Security and Integrity

Download Report

Transcript Security and Integrity

Security and Integrity
Database security and
Authorization







Introduction to security issues
Mechanisms used to grant and revoke privilege in
relational database in SQL
An overview of the mechanisms for enforcing multiple
levels of security
Briefly discusses the security problem in statistical
database
Introduces flow control and mentions problems
associated with convert channels.
A brief summary of encryption and public key
infrastructure schemes.
Summaries the chapter
What is security?
Introduction to Database
Security Issues

Types of Security




Legal and ethical issues regarding the right to access certain information.
In US there are many laws governing privacy of information.
Policy issues at the governmental, institutional, or corporate level as to
what kinds of information should not be made publicly available – for
example, credit ratings and personal medical records
System-related issues such as the system levels at which various security
functions should be enforced-- for example, whether a security function
should be handled at the physical H/W, OS, or DBMS levels.
The need in some organizations to identify multiple security levels and to
categorize the data and users based on these classified. The security
policy of the organization with respect to permitting access to various
classifications of data must be enforced.
Threats to Database

Threats to database result in the loss or
degradation of some or all of the
following security goals: integrity,
availability, and confidentially.



Loss of integrity
Loss of availability
Loss of confidentially
Loss of integrity

Integrity refer to requirement that information be protected from
improper modification.

Modification of data includes





Creation
Insertion
Modification
Deletion
Change the status of data

Integrity is lost if unauthorized changes are make to the data by either
intentional or accidental acts.

If continue use the contaminated system or corrupt data cause the
result in inaccuracy, fraud, or erroneous decision
Loss of availability

Database availability refers to making
objects available to human user or a
program to which they have a
legitimate right
Loss of confidentially


Database confidentially refers to the
protection of data from unauthorized
disclosure.
The impact range from


Violent of data privacy act to the damage of
national security
Unauthorized could result in loss of public
confidence, embarrassment, or legal action
against the organization.
How to protect database

To protect database against these
types of 4 kinds of countermeasures
can be implemented:




Access control
Inference control
Flow control
Encryption
Database security
mechanisms

Discretionary security mechanisms


Grant privilege to users, includes the capability to access
specific data files, records, or fields in a specified mode
(insert, read, delete, update)
Mandatory security mechanisms



Classifying the data and users into various security classes
Implementing the appropriate security policy of the
organization
Example


Policy to permit users at a certain classification level to see only
the data item classified at the user’s own (or lower)
classification level.
Role-based security
Database security and the
DBA




DBA has a DBA account in the DBMS
Called “system” or “superuser” account
Provide powerful capabilities that are not available for regular
database accounts and users.
DBA privilege commands include commands


for granting and revoking privilege to individual accounts, users or
user groups
For performing the followings





Account creation
Privilege granting
Privilege revocation
Security level assignment
DBA response for the overall security of the database system.
Access Protection, User
accounts, and Database Audits
1. Person need to access database
2. DBA create user account and password
3. The user login to the DBMS by enter user account and
password
4. The DBMS checks that the account and password valid
 If the user is permitted to use the DBMS to access the database
5. DBMS keep track of database users and their accounts and
passwords by creating and encrypted table of file with the two
fields Account and Password. This table was maintained by the
DBMS.
 When create new user, the data will insert into this table
 When account is canceled, the corresponding record must be delete
from the table
Keep track of operation
6.
BDMS keep track of operations on the database






Create login session when user log in
Keep track of sequence of database interactions from the time
of logging in to the time of logging out
When user log in, the DBMS record the user’s account and
associate it with the terminal from with the terminal from
which the user logged on
All operations applied from that terminal are attributed to the
user’s account until the log off
Keep track of the update operation
If the database is tampered with, the DBA can find out which
user did the tampering
System log





Keep track of operations on system log
System log includes an entry for each operation applied to the
database that may be required for recovery from a transaction
failure or system crash.
If have any tampering with database, a database audit is
performed, which consists of reviewing the log to examine all
accesses and operations applied to the database during a
certain time period.
When illegal or unauthorized is found, the DBA can determine
the account user
Database audits is important for sensitive databases that are
updated by many transactions and users. Audit trail is a database log
that used mainly for security purposes.
Discretionary Access control Based on
Granting and Revoking Privilege

Type of Discretionary Privilege


Account level: the DBA specifies the
particular privilege that each account holds
independently of the relations in the database
Relation level: the DBA/owner can control
the privileges to access each individual
relation or view in the database
Account level
Relation level
SQL




SELECT privilege on R:
MODIFY privileges on R:
REFERENCES privileges on R:
**Remark: create view, the account
must have select privilege on all
relations in invoked in view definition.
Specifying Privilege using VIEW

Important method to limiting users to
manipulate data



If user A want user B to be able to retrieve
only some field of relation R (create by A)
Then A can a view V of R that includes only
some attributes
And then grant SELECT on V to B
Grant privilege


Grant operation on Table/View to User
with grant option
Example




GRANT select ON emp to tori;
GRANT select ON empcom to nok with grant
option;
GRANT update on emp (salary) to tori;
GRANT all on emp to nok with grant option;
example





Tori : Grant select on student to Hana;
Hana: Select * from Tori.student;
Tori : Grant select, update on student to kawa
with grant option;
Kawa: Grant select on student to Nara with grant
option;
Question: Can Nara grant her privilege to others?


If No, why?
If yes, what privilege nara can grant to other users?
Syntax for create view by SQL
(oracle)
CREATE VIEW View_name AS SELECT col1,col2,…,coln
FROM table1,…,tablen WHERE condition;
EXAMPLE
DEPT (DEPTNO, DNAME, LOC)
EMP (EMPNO, ENAME, JOB, MGR, SAL, COMM, DEPTNO)
CREATE VIEW EMPCOM
AS Select Empno , Ename, Sal, Comm, E.DeptNo, Dname
FROM EMP E, DEPT D
WHERE E.DeptNo = D.DeptNo and Comm > 0;
EMPCOM
EMPCOM (Empno , Ename, Sal, Comm, DeptNo, Dname)
Revoking Privileges


Purpose for canceling privileges
REVOKE operation on table/view/object from
USER

Example


REVOKE select on EMP from tori;
REVOKE select on EMPCOM from tori;
Propagation of Privileges using
the Grant Option


User A create table R (A is owner of R)
GRANT




REVOKE



User A grants Privilege on R to User B with grant option (mean B can
also grant that privilege on R to other accounts).
User B give grant privilege to User C with grant option
This mean privilege on R can propagate to other accounts without the
knowledge of the owner of R
If A revoke privilege on R from B.
All privilege that B propagated should automatically be revoked by the
system.
User receive a certain privilege from two or more sources.




A2 and A3 give certain UPDATE privilege on R To A4
IF A2 revokes the privilege from A4
A4 will still continue to have to privilege by virtual grant from A2
IF A3 revokes the privilege, the A4 totally lose the privilege on R
Role-based Access control (RBAC)


RBAC emerged rapidly in 1990s
A proven technology for managing and
enforcing security in large scale
enterprisewide system.
Example

ORACLE


System level role provide by oracle has 3 roles: CONNECT,
RESOURCE, and DBA
Create Role



Create role role_name not identified
Create role role_name identified by password
Example







CREATE role APPL_ROLE not identified
GRANT connect to APPL_ROLE
GRANT resource to APPL_ROLE
GRANT select on student to APPL_ROLE
GRANT select, update on student to APPL_ROLE
GRANT APPL_ROLE to TORI
REVOKE update on student from APPL_ROLE