Transcript II.I Selected Database Issues: 1

3C13/D6
II. Selected Database Issues
Part 1: Security
Lecture 3
Lecturer: Chris Clack
II.I Selected Database Issues: 1 - Security
Slide 1/23
1. Content
Content
3.1 Objectives
3.2 DBMS and Web security
- 3.2.1 Proxy servers
-
3.2.2 Firewalls
3.2.3 Message digest algorithms and digital signatures
3.2.4 Digital certificates
3.2.5 Kerberos
3.2.6 Secure sockets layer and secure HTTP
3.2.7 Secure electronic transactions and secure technology
3.2.8 Java security
3.2.9 ActiveX security
II.I Selected Database Issues: 1 - Security
Slide 2/23
3.1 Objectives
Objectives
In this Lecture you will learn:
1.
Approaches for securing a DBMS on the Web
II.I Selected Database Issues: 1 - Security
Slide 3/23
3.2 DBMS and Web Security
II.I Selected Database Issues: 1 - Security
Slide 4/23
3.2 DBMS and Web security
DBMS and Web security
•
Internet communications rely on TCP/IP as the underlying protocol.
These, along with HTTP were not designed with security in mind.
•
Without special software all information is traveling ‘in the clear ’
(anyone monitoring it can read it)
•
This form of attack is easy with freely available `packet sniffing’
software.
Need to transmit and receive information while ensuring:
1. Privacy: it is inaccessible to anyone but the sender and receiver
2. Integrity: it has not been changed during transmission
3. Authenticity: the receiver can be sure it came from the sender
4. Non-fabrication: the sender can be sure the receiver is genuine
5. non-repudiation: the sender cannot deny he or she sent it
II.I Selected Database Issues: 1 - Security
Slide 5/23
3.2 DBMS and Web security
DBMS and Web security
Once information reaches the Web server, it needs to be
protected
Need to ensure secured access to and of the database, given
the popular three-tier architecture in a Web environment.
Need to watch executable content: HTML pages may contain
ActiveX controls, JavaScript/ VBScript.
II.I Selected Database Issues: 1 - Security
Slide 6/23
3.2 DBMS and Web security
DBMS and Web security
Executables can perform the following malicious actions,
measures need to be taken to prevent them:
•
•
•
•
•
•
•
corrupt data or the execution state of a program
reformat complete disks
perform a total system shutdown
collect and download confidential data, such as files or
passwords to other sites
usurp identity and impersonate the user or user’s
computer to attack other targets on the network
Lock up resources making them unavailable for legitimate
users and programs
cause non-fatal but unwelcome effects, especially on
output devices
II.I Selected Database Issues: 1 - Security
Slide 7/23
3.2 DBMS and Web security
Web Proxy Servers
Web proxy server: in a Web environment it is a
computer that sits between a Web browser and a Web
server. It intercepts all requests to the Web server to see
if it can fulfill them itself if not then it forwards them on.
two main purposes:
1. Improve Performance: It saves the results of all
requests for a certain amount of time. Much faster.
2. Filter requests: an organisation may want to prevent its
employees from accessing a certain set of Web sites, a proxy server
can do this.
II.I Selected Database Issues: 1 - Security
Slide 8/23
3.2 DBMS and Web security
Fire Walls
Firewall: A system designed to prevent unauthorized access or to form a
private network. Can be implemented in hardware or software or both.
Frequently used to stop unauthorized internet users accessing an intranet.
All messages attempting to enter or leave the private network must pass its
security criteria to pass through it.
Standard security advice: Web servers are unconnected to any in-house
networks and regularly backed up.
Firewall technology can help prevent unauthorized access when the Web
server has to be connected to an internal network.
II.I Selected Database Issues: 1 - Security
Slide 9/23
3.2 DBMS and Web security
Fire Walls
Several types of Firewall technique:
• Packet Filter: looks at each packet entering/leaving the network and
accepts/rejects based on user defined rules. Fairly effective. Transparent to users.
Difficult to configure. Susceptible to ‘IP spoofing‘ . Can degrade performance.
• Application gateway: applies security mechanisms to specific applications,
i.e. Telnet and FTP. Effective but can degrade performance.
• Circuit-level gateway: applies security mechanisms when a TCP or UDP
(User Datagram Protocol) connection is established. Once connection is made,
packets flow freely between hosts without further checking.
•Proxy server: intercepts all messages entering/leaving network. In effect hides
the true network addresses. (cf. Web Proxy Server)
In practice many firewalls provide more than one technique. First line of defense in
protecting private information. For greater security, data should be encrypted.
II.I Selected Database Issues: 1 - Security
Slide 10/23
3.2 DBMS and Web security
Message digest algorithms
‘Message digest algorithm’
or ‘one-way hash function’ :
takes arbitrary sized string (message) and generates a fixed
length string (the digest or hash).
A digest has the following characteristics:
•it should be computationally infeasible to find another
message that will generate the same digest.
•the digest reveals nothing about the message.
II.I Selected Database Issues: 1 - Security
Slide 11/23
3.2 DBMS and Web security
Digital signatures
‘Digital signature’ consists of two parts:
1. a string of bits computed from the data that is being signed’
2. the private key of the individual or organization giving the
signature.
The signature can be used to verify the data came from the individual or
organization. Its useful properties are:
•
•
•
•
its authenticity can be verified, using a computation based on the
corresponding public key
it cannot be forged (assuming the private key is kept secret)
it cannot be claimed to be the signature for any other data
the signed data cannot be changed, otherwise the signature will no
longer verify the data as being authentic
II.I Selected Database Issues: 1 - Security
Slide 12/23
3.2 DBMS and Web security
Digital Certificate
Digital certificate: Attachment to electronic message used for security
purposes (e.g. verify user sending message). Provides receiver with
means to encode reply.
1.
2.
3.
4.
5.
Sender applies for certificate from Certificate Authority (CA).
CA issues encrypted certificate containing applicants public key and other
identification information.
CA makes its own public key readily available.
Recipient uses CA’s public key to decode certificate attached to message, verifies
it as issued by CA.
Recipient obtains senders public key and identification information held within
certificate. With this information, recipient can send an encrypted reply.
CA’s role is critical, acting as go-between. As the clients and servers may
not yet have established mutual trust yet both want to have a secure session.
II.I Selected Database Issues: 1 - Security
Slide 13/23
3.2 DBMS and Web security
Kerberos
‘Kerberos’: A server of secured user names and passwords
(named after the three-headed monster in Greek mythology that
guarded the gates of hell).
Provides one centralized security server for all data and
resources on network: Database access, login, authorization
control, and other security features.
Has similar function to that of Certificate server: to identify and
validate a user.
II.I. Selected Database Issues: 1 - Security
Slide 14/23
3.2 DBMS and Web security
Secure sockets layer (SSL)
‘Secure sockets layer (SSL)’:
Encryption protocol for transmitting private documents.
Designed to prevent eavesdropping, tampering, and message
forgery.
Works by using private key to encrypt data that is transferred over SSL
connection. (see http://developer.netscape.com/tech/security/ssl/howitworks.html )
Layered between application-level protocols such as HTTP and TCP/IP
transport-level protocol. Thus, may be used for other application-level
protocols such as FTP and NNTP.
Netscape and Internet Explorer support SSL. Used to gain credit card
information by many Web sites
II.I Selected Database Issues: 1 - Security
Slide 15/23
3.2 DBMS and Web security
secure HTTP
‘secure HTTP’: Protocol for securely transmitting individual
messages over Web. A modified version of the standard HTTP
protocol.
SSL and S-HTTP use techniques such as encryption, digital signatures, and:
• allow browsers and servers to authenticate each other
• allow controlled access to Web site
• ensure data exchanged between browser and server is secure and
reliable.
SSL creates a secure connection over which any amount of data can be
sent securely. S-HTTP transmits individual messages only. Complementary
rather than competing technologies.
II.I Selected Database Issues: 1 - Security
Slide 16/23
3.2 DBMS and Web security
Secure Electronic Transactions
(SET)
‘Secure Electronic Transactions (SET)’: Open, interoperable
standard for processing credit card transactions over Internet, in simple
and secure way.
To address privacy concerns, the transaction is split such that:
•
The merchant has access to information about:
•
what is being purchased,
•
•
how much it costs,
whether payment is approved,
But no information on
•
•
what payment method customer is using.
•
purchase price, payment method
•
type of merchandise involved.
The card issuer (e.g. Visa) has access to
Certificates are heavily
used by SET, both for
certifying cardholder and
for certifying that
merchant has relationship
with financial institution.
But no information on
II.I Selected Database Issues: 1 - Security
Slide 17/23
3.2 DBMS and Web security
Secure Electronic Transactions
(SET)
II.I Selected Database Issues: 1 - Security
Slide 18/23
3.2 DBMS and Web security
Java security
‘The Java Sandbox’: ensures untrusted application
cannot gain access to system resources.
Involves three components:
1. class loader
2. bytecode verifier
3. security manager
Safety features are provided by the language and the Java
Virtual Machine (JVM), and enforced by compiler and
runtime system.
II.I Selected Database Issues: 1 - Security
Slide 19/23
3.2 DBMS and Web security
Java security
1. Classloader
• Allocates (hierarchically structured) namespace for each class.
• Never allows class from less protected namespace to replace
class from more protected namespace.
• Thus, I/O primitives, defined in local Java class, cannot be
invoked or overridden by classes from outside local machine.
2. Bytecode verifier
•JVM verifies bytecode instructions before allowing application/
applet to run. Typical checks include verifying:
-
Compiled code is correctly formatted.
Internal stacks will not overflow/underflow.
No illegal data conversions will occur.
Bytecode instructions are appropriately typed.
All class member accesses are valid.
II.I Selected Database Issues: 1 - Security
Slide 20/23
3.2 DBMS and Web security
Java security
3. The Security Manager
Each Java application defines and implements its own security policy.
A Java-enabled browser contains its own Security Manager, and any
applets it downloads are subject to its policies.
Generally, downloaded applets are prevented from:
•Reading and writing files on clients file system.
•Making network connections to machines other than host.
•Starting other programs on the client.
•Loading libraries.
These restrictions apply to
Local applets are loaded
•Defining method calls. applets downloaded over
by file system loader and
Internet/intranet. Do not
apply to applets on clients
local disk and in directory on
CLASSPATH.
II.I Selected Database Issues: 1 - Security
can read and write files,
exit JVM, and are not
passed through the
bytecode verifier.
Slide 21/23
3.2 DBMS and Web security
ActiveX
The ActiveX security model: Considerably different from Java
applets in that it places no restrictions on what a control can do.
1. Each ActiveX control can be digitally signed by its author using
system called Authenticode.
2. Digital signatures are then certified by CA.
This security model places responsibility for the computers security on
the user.
Before the browser downloads an ActiveX control that has not been
signed or has been certified by an unknown CA it presents a dialog
box warning the user the action may be unsafe.
II.I Selected Database Issues: 1 - Security
Slide 22/23
3.3 Summary
Summary
3.2 DBMS and Web security









Proxy servers
Firewalls
Message digest algorithms and digital signatures
Digital certificates
Kerberos
Secure sockets layer and secure HTTP
Secure electronic transactions and secure technology
Java security
ActiveX security
NEXT
LECTURE:
Selected Database Issues 2:
Transaction Management:
- Concurrency
- Serializability
- Protocols to prevent conflict.
II.I Selected Database Issues: 1 - Security
Slide 23/23