8 Database Security

DATABASE SYSTEMS

Nguyen Ngoc Thien An

FUNCTIONAL DEPENDENCIES & NORMALIZATION

Spring 2014

Contents 2

Introduction to Database Security

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Encryption & Public Key Infrastructure (PKI)

Common Attacks on Databases

SQL Injection

Challenges of Database Security

Reading Suggestion: [1] Chapter 24

Contents 3


Database Security Issues

Threats to Databases

Countermeasures

Database Security Mechanisms

Database Security and the DBA

Access Protection, User Accounts, and Database

Audits

Sensitive Data

Database Security Issues 4

Legal and ethical issues: privacy issues.

Policy issues: what a government or corporate entity allows or disallows.

System-related issues: handle a security issue at hardware, OS, DBMS level.

The need to identify multiple security levels: identify security levels and categorize the data and users based on these classifications (e.g.: top secret, secret, confidential, and unclassified).

Threats to Databases 5

Threats: Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.

Threats to:

Computer systems.

Databases.

Threats to databases:

Loss of integrity.

Loss of availability.

Loss of confidentiality.

6

Threats to Computer Systems

7

Scope of Data Security Needs

•Must protect databases & the servers on which they reside

•Must administer & protect the rights of internal database

users

•Must guarantee the confidentiality of ecommerce

customers as they access the database

•With the Internet continually growing, the threat to data

traveling over the network increases exponentially

Contents 8




Countermeasures




Audits

Sensitive Data

Countermeasures (1) 9

To protect databases against these types of

threats, four main kinds of countermeasures

(control measures) can be implemented:

Access control.

Inference control.

Flow control.

Data encryption.


Access Control

The security mechanism of a DBMS which must include provisions for restricting access to the database as a whole. Authentication: a mechanism that determines

whether a user is who he or she claims to be.

Authorization: granting a right or privilege, which enables a subject to legitimately have access to a system or a system’s objects.

Access control is handled by creating user accounts and passwords to control login process by the DBMS.


Inference Control

The countermeasures to statistical database security problem.

Statistical databases: used to provide statistical information or summaries of values based on various criteria.

Statistical database security must ensure: Information about individuals cannot be accessed.

Cannot deduce or infer certain facts concerning individuals from queries that involve only summary statistics on groups.


Flow control

Prevent information from flowing in such a way

that it reaches unauthorized users.

Covert channels: channels that are pathways for

information to flow implicitly in ways that violate

the security policy of an organization.


Data encryption

Protect sensitive data (e.g.: credit card numbers)

that is being transmitted via some type

communication network.

The data is encoded using some encoding

algorithm.

An unauthorized user who access encoded data

will have difficulty deciphering it, but authorized

users are given decoding or decrypting algorithms

(or keys) to decipher data.

Contents 14




Countermeasures




Audits

Sensitive Data

Database Security Mechanisms 15

A DBMS typically includes a database

security and authorization subsystem that

is responsible for ensuring the security

portions of a database against unauthorized

access.

Two types of database security mechanisms:

Discretionary security mechanisms.

Mandatory security mechanisms: users at certain

classifications can access certain data.

Database Security and the DBA (1) 16

The database administrator (DBA) is the

central authority for managing a database

system.

The DBA’s responsibilities include:

Granting privileges to users who need to use the

system.

Classifying users and data in accordance with the

policy of the organization.

The DBA is responsible for the overall security

of the database system.

Database Security and the DBA (2) 17

The DBA has a DBA account in the DBMS.

Also called a system or superuser account.

These accounts provide powerful capabilities such as:

1. Account creation.

2. Privilege granting.

3. Privilege revocation.

4. Security level assignment.

Action 1 is access control, whereas 2 and 3 are discretionary and 4 is used to control mandatory authorization.

Access Protection, User Accounts,

and Database Audits (1) 18

Whenever a person or a group of persons

needs to access a database system, the

individual or group must first apply for a user

account.

The DBA will then create a new account id and

password for the user if if there is a legitimate

need to access the database.

The user must log in to the DBMS by entering

account id and password whenever database

access is needed.



The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session.

Modify system log to keep a record of all updates applied to the database and of the particular user who applied each update.

System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash.



If any tampering with the database is

suspected, a database audit is performed.

A database audit consists of reviewing the log to

examine all accesses and operations applied to

the database during a certain time period.

A database log that is used mainly for security

purposes is sometimes called an audit trail.

Sensitive Data (1) 21

Sensitivity of data is a measure of the importance assigned to the data by its owner for the purpose of denoting its need for protection.

Factors making data sensitive:

Inherently sensitive.

From a sensitive source.

Declared sensitive.

A sensitive attribute or sensitive record.

Sensitive in relation to previously disclosed data.

Sensitive Data (2) 22

Information Security vs. Information Privacy:

Information Security: refer to many aspects of

protecting a system from unauthorized use,

including authentication of users, information

encryption, access control, firewall policies, and

intrusion detection.

Information Privacy: the ability of individuals to

control the terms under which their personal

information is acquired and used.

Privacy Issues and Privacy Preservation.

Contents 23







SQL Injection


Contents 24

Discretionary Access Control

Account Level Privileges

Relation Level Privileges

Use Views

Propagation of Privileges

Trojan Horse Example

DAC 25


The typical method of enforcing discretionary access

control in a database system is based on the

granting and revoking privileges.

User can protect what they own.

Owners, DBA or selected users may grant access to others.

Owners, DBA or selected users can define the types of

access (read/write/execute/…) given to others.

In SQL:

Use GRANT statement for granting privileges.

Use REVOKE statement for revoking privileges.

DAC - Types of Privileges 26

Types of discretionary privileges:

The account level (or system level)

At this level, the DBA specifies the particular privileges

that each account holds independently of the relations

in the database.

The relation level (or table level)

At this level, the DBA can control the privilege to

access each individual relation or view in the

database.

DAC - Account Level 27

The privileges at the account level apply to the capabilities provided to the account itself.

E.g.:

The CREATE SCHEMA or CREATE TABLE privilege, to create a schema or base relation.

The CREATE VIEW privilege.

The ALTER privilege, to apply schema changes such adding or removing attributes from relations.

The DROP privilege, to delete relations or views.

The MODIFY privilege, to insert, delete, or update tuples.

The SELECT privilege, to retrieve information from the database by using a SELECT query.

DAC - Relation Level (1) 28

Privileges at the relation level specify for each user the individual relations on which each type of command can be applied. Some privileges also refer to individual columns (attributes)

of relations.

Access Matrix Model: an authorization model for discretionary privileges. The rows of a matrix M represent subjects (users,

accounts, programs).

The columns represent objects (relations, records, columns, views, operations).

Each position M(i,j) in the matrix represents the types of privileges (read, write, update,…) that subject i holds on object j.


O1 … Oi … Om

S1 A[s1,o1] A[s1,oi] A[s1,om]

…

Si A[si,o1] A[si,oi] A[si,om]

…

Sn A[sn,o1] A[sn,oi] A[sn,om]


To control the granting and revoking of relation

privileges, for each relation R in a database:

Its owner is given all privileges on that relation.

The owner account holder can pass privileges on

any of the owned relation to other users by

granting privileges to their accounts.

The owner account holder can also take back the

privileges by revoking privileges from their

accounts.


Types of privileges can be granted on each

relation R:

SELECT (retrieval or read) privilege:

Give the retrieval privilege to the account .

The SELECT statement is used to retrieve tuples from R.

MODIFY privileges on R:

Give the account the capability to modify tuples of R.

Divided into UPDATE, DELETE, and INSERT privileges to

apply the corresponding SQL command to R.

INSERT and UPDATE privileges can be granted on only

certain attributes.


Types of privileges can be granted on each

relation R (cont.):

REFERENCES privilege on R:

Give the account the capability to reference relation R

when specifying integrity constraints.

The privilege can also be restricted to specific

attributes.

Notice: to create a view, the account must

have SELECT privilege on all relations

involved in the view definition.

Contents 33




Use Views



DAC - Use Views 34

Specifying privileges through the use of views is an

important discretionary authorization mechanism in its

own right.

E.g.:

If the owner A of a relation R wants another account B to

be able to retrieve only some fields of R,then A can create

a view V of R that includes only those attributes and then

grant SELECT on V to B.

The same applies to limiting B to retrieving only certain

tuples of R. A view V’ can be created by defining the view

by means of a query that selects only those tuples from R

that A wants to allow B to access.

Contents 35




Use Views



DAC - Propagation of Privileges (1) 36

Propagation of account level privileges:

Whenever an authorized user A grants an account level privilege to a user B, this privilege can be given to B with or without the ADMIN OPTION.

If the ADMIN OPTION is given, this means that B can also grant that privilege to other accounts with or without ADMIN OPTION.

User A does not know about the propagation of that privilege to other users.

If the privilege is revoked from B, then accounts who have received that privilege from B still hold that privilge.


Propagation of relation level privileges:

Whenever an authorized user A grants a privilege on a relation R to a user B, this privilege can be given to B with or without the GRANT OPTION.

If the GRANT OPTION is given, this means that B can also grant that privilege on R to other accounts with or without GRANT OPTION.

User A does not know about the propagation of that privilege on R to other users.

If the privilege on R is revoked from B, then that privilege on R is also revoked automatically from accounts who have received it from B.


Techniques to limit the propagation of privileges have been developed, although they have not yet been implemented in most DBMSs and are not a part of SQL.

Limiting horizontal propagation to an integer number i means that an account B given the GRANT OPTION can grant the privilege to at most i other accounts.

Limiting vertical propagation is more complicated. It limits the depth of the granting of privileges.


Limit

horizontal

propagation


Limit

vertical

propagation

DAC - An Example (1) 42

Suppose that the DBA creates 4 accounts: A1, A2,

A3, A4.

For only A1 to be able to create base relations, DBA

must issue the following GRANT command in SQL:

GRANT CREATETAB TO A1;

DBA creates schema EXAMPLE and grants privileges

on it to A1:

CREATE SCHEMA EXAMPLE AUTHORIZATION A1;


A1 can create tables under the schema EXAMPLE.

A1 creates the 2 relations EMPLOYEE and DEPARTMENT so that A1 is the owner of these relations and hence have all the relation privileges on each of them.


A1 wants to grant A2 the privilegea to insert and

delete tuples in both of these relations but does not

want A2 to be able to propagate these privileges to

other accounts:

GRANT INSERT, DELETE

ON EMPLOYEE, DEPARTMENT TO A2;

A1 wants to allow A3 to retrieve information from

either of the two tables and also to be able to

propagate the SELECT privilege to other accounts.

GRANT SELECT ON EMPLOYEE, DEPARTMENT

TO A3 WITH GRANT OPTION;


A3 can grant the SELECT privilege on the

EMPLOYEE relation to A4:

GRANT SELECT ON EMPLOYEE TO A4;

Notice that A4 cannnot propagate the SELECT

privilege because GRANT OPTION was not

given to A4.


A1 decides to revoke the SELECT privilege on

EMPLOYEE from A3:

REVOKE SELECT ON EMPLOYEE FROM A3;

The DBMS must now automatically revoke the

SELECT privilege on EMPLOYEE from A4,

because A3 granted that privilege to A4 and A3

does not have the privilege any more.


A1 wants to give back A3 a limited capability to SELECT from the EMPLOYEE relation and allow A3 to be able to propagate the privilege.

The limitation is to retrieve only the NAME, BDATE, and ADDRESS attributes and only for the tuples with DNO = 5.

A1 then creates the view: CREATE VIEW A3_EMPLOYEE AS

SELECT NAME, BDATE, ADDRESS

FROM EMPLOYEE WHERE DNO = 5;

After the view is created, A1 can grant SELECT on the view A3_EMPLOYEE to A3 as follows:

GRANT SELECT ON A3_EMPLOYEE

TO A3 WITH GRANT OPTION;


A1 wants to allow A4 to update only the SALARY attribute of

EMPLOYEE:

GRANT UPDATE ON EMPLOYEE (SALARY) TO

A4;

The UPDATE and INSERT privileges can specify particular

attributes that may be updated or inserted in a relation.

Other privileges (SELECT, DELETE) are not attribute specific.

Contents 49




Use Views



DAC 50

Advantages

Govern the access to the information on the basic of discretionary protection policies flexible.

Suitable for various types of systems and applications.

Be widely used in a variety of implementations, especially in the commercial and industrial environments.

Disadvantages

The main drawback is vulnerability to malicious attacks:

Allow information from an object which can be read by a subject to be written to any other objects. E.g.: Bob is denied access to file A, so he asks cohort Alice to copy A

to B that he can access.

Suppose the users are trusted not to do this deliberately, it is still possible for Trojan Horses to copy information from one object to another.

Trojan Horse Example (1) 51

Contents 54







SQL Injection


Contents 55

Mandatory Access Control

Bell-LaPadula Model

Multilevel Relation

Comparing DAC and MAC

MAC - Introduction 56

DAC has traditionally been the main security mechanism for relational database systems.

All-or-nothing method: A user either has or does not have a certain privilege.


Applied to large amounts of information requiring strong protect in environments where both the system data and users can be classified clearly.

A mechanism for enforcing multiple level of security: classify data and users based on security classes.

It would typically be combined with the DAC.

MAC - Bell-LaPadula Model 57

Bell-LaPadula Model

Common multilevel security model.

Classify each subject (user, account, program) and object (relation, tuple, column, view, operation) into one security classification. Class(S): clearance (classification) of a subject S.

Reflect the user’s degree of trust.

Class(O): classification of an object O. Reflect the sensitivity of the information.

Grant access to data based on subject clearance and object classification.

Principles: no read-up & no write-down secrecy.

MAC - Classification Levels 58

Typical classification levels are:

Top secret (TS)

Secret (S)

Confidential (C)

Unclassified (U)

Where TS is the highest level and U is the

lowest:

TS ≥ S ≥ C ≥ U

MAC - Properties 59

Simple security property (ss-property): A subject S is not allowed to read an object O unless

class(S) ≥ class(O)

No read-up

Star property (or * property): A subject S is not allowed to write an object O unless

class(S) ≤ class(O)

No write-down

These restrictions together ensure that there is no direct flow of information from high secure objects to low ones!!!

MAC - Why Star Property? (1) 60

Contents 63


Bell-LaPadula Model

Multilevel Relation


MAC - Multilevel Relation (1)

Multilevel relation: MAC + relational database model

Deal with multilevel data.

Data objects: attributes, tuples.

A multilevel relation is represented by a schema:

R (A1,C1,A2,C2, …, An,Cn,TC) Each data attribute Ai is associated with a classification

attribute Ci .

Each tuple is associated with a tuple classification attribute TC.

TC is equal to the highest of all attribute classification values.

The apparent key of a multilevel relation is the set of attributes that would have formed the primary key in a regular (single-level) relation.

64

MAC - Multilevel Relation (2) 65

Subjects with different classes may retrieve

data from a multilevel relation but will see

different versions that data.

EMPLOYEE S > C > U

Name Salary JobPerformance TC

Smith U 40000 C Fair S S

Brown C 80000 S Good C S


A user with security level S

EMPLOYEE S > C > U




SELECT * FROM EMPLOYEE




A user with security level C

EMPLOYEE S > C > U





Smith U 40000 C Null C C

Brown C Null C Good C C


A user with security level U

EMPLOYEE S > C > U





Smith U Null U Null U U

MAC - Multilevel Relation (6)

A multilevel relation appears to contain

different data to subjects with different

clearance levels.

It may store a single tuple at a higher

classification level and produce the corresponding

tuples at lower-level classifications through a

process known as filtering.

Sometimes it must store two or more tuples at

different classification levels with the same

apparent key value.

69


Integrity rules for multilevel relation:

Entity integrity.

Null integrity and interinstance integrity.

Polyinstantiation.


Entity integrity

All attributes that are members of the apparent key:

Must not be null.

And must have the same security classification within each

individual tuple.

All the other attribute values in the tuple:

Must have a security classification greater than or equal to

that of the apparent key.

This constraint ensures that a user can see the key if

the user is permitted to see any part of the tuple at all.


Null integrity and interinstance integrity

Ensure that if a tuple value at some security level

can be filtered (derived) from a higher-classified

tuple, then it is sufficient to store the higher-

classified tuple in the multilevel relation.

Polyinstantiation

Where several tuples can have the same

apparent key value but have different attribute

values for users at different classification levels.


A user with security level C




Smith U 40000 C Null C C

Brown C Null C Good C C

A user with security level C tries to update the value of

JobPerformance of Smith to ‘Excellent’:

UPDATE EMPLOYEE

SET JobPerformance = ‘Excellent’

WHERE Name = ‘Smith’;

Errors?




Smith U 40000 C Excellent C C


Contents 75


Bell-LaPadula Model

Multilevel Relation


DAC vs. MAC 76

Mandatory policies:

Ensure a high protection degree by preventing

any illegal flow of information.

Being too rigid Only applicable in limited

environments.

Discretionary policies:

Offer a better trade-off between security and

applicability.

Be preferred in many practical situations.

Contents 77







SQL Injection


RBAC (1) 78


A viable alternative to traditional DAC and MAC.

Emerged rapidly in the 1990s as a proven

technology for managing and enforcing security in

large-scale enterprisewide systems.

Many DBMSs have allowed the concept of roles,

where privileges can be assigned to roles.

RBAC (2) 79


Permissions are associated with roles, and users

are assigned to appropriate roles.

Roles can be created using the CREATE ROLE

and DESTROY ROLE commands.

The GRANT and REVOKE commands are used

to assign and revoke privileges from roles.

Role hierarchy in RBAC is a natural way of

organizing roles to reflect the organization’s lines

of authority and responsibility.

Contents 80







SQL Injection


Contents 81


Terminology

Classification

DES, AES, RSA

Digital Signatures

Public Key Infrastructure

Encryption - Terminology 82

Encryption / Decryption: the process of the making /

breaking of “secret codes”.

Cipher: an algorithm for performing encryption or

decryption.

Plaintext: a message input needing protecting. It may

or may not be intelligible.

Ciphertext: the result of encryption performed on

plaintext.

Cryptosystem = encryption + decryption algorithms.

Encryption and decryption processes need keys.

Encryption - Classification (1)

Symmetric cryptosystems: 𝐾𝐸 = 𝐾𝐷

Asymmetric cryptosystems: 𝐾𝐸 ≠ 𝐾𝐷

83

Cryptosystem

Hello, This content is confidential …................... 01000100…….. ….

À¿¾«§¶

………………… ………………… …..

Encryption

Decryption

KE

KD

Plaintext Ciphertext

http://salesmenafoot.com/wp-content/uploads/2011/04/good-salesmen-know-how-to-take-advantage-of-emotions.jpg

http://salesmenafoot.com/wp-content/uploads/2011/04/good-salesmen-know-how-to-take-advantage-of-emotions.jpg

http://www.bostonherald.com/blogs/sports/rap_sheet/wp-content/uploads/2009/11/question-marks2.jpg

Encryption - Classification (2) 84

Asymmetric cryptosystems Also called Public-key cryptosystems.

Use two different keys for (en/de)cryption algorithms. Public key & Private key.

More secure but expensive in terms of computational costs.

Symmetric cryptosystems Use the same key for (en/de)cryption algorithms. Symmetric key = Shared-secret-key.

Faster than encryption and decryption in public-key cryptosystems.

Less security comparing to encryption and decryption in public-key cryptosystems.

Encryption - Classification (3)

Symmetric cryptosystems:

Stream ciphers: A5/1, RC4.

Block ciphers: DES, Triple DES, AES.

Asymmetric cryptosystems:

RSA, DSA.

Secret Key Establishment.

Digital Signatures.

Digital Certificate.

85

Contents 86


Terminology

Classification

DES, AES, RSA

Digital Signatures


Encryption - DES 87

DES (Data Encryption Standard)

Published by the USA’s National Bureau of Standards (NBS).

Be used as the encryption standard for unclassified data (information not concerned with national security).

A message is divided into 64-bit blocks.

Key: 56 bits Brute-force (exhaustive key search) attack in some hours Today, it’s too small.

Triple DES: run the DES algorithm a multiple number of times using different keys

Encryption: 𝒄 ← 𝓔𝒌𝟏(𝓓𝒌𝟐(𝓔𝒌𝟏(𝒎)))

Decryption: 𝒎 ← 𝓓𝒌𝟏(𝓔𝒌𝟐(𝓓𝒌𝟏(𝒄)))

The triple DES can also use three different keys.

Encryption - AES 88

AES (Advanced Encryption Standard / Rijndael) Chosen and introduced by the National Institute of

Standards and Technology (NIST) (known as NBS before).

Be secure and can be implemented efficiently.

The new encryption standard to replace for DES and multiple encryption (as Triple DES) Reduce the cost of managing keys.

Simplify the design of security protocols and systems.

A block cipher with a variable block size and variable key size. The key size and the block size can be independently

specified to 128, 192 or 256 bits

The enlarged and variable key and data-block sizes can accommodate a wide spectrum of security strengths for various application needs.

Encryption - RSA 89

RSA (named after 3 inventors Rivest, Shamir

and Adleman)

Public key is used for encrytion.

Private key is used for decrytion.

Encryption - Hybrid Scheme 90

Hybrid scheme

Asymmetric technique: establish a symmetric key.

Symmetric technique: encrypt data by that

symmetric key.

Sender Receiver

Encrypted message

using a symmetric key

Use public key of receiver

to encrypt the message

encryption key

Contents 91


Terminology

Classification

DES, AES, RSA

Digital Signatures


Digital Signatures (1) 92

Digital Signature: a message signed with a user's private key and can be verified by anyone who has access to the user's public key.

Thus: Authentication: Anyone with the user’s public key can verify

his digital signature Easy to verify who is the owner of the message.

Data integrity: The message cannot be modified without being detected during decryption time Verify whether the message is modified or not.

Non-repudiation: Only the holder of the private key can digitally sign Prevent the sender from claiming that he did not actually send the information.


Simple Digital Signatures


Secure Digital Signatures

Contents 95


Terminology

Classification

DES, AES, RSA

Digital Signatures


Public Key Infrastructure (1) 96

Public Key Infrastructure (PKI) The sum total of everything required to securely use

public key crypto.

Digital Certificate Also called Identity Certificate, or Public Key

Certificate.

An electronic document which is used to verify that a public key belongs to an individual.

Use a digital signature to bind a public key with an identity.

In most situations the certificate must be signed by a Certificate Authority (CA), which acts as a trusted third party.


Each digital certificate contains basic information:

The owner’s identity: information such as the name of a person or an organization, their address or their server address, and so forth.

The owner’s public key.

The date of issue of the certificate.

Valid time (‘Valid From’ and ‘Valid To’ dates).

Name and URL of the CA.

The digital signature of the issuing CA.

CA


Sender S Receiver R

Certificate Authority

(CA)

Encrypted message

using a symmetric key

Use R’s public key to

encrypt the message

encryption key

3 - Send data 4 - Receive

data &

decrypt it

TRUSTED

How does PKI work?


A digital certificate can be revoked if:

Its private key is compromised.

The relationship of the public key and the

owner is changed.

A certificate was issued in error.

Use the Certificate Revocation List.

The largest commercial source for certificates

is VeriSign.

Contents 100







SQL Injection


Common Attacks on Databases 101

Some of quite frequent attacks on databases:

Unauthorized Privilege Escalation.

Privilege Abuse.

Denial of Service (DOS attack).

Weak Authentication.

SQL Injection.

Contents 102







SQL Injection


SQL Injection (1) 103

SQL Injection Attack

Web programs and applications that access a

database can send commands and data to the

database.

The attacker injects a string input through the

application, which changes or manipulates the

SQL statement to the attacker’s advantage.

Most commonly done directly through web forms, but

can be directed through URL hacking.


SQL Injection

Exploit a security vulnerability in application.

Authentication bypass, information disclosure,

compromised data integrity.

Harm the database

Unauthorized manipulation of the database, or

retrieval of sensitive data.

Execute system level commands that may cause

the system to deny service to the application.


Consider an embedded code: $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘ “$_INPUT(‘prod_search’)” ’ ”

User enters the following:

blah’ OR ‘x’ = ‘x’

SQL statement created:

SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’ OR ‘x’ = ‘x’;


A more serious problem, a user enters: blah'; DROP TABLE prodinfo;

SQL statement created: SELECT prodinfo FROM prodtable WHERE

prodname = ‘blah’; DROP TABLE prodtable;

Another example: SELECT * FROM Users WHERE username =

‘John’ and (PASSWORD = ‘JohnPass’ or ‘x’ = ‘x’);

Contents 107







SQL Injection


Challenges of Database Security (1)

108

Data Quality

Need techniques and organizational solutions to

assess and attest the quality of data.

Need techniques providing more effective integrity

semantics verification.

Need tools for the assessment of data quality.

Intellectual Property Rights

Digital watermarking techniques.

Challenges of Database Security (2)

109

Database Survivability: Database systems need to operate and continue their functions, even with reduced capabilities, despite disruptive events such as information warfare attacks.

Confinement.

Damage assessment.

Reconfiguration.

Repair.

Fault treatment.

Q & A 110

8 Database Security

Documents

Transcript of 8 Database Security