Unit -3 - Ajay Ardeshana
Download
Report
Transcript Unit -3 - Ajay Ardeshana
Unit -3
Implementing Security
In
Databases
Introduction : Because of the importance of data and information of organization
database security is an important issue in database management.
The data stored in DBMS is vital to the organization and is consider
as a corporate assets.
Thus database represent as an essential recourse of an
organization, that should be properly secured.
Because of the use of distributed database with client/server
architecture, the database environment become more complex.
Managing database security has become more difficult and time
consuming.
Therefore it important for the DBA to develop overall policies,
procedures and appropriate controls to protect the databases.
The goal of security is the protection of data against threats such
as accidental or intentional loss.
These threats create the problems to the database integrity.
Threats may be defined as any situation or event, whether
intentional or accidental that may affect the system and
consequently the organization.
A threat may be caused by a situation or event involving a person,
action or circumstances that are likely to harm an organization.
The harm may be tangible such as loss of hardware, software or
data. That harm may be intangible, such as loss of creditably or
client confidence in the organization.
Database security involves allowing or disallowing user from
performing action on the database thus protecting the database
from misuse.
DBA is responsible for overall security of database system.
Therefore the DBA of an organization must identify the most
serious threats and enforce security to take appropriate control
actions to minimize these threats.
Any individual user or a user group needing to access database
system, applies to DBA for a user account.
The DBA then create an account number and password for user to
access the database basis on policy of organization.
The user afterword login to the DBMS using the given account
number and password whenever database access is needed.
The DBMAS checks for the validity for the user’s given account
number and password. Then the valid user is permitted to use the
DBMS and access the database.
DBMS maintain these two fields of user account and password by
creating an encrypted tables.
Threats to database security may be direct, for example, browsing,
changing or stealing of data by an unauthorized user access.
To ensure the secure database, all parts of the system must be
secure including the database, the hardware, the operating
system, networks, users and even the building and houses of the
computer system.
Some of the threats that must be addressed in a database security
plan are as follows :
Loss of availability
Loss of data integrity
Loss of confidentiality or secrecy
Loss of privacy
Theft and fraud
Accidental losses
Loss of Availability means that the data or the system or both can
not be access by the users. This situation can arise due to the crash
of hardware, networks or applications. The loss of availability can
seriously cause operational difficulties and effect the financial
performance of an organization.
Loss of Data Integrity causes invalid or corrupted data which may
seriously effect the operation of an organization. Unless data
integrity is restore through established backup and recovery
procedure, an organization may suffer serious losses or make
incorrect and expensive decisions based on the wrong or invalid
data.
Loss of Confidentiality refers to loss of protecting or maintaining
secrecy over critical data of the organization, which may have
strategic value to the organization. Loss of confidentiality may lead
to loss of competitiveness.
Loss of Privacy refers to loss of protecting data from individual.
Loss of privacy could lead to blackmail, bribery (corruption), public
embarrassment, stealing of user password or action being taken
against the organization.
Theft and Fraud affects not only the database environment but
also the entire organization. Since this situation is relate to the
involvement of people attention should be given to reduce
opportunity for the occurrence of these activities. For example,
control of physical security, so that unauthorized person can not
able to gain access to the computer room. Another example of
security procedure could be establishment of a firewall to protect
from unauthorized access.
Accidental Losses could be unintentional threats including human
error, software and hardware.
Authorization : Authorization is the process of a grating of right or privileges to the
user to have a limited access to a system or objects of the system.
It is an administrative policy of the organization, express as a set of
rules that can be used to determine which user has what type of
access to which portion of database.
Authentication : Authentication is a mechanism that determines whether a user is
who he or she claims to be. In other words, an authentication
checks whether a user operating upon the database is allow to
doing so or not. It verify the identity of the user.
The simplest form of authentication is a simplest consists of a
secret password which must be presented when a connection is
open to database.
Authorization and Authentication controls can be built
into the software. Authorization rules are incorporated in
DBMSs that restrict access to data and also restrict the
action that people may take when they access data.
For example, a user using a particular password may be
authorized to read any record from database but cannot
necessarily modify any of those records.
For this reason authentication controls are sometimes
refer to as access controls.
Following two types of access control techniques are
used in database security system:
Discretionary access control.
Mandatory access control.
(1) Discretionary access control :- (DAC)
DAC is based on the concept of privileges and mechanism
for giving such a privileges to user.
It grant the privileges to user on different object,
including capability to access specific data file, records or
fields in specified mode, such as, read, insert, delete or
update or combination.
A user who create a database object such as a table or
view automatically gets all applicable privileges on that
object.
The DBMS keep track of how these privileges are granted
to other users and it is very flexible.
1. Granting/Revoking Privileges : Granting and revoking privileges to the users is the responsibility
of database administrator of DBMS.
DBA classifies users and data in accordance with the policy of the
organization.
DBA privileged commands include commands for granting and
revoking privileges to individual accounts, users or user groups.
It performs the following types of actions :
Account Creation :- This action create a new account and
password for a user or a group of users to enable them to
access a database.
Privilege Granting :- This action permits the DBA to grant
certain privileges to certain accounts.
Privilege Revoking :- this action permits DBA to revoke certain
privileges that were previously given to certain accounts.
Security Level Assignment :- This action consists of assigning user
accounts to the appropriate security classification level.
The account level privilege assignment :CREATE SCHEMA Privilege To create schema.
CREATE TABLE Privilege
To create table.
CREATE VIEW Privilege
To create view.
ALTER Privilege
DROP Privilege
MODIFY Privilege
SELECT Privilege
To apply schema changes such as adding
or removing attributes.
To delete relations or view.
To INSERT, UPDATE or DELETE tuples.
To retrieve information from database
using SELECT query.
Examples of GRANT Privileges : Syntax :-
GRANT {ALL | privilege list}
ON {table-name [column list] | view-name [column list]}
TO {PUBLIC | user list}
[WITH GRANT OPTION]
or
GRANT {ALL | privilege list [column list]}
ON {table name | view name}
TO {PUBLIC | user list}
[WITH GRANT OPTION]
ALL
Privilege list
ON
Colum list
TO
PUBLIC
User list
WITH GRANT
OPTION
All the privileges for the object will be granted
Only the listed privileges are granted.
It specify the object on which the privileges are
granted. It can be a table or view.
Privileges are restricted to the specified column. If
this is not specified the grant is given for all the table.
It is used to identify the users to whom the privileges
are granted.
Privileges are granted to all known users of the
system who has valid User ID and Password.
Privileges are granted to the specific users only.
It means that the recipients has the authority to
grant the privileges that were granted to him to
another user.
Examples of REVOKE Privileges : Syntax :-
REVOKE {ALL | privilege list}
ON {table-name [column list] | view-name [column list]}
FROM {PUBLIC | user list}
or
REVOKE {ALL | privilege list [column list]}
ON {table name | view name}
FROM {PUBLIC | user list}
1. Audit Trail : An Audit Trail is a special file or database in which the system
automatically keep track of all operations performed by user on
the regular data.
It is a log of all changes to the database along with information
such as which user performed the changes and when the changes
were performed.
In some system Audit Trail is physically integrated with the
transaction log, in others the Audit Trail and transaction log might
be distinct.
The Audit Trail provide the security to the database. For example, if
the balance of the bank account is found to be incorrect, bank may
wish to track all the updates performed on the account to find out
incorrect updates, well as the person who carried out the updates.
A typical Audit Trail entry might contain the information as
following :
Request (Source Text)
Terminal from which the operation was evoked.
User who evoked the operation.
Date and time of the operation.
Tuples and attributes affected.
Old value.
New value.
(2) Mandatory Access Control :- (MAC)
MAC is based on system-wide policies that cannot be changed by
individual users.
It is used to enforced multilevel security by classifying the data and
user into various security classes or levels and then implementing
the appropriate security policy of the organization.
Thus, in this schema each data object is labeled with a certain
classification level and each user is given a certain clearance level.
A given data object can then be accessed only by users with the
appropriate clearance of a particular classification level.
Thus, a MAC technique classifies data and users based on security
classes such as Top Secret (TS), Secret (S), Confidential (C) and
Unclassified (U).
The DBMS determines whether a given user can read or
write a given object based on certain rules that involve the
security level of the object and the clearance of the user.
The commonly used MAC technique for multilevel security
is known as the Bel-LaPadula model.
The Bel-LaPadula model is describe in terms of Subject
(Users, Accounts, Programs), Objects (Relations or Tables,
Tuples, Attributes, Views, Operations) and clearance.
This model classifies each subject and object into one of
the security classification TS, S, C, U.
The security classes in a system are organized according to
a particular order, with a most secure class and a least
secure class.
This model enforces following two restrictions on data access
based on the subject/object classification.
Simple Security Property : In this case, a subject S is not allowed read access to an object O
unless classification of subject S is greater then or equal to
classification of object O .
class(S) ≥ class(O)
Star Security Property : In this case, a subject S is not allowed to write an object O
unless classification of subject S is less then or equal to
classification of an object O.
class (S) ≤ class (O)
While transferring data (packages) from one network to the
another network some of the packages which we are
sending to the outside of the network as well as we are
receiving some of the packages from outside network to
the inside network.
At this time for the purpose of security database
administrator needs some mechanism that can “keep good
bits in and keep bad bits out”.
One method is to used Encryption. However, encryption
does nothing to keep digital pest And hackers out.
To Accomplish this goal we need to look at “Firewall”.
While data transferring data packets, each and every
sending data packet as well as received data packets has to
go through the Firewall.
A firewall is a designed to prevent unauthorized access to or form a
private network. Firewalls can be implemented in both hardware
and software, or a combination of both.
They are frequently use to prevent unauthorized Internet users
from accessing private network connecting to the Internet,
especially to the Intranet.
All messages entering and leaving the internet passes to the
firewall, which examine each messages and blocks those that do
not meet the specified security criteria.
Following are some of the firewall techniques :
Packet filter : Application Gateway : Circuit-level Gateway : Proxy Server :-
Packet Filter : Packet Filter looks at each packet entering or leaving
the network and accept or reject it based on userdefined rules.
Packet Filtering is a fairly effective mechanism and
transparent to user.
Application Gateway : In a application gateway, security mechanism is applied
to specific applications such as File Transfer Protocol
(FTP), and Telnet Servers.
Circuit-level Gateway : These security mechanisms are applied when a
Transport Control Protocol (TCP) or User Datagram
Protocol (UDP) connection is established. Once the
connection has been made, packets can flow between
the host without further checking.
Proxy Server : Proxy Server intercepts all messages entering and
leaving the network. In Proxy Server in effect hide the
true network address.
Statistical database security system is used to control the access to
a statistical database, which is used to provide statistical
information or summaries of values based on various criteria.
A Statistical database contains confidential information about
individuals or organizations, which is used to answer a Statistical
queries concerning sum, average, and numbers with certain
characteristics.
Thus a Statistical database permits queries that derive aggregated
information, for example, sums, averages, counts, maximums,
minimums, standard deviations, means, totals, or a query such a
“What is the average salary of managers?”. They do not permits
queries that derived individual information such as “What is a
salary of employee named Kartik?”.
In Statistical queries, Statistical functions are applied to a
population of tuples. A population is a set of tuples of a relation
that satisfy some selection condition.
For example, let us consider a relation schema EMPLOYEE :
Relation : EMPLOYEE
Emp_ID
Emp_Name
Gender
City
Phone
Salary
Each selection condition on the EMPLOYEE relation will specify a
particular population of EMPLOYEE tuples.
For example, the condition Gender = ‘M’ specifies the Male
population and condition (Gender = ‘M’ and City = ‘Rajkot’)
specifies the Male population who lives in Rajkot.
Statistical database security prohibits users not to retrieve
individual data, such as the salary of a specific employee.
This is controlled by prohibiting queries that retrieve attribute
values and by allowing only queries that involves Statistical
aggregate functions such as SUM, MIN, MAX, MEAN, COUNT etc.
Data encryption is a method of coding or scrambling of
data so that humans can not read them.
In this method data is encrypted by a special algorithm
that renders the data unreadable by any program or
human without the decryption key.
This technique is used to protect from threats in user
attempt to bypass the system. For example, by physically
removing the part of database or by tapping into a
communication line and so on.
Data encryption technique convert the readable data into
a unreadable data by use of an algorithm.
Encrypted data can not be read by any user unless that
user knows the encryption method.
Some of the encryption schemas that are used in database security
are as follows :
Simple Substitution Method : Polyalphabetic Substitution Method :1. Simple Substitution Method : In this method each letter of plaintext is shifted to its immediate
successor in the alphabet.
The blank space appears immediately before the alphabet ‘a’ and
it follows the alphabet ‘z’.
For example the message “Well done” is encrypted as follows :
Encrypted form :- “xfmmaepof”
2. Polyalphabetic Substitution Method : In this method an encryption key is used.
Suppose we want to encrypt the message “Drive slow”. But now
an encryption key is given as, say for example, “safety”.
The encryption is done as follow:
The key is aligned between the plain text and is repeated as
many times as necessary for the plaintext to be completely
covered. In this example we would have
Well done
safetysaf
The blank space occupies the 27th (Last but one), and 28th
(Last) position in the alphabet. For each character, alphabet
position of the plain text character and that of the key
character is added.
The resultant number is divided by 27 and reminder is kept
separately.
For our example first letter of the plain text ‘W’ is found at
23rd position and first letter of key ‘s’ is found at 19th
position. Thus, (23+19) = 42. the reminder after division by
27 is 15.
This process is called division modulus 27.
Now we can find the letter at 15th position is ‘O’ thus the
plain text letter ‘W’ is encrypted as ‘O’ in the cipher text.
In this way all the letters can be encrypted.