually ubiquitous today. If you put data on any website, nobody uses a centralized database to store your data. Every major website today stores your data on either on file systems for certain kinds of data, distributed file system or they store it on distributed data storage system. So, for example, Google uses something called Bigtable, other application servers use things like HBase, Cassandra and a variety of other systems which store data in a distributed fashion across multiple systems. Now, many of these systems really don't have any notion of authorization mechanism beyond some very simple authorization. They have a notion of login and who can, which logins can access which tables in the store. So, the entire owners of security is purely at the application program level. So, there is no further security at the data storage engine level. Now, with replication what are the extra issues. So, again you have to obviously keep all copies secured, but there is a new aspect which has come up these days which is protection against government. So, today if you store data on Google and Google stores that data on a server in the US, Google may take a lot of steps to protect you from hackers getting in, but Google cannot do anything if the government of the US asks for the data, Google has to give that data otherwise they will go to jail as per US law. So, in spite of all the protection which you thought you were getting from Google, the US government can get your information by just telling Google to hand it over. In addition to asking Google to hand it over which of course has some overhead because they have to tell Google, Google has to check it and give it back. They also have hacked into Google systems or actually hacked into the network to spy on traffic going to Google. So, that is another kind of thing. So, if your data is stored in the US, it is very likely the US government can and will get access to data if it thinks that you are of interest to them. So, that kind of vulnerability can only be avoided if the data never goes to US. So, many companies these days are seriously looking at storing data of India in India, storing data of US users in the US. So, that if they are asked by the US government to hand over data, they can legally say that look this data is owned by a subsidiary in India and we cannot access that, you have to ask that subsidiary. Conversely, if the government of India asked data about an Indian, the Indian subsidiary is forced to hand over the data, it is available locally. It does not have to go back to the US thing to say to tell them hand over the data because they will sometimes get into trouble. The US may say you cannot hand over the data, the Indian government may say you must hand over the data and now Google is caught in the middle. In fact, there is a mess going on in Europe right now where the European Union was bringing up some law on making search engines forget about history. That law is not actually complete, but meanwhile a court ruled that users can ask Google to delete certain data, certain search information about themselves. So, now a user can tell Google this newspaper published a report which was unfavorable to be deleted, it should no longer show up in your search results. And now this is a total mess for Google because how do they know whether this user is doing it in a genuine way or in a way to hide unsavory incidents from others which really should not have been hidden. So, it is a big mess and they are trying to resolve the jurisdiction issue, but even with that there is still a mess when you have idiotic laws like this. O. P. Jindal you will get the last question on this topic before I wrap up the session. Sir, is there any option of data hiding in database management system? By hiding what do you mean? If you mean encryption, yes that is one way to hide data from physically unauthorized users. Other than that the authorization mechanisms are the key way of hiding data from users who are not authorized to see the data. So, yes that is exactly what is the role of authorization mechanism. I hope that answers your question. I think in the interest of time I will stop taking further questions and wrap up the last few slides in my talk. So, now let us come back to a couple of research topics. I have finished with detecting security. So, the last few slides are on security in outsourced cloud databases and privacy. So, today a lot of organizations are looking at outsourcing their database. What do you mean by that? Setting up an ERP system, setting up storage systems, backing up the data and buying equipment to ensure high availability and so on is very expensive. An organization the size of IIT which has maybe 2000 plus employees itself finds that dedicating 40, 50 employees to this area becomes very expensive and smaller organizations really cannot do this. So, they would like to have somebody provide the entire application and the database and everything is out there in the cloud. So, that is called outsourced application. Now, there are certain people who are fine with completely outsourced application, but there are others who say that look maybe I will outsource my database itself, but my application program will run locally and I will have control on it. And the goal here is that you can encrypt the data stored externally and decrypt it within the organization. So, there has been a bunch of research on this model which says that look supposing I encrypt the data in the database, the database does not have the encryption key, the application has it. Can the application fetch from the database just the records of a particular employee ID 1, 2, 3, 4, 5, 6. Now, the data is encrypted in the database, the database cannot see this employee ID. Is it possible to fetch just the records for this employee without even telling the database what this ID is? So, can you do this? It turns out that there are certain limited places where you can do this. For example, if you encrypt the employee ID, when you run a selection query you will do the same encryption on the ID provided in the application program and send that encrypted ID to the database. So, the database is comparing one encrypted ID to another encrypted ID and it can fetch just that record. So, that is one way. Another way is to not encrypt IDs, but encrypt only sensitive data. So, these are in fact used. But now supposing I want to do more complex computation. I want to encrypt salaries, but I want to find the average salary in the database without transferring all the encrypted salary data back to the application server. So, this is not easy, but there has been a bunch of research on certain limited cases where you can do computation of certain forms addition and so on on encrypted data and fetch that result and sum back and decrypt it to get the sum. So, this is fairly tricky area, but there has been a lot of research in recent years on this. I am not sure it is practical. I am not sure it will even even become practical, but people are trying to make it practical. Now, even if you encrypt data and store it in a remote database, there are still many kinds of attacks possible. For example, a person who hacks into that database may replace my salary with some other encrypted value and if you decrypt it, you get a legal value which is not my salary. So, that application is not able to detect that there is a problem or it might just delete some records and the application does not realize that some records are missing. So, it deletes me totally. Application has no idea that my employee records have been deleted. So, even though the data is encrypted, that does not protect against certain things. So, how do you deal with this? There has been some very interesting research on data structures called Merkel trees which can detect such modification in a fairly efficient manner. I do not have the time to get into what these details are, but I just want to highlight to you that this is an interesting research area. So, a lot of research may be 5, 6 years ago it was a very hot topic. Even today there is some ongoing research in this topic. There are not too many practical solutions yet, but people are working towards it. So, at least some limited forms of protection can be provided for outsourced data. Now, the last topic I am going to cover is privacy. So, what is this about? So, there is a lot of data which you do not want to be let out to everybody, but at the same time you want limited information from that to be made available for the public good. For example, you have records of diseases which people have got. You really do not want to announce to the world that this person has a typhoid or this person has HIV and so on. There are laws about this. On the other hand, if I see a cluster of typhoid cases in a particular area, then I realize something is going on. There is an epidemic and it is time to have an intervention. Maybe the intervention could be to tell people, hey there is a typhoid epidemic in your area, boil your water and do not drink untreated water and that might end that epidemic. So, I need some information without revealing individual users information. So, this was done in the US in the following way. They said you can release anonymized information of medical data. You remove the name, but you want to know where epidemics are happening. So, you need a rough geographical area. For this the pin code was allowed and then you want to know whether it is a man or a woman because certain diseases affect men and women differentially. So, you need that. You also need to know the age of the individual because some things affect children, some things affect adults. So, they allowed these three to be retained and released. Unfortunately, it turned out that with just this three piece of information zip code of pin code, the gender and the date of birth. In a very large number of cases you can uniquely identify a person. There are not that many people with the same date of birth and gender in the same pin code. Actually, pin codes in India cover fairly large area. Zip codes in the US are more narrow. So, it turns out turned out that the publicly available medical records in Massachusetts could be used to find out the medical history of the governor of Massachusetts. Some researcher did this and announced this, which was a big embarrassment. So, subsequently there were laws which specifically say you cannot release these three pieces of information. You have to hide something in there. So, there are now laws about privacy. So, there is a trade-off there. There is another interesting case where American, so there are lot of people working on web search and web search quality depends a lot on search history of users. So, Google has access to that data. Microsoft has access to your search history. But if you are a new company or if you are an academic sitting in IIT Bombay, you do not have access to that. Now, there were some nice people at American Online, a company which now is not doing well. But some years ago they were doing better and they said that, look, people do search on us. We will release anonymized information about searches to help academic researchers. So, there were nice people who put out the data. But it turned out that most people do what is called ego surfing. So, they search for their name on the database, over there. And then they search for their locality. You know, I search for Poway. I search for my name. So, now I know that this particular set of queries came from Sudarshan in Poway. How many Sudarshan are there in Poway? Probably not too many. And therefore, people can find out exactly what I have searched for. If I have gone to some shady website, now they know that I have gone there. So, that was very embarrassing. And in fact, some people in the company including some Indian employees were fired after this incident. So, that is a big problem. So, the question is how to balance useful of data which you reveal with while protecting privacy. And there have been a lot of interesting research in this area. It is a very active area still. There has also been a lot of government intervention in this area with laws on privacy protection. So, the Indian IT Act amendment in 2008 says things about this. The in the US, the HIPAA and Sarbanes-Oxley Act have legislated various things. In India, there is a conflict to some extent between right to information act and privacy which is keeps getting resolved by subsequent ruling. So, it is a very interesting area which many people will have to deal with going forward. So, with that, I will end my talk. Sastra Tanjavur, please go ahead. What are the problems that arise while migrating data from 1000 to 100. So, I do not know if there is any security issues here. There are a lot of other issues, performance and so on. Usually, cloud databases have extremely large volume. So, migrating such large volumes of data would overload networks and there are many other issues, but I do not think they are security related. So, I would not get into those other details. So, I think the question is if you can create a database slice for a particular user and allow them to only access data within that slice, can you safeguard against? SQL injection. Certainly, it would help a lot because if you only allow the user to access information in their own data which they are allowed to anyway read or things which they are anyway allowed to modify, then by doing SQL injection, they cannot touch any other data. So, that is related to the fine grain authorization which I talked about. So, if you are able to do that, you can get some good amount of protection from SQL injection. But if you code your application properly, then you get 100 percent protection from SQL injection. So, it is a good idea to do both. The checking the application, coding it carefully and checking it for vulnerability by static analysis is probably the easier solution which is what organizations are doing. But the other one could form a longer term solution for other classes of things. Does that answer your question or do you have more? Slicing techniques. Sir, can you suggest some good slicing techniques? Which slicing? No, I do not have any specific suggestion on that. Vivekananda, college, Namakkal. Good afternoon sir. My question is, in your security process, I mean the data information security process, how long we can expect the data information will be safe? Whether it is a follow up of members, authentication members, it is needed for the data information will be safe? Not quite sure I understand it. I think the first part of your question is, how long should you keep data? Is that what you are asking? Yeah. So, there are various laws on this and so most companies are required to keep certain information for a minimum period of time. For example, accounting information you may have to maintain by Indian law for, I do not know how many years, maybe 15 years, because still then the tax authorities can come back and question you about what you did back then. So, now for web services which keep individual user information, there are certain cases where they will keep history of what you did for a certain amount of time. Now, again there are some legal requirements. For example, the governments may say that you want to keep a history of accesses for three months or six months or so on and they will keep it for that much time. Now, many companies do not want to keep it longer for two reasons. One is that they may overload their storage or cost performance issues by keeping too much data. Or by keeping a lot of data, they may just invite more government queries on old data and cost more trouble for themselves in terms of employee time devoted to answering these questions. So, many organizations have policies that we will keep data for the time that is mandated by the government and then throw it out later. So, keeping data I do not mean your files, your files they keep forever, but log information and other such things which they will keep for some amount of time and then they will throw it out. Does that answer your question? Thank you. Screen level, what is the main focus of screen level authorization sir? So, pretty much any application which you used, let us say an enterprise system. There are many, many screens to do various things, maybe to create purchase orders, to approve bills, to update salvy and so on. Many ERP system has literally hundreds of thousands of screens, may be far more in fact. And different people are authorized to do different things, authorized to see or use different screens. So, this is what I mean by screen level authorization. So, if there is a screen to update salvy, you may not get it as a teacher, but a salvy clerk may get it to allow them to update your salvy. So, that is what screen level authorization is about. I think I should wrap up. Thank you very much.