Transcript Data Masking

ORACLE DATABASE SECURITY
Page-1
Oracle Database Security
Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Monitoring
• Oracle Audit Vault
• Oracle Configuration
Management
• Oracle Total Recall
Blocking and Logging
• Oracle Database Firewall
Page-2
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• TDE
• Summary
Page-3
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• TDE
• Summary
Page-4
Data Masking
• What is data masking? Data masking is the process of
replacing sensitive information with realistic data based
on masking rules.
• Why use data masking? Use data masking so that data can
be shared with nonproduction users such as testing
companies.
Page-5
Data Masking
EMPLOYEE_ID
DEPARTMENT_ID
PHONE_NUMBER
100 King
90 515.123.4567
105 Austin
60 590.423.4569
110 Chen
100 515.124.4269
EMPLOYEE_ID
Page-6
LAST_NAME
LAST_NAME
DEPARTMENT_ID
PHONE_NUMBER
468 Jefferies
90 510.555.1256
975 Smith
60 650.555.9753
396 Allen
100 925.555.3597
Data Masking: Features
• Uses an irreversible process to replace the sensitive
database based on masking rules
• Ensures that the original data cannot be retrieved,
recovered, or restored
• Enables you to define a central definition for common
data masking formats to be used with all databases
Page-7
Implementing Data Masking
Security
admin
DBA
Production
Page-8
Identify
sensitive
information
Clone
production
to staging
App
DBA
Create
masking
definitions
Staging
Create
data mask
formats
Execute
masking
job
Create
masking
definitions
Clone
staging
to test
Test
Data Masking
Page-9
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
– TDE
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• Summary
Page-10
Discretionary Access Control
GRANT SELECT ON emp TO JOE;
Joe
REVOKE SELECT ON emp FROM FRED;
Fred
How to secure row or column level?
Page-11
Oracle VPD
• A Virtual Private Database
application context and FGAC
(VPD)
combines
an
– Fine-grained access control: associate security policies to
database objects
– Application Context: define and access application or
session attributes
• Enforce business rules to limit row access
• Use a secure application context to provide highperformance resolution of user attributes
Page-12
Why VPD?
• Scalability
–
Table Customers contains 1,000 customer records. Suppose we
want customers to access their own records only. Using views, we
need to create 1,000 views. Using VPD, it can be done with a single
policy function.
• Simplicity
–
Say, we have a table T and many views are based on T. Suppose we
want to restrict access to some information in T. Without VPD, all
view definitions have to be changed. Using VPD, it can be done by
attaching a policy function to T; as the policy is enforced in T, the
policy is also enforced for all the views that are based on T.
• Security
–
–
Page-13
Server-enforced security (as opposed to application-enforced).
Cannot be bypassed. (There are two exceptional cases, though.)
How Fine-Grained Access Control Works
1.
2.
3.
4.
5.
The user accesses a table or view with a policy.
The data server calls the policy function.
The policy function returns a predicate.
The data server adds the predicate to the statement.
The data server executes the modified statement.
SELECT *
FROM orders;
becomes
Page-14
SELECT *
FROM orders
WHERE customer_id =
sys_context
('oeapp','cust_id');
Application Context
•
Application contexts act as secure caches of data that may be
used by a fine-grained access control policy.
–
–
•
Page-15
Upon logging into the database, Oracle sets up an application
context in the user’s section.
You can define, set and access application attributes that you
can use as a secure data cache.
There is a pre-defined application context, “userenv”.
Application Context
• One can create a customized application context and
attributes.
– Say, each employee can access a portion of the Customers
table, based on the job-position.
– For example, a clerk can access only the records of the
customers who lives in a region assigned to him. But a
manager can access any record.
– Suppose that the job-positions of employees are stored in
a LDAP server (or in the Employee table).
– Such information can be accessed and cached in an
application context when an employee logs in.
Page-16
VPD: Example
• Demo
Page-17
Agenda
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
– TDE
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• Summary
Page-18
Oracle Label Security
• Discretionary Access Control
GRANT SELECT ON emp TO JOE;
Joe
REVOKE SELECT ON emp FROM FRED;
Fred
Page-19
Oracle Label Security
SQL request
Select object
Discretionary
privilege granted?
access control
User clearance
dominates
data row label?
OLS access
mediation
X
X
Confidential
Location
Storage
OLS Label
Nevada
Conventional
Sensitive
Montana
Nuclear
Highly Sens.
Colorado
Medical
Confidential
– The objects in the database can have rows that are labeled
– Access to rows is restricted on the basis of Oracle Label Security
authorizations.
Page-20
How Sensitivity Labels Are Used
Users Top Secret
Authorizations
Data
Labels
Data sensitivity
Page-21
Access mediation
Secret
Oracle Label Security
• Demo
Page-22
Thank you !
Page-23