Transcript Introduction to Databases - Department of Software and Information

Security
Dale-Marie Wilson, Ph.D.
Why Database Security?

Data

Valuable resource
• Must be strictly controlled and managed
• Corporate resource
Have strategic importance
 Must be secure and confidential

Database Security

Mechanisms that protect database against
intentional or accidental threats
Does not only apply to data held in
database
 Security breaches may affect other parts
of system


Eventually affect database
Database Security

Involves measures to avoid:






Theft and fraud
Loss of confidentiality (secrecy)
Loss of privacy
Loss of integrity
Loss of availability
Threat

Any situation or event, intentional or
unintentional, that adversely affects system =>
organization
Summary of Threats to
Computer Systems
Typical Multi-user
Computer Environment
Countermeasures –
Computer-Based Controls

Concerned with physical controls to
administrative procedures and includes:







Authorization
Access controls
Views
Backup and recovery
Integrity
Encryption
RAID technology
Countermeasures –
Computer-Based Controls

Authorization
The granting of a right or privilege, which
enables a subject to legitimately have
access to a system or a system’s object
 Mechanism that determines whether user
is, who he/he claims

Countermeasures –
Computer-Based Controls

Access control


Granting/revoking of privileges
Privilege
Allows user to create or access (read,
write, modify) database object (relation,
view, index) or run DBMS utilities
 Granted to user to accomplish tasks
required for jobs

Countermeasures –
Computer-Based Controls

Discretionary Access Control (DAC)



Provided by most DBMS
Effective
Weakness
• Unauthorized user can trick authorized user into disclosing sensitive
data

SQL standard supports DAC


GRANT command


GRANT and REVOKE commands
Gives privileges to users
REVOKE command

Takes privileges from users
Countermeasures –
Computer-Based Controls

Mandatory Access Control (MAC)






Based on system-wide policies
Cannot be changed by individual users
Not supported by SQL standard
Each database object assigned a security class
Each user assigned a clearance for a security
class
Rules are imposed on reading and writing of
database objects by users
Countermeasures –
Computer-Based Controls

MAC
Determines whether user can read/write
object
 Based on rules of security level of object
and clearance of user
 Rules ensure sensitive data never ‘passed
on’ to another user without necessary
clearance

Bell-LaPudula Model




Each database object assigned security class
Each subject assigned clearance
Four classes:

Top secret (TS), Secret (S), Confidential (C), Unclassified (U)

TS > S > C > U
Two restrictions:
1.
Simple Security property
•
2.
Subject S is allowed to read Object O only if class(S) >= class(O)
*_Property
•
Subject S is allowed to write object O only if class(S) <= class (O)
Popular Model for MAC
called Bell-LaPudula
Countermeasures –
Computer-Based Controls



View
 dynamic result of one or more relational operations
operating on base relations to produce another relation
 Virtual relation
 Produced upon request by particular user, at time of request
Backup
 Process of periodically taking copy of database, log file,
programs to offline storage media
Journaling
 Process of maintaining log file/journal of all changes made
to database to enable effective recovery in event of failure
Countermeasures –
Computer-Based Controls

Integrity

Prevents invalid data
• Misleading or incorrect results

Encryption
Encoding of data by special algorithm
 Renders data unreadable by any program
without decryption key

RAID (Redundant Array of
Independent Disks)
Technology

DBMS hardware must be fault-tolerant
 Continues to operate even if one hardware components fails

Main hardware components include:
 Disk drives, disk controllers, CPU, power supplies, cooling
fans
 Disk drives most vulnerable component
• Has shortest times between failures of other hardware
components

Suggests having redundant components

Seamlessly integrated into working system whenever
component failure occurs
RAID (Redundant Array of
Independent Disks)
Technology



Large disk array comprising an arrangement of several
independent disks
Organized to improve reliability and increase performance
Performance
 Increased through data striping
• Data segmented into equal-size partitions (striping unit)
• Transparently distributed across multiple disks

Reliability
 Improved through storing redundant information across the
disks using parity scheme or error-correcting scheme
RAID (Redundant Array of
Independent Disks)
Technology

Different disk configurations aka RAID
levels








RAID 0 Nonredundant
RAID 1 Mirrored
RAID 0+1 Nonredundant and Mirrored
RAID 2 Memory-Style Error-Correcting Codes
RAID 3 Bit-Interleaved Parity
RAID 4 Block-Interleaved Parity
RAID 5 Block-Interleaved Distributed Parity
RAID 6 P+Q Redundancy
DBMS and Web Security
Internet communication relies on TCP/IP
 TCP/IP and HTTP not designed with
security in mind
 Without special software, all Internet
traffic travels ‘in the clear’
 Anyone who monitors traffic can read it

DBMS and Web Security

Must ensure while transmitting
information over the Internet that:





inaccessible to anyone but sender and receiver
(privacy);
not changed during transmission (integrity);
receiver can be sure it came from sender
(authenticity);
sender can be sure receiver is genuine (nonfabrication);
sender cannot deny he or she sent it (nonrepudiation).
DBMS and Web Security

Measures include:









Proxy servers
Firewalls
Message digest algorithms and digital signatures
Digital certificates
Kerberos
Secure sockets layer (SSL) and Secure HTTP (S-HTTP)
Secure Electronic Transactions (SET) and Secure
Transaction Technology (SST)
Java security
ActiveX security
How Secure Electronic
Transactions (SET) Works

Chapter 19