Security

Dale-Marie Wilson, Ph.D.

Why Database Security?

Data Valuable resource

• Must be strictly controlled and managed• Corporate resource

Have strategic importance Must be secure and confidential

Database Security

Mechanisms that protect database against intentional or accidental threats

Does not only apply to data held in database

Security breaches may affect other parts of systemEventually affect database

Database Security

Involves measures to avoid: Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability

Threat Any situation or event, intentional or

unintentional, that adversely affects system => organization

Summary of Threats to Computer Systems

Typical Multi-user Computer Environment

Countermeasures – Computer-Based Controls

Concerned with physical controls to administrative procedures and includes: Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology

Countermeasures – Computer-Based Controls

AuthorizationThe granting of a right or privilege, which

enables a subject to legitimately have access to a system or a system’s object

Mechanism that determines whether user is, who he/he claims

Countermeasures – Computer-Based Controls

Access controlGranting/revoking of privileges

Privilege Allows user to create or access (read,

write, modify) database object (relation, view, index) or run DBMS utilities

Granted to user to accomplish tasks required for jobs

Countermeasures – Computer-Based Controls

Discretionary Access Control (DAC) Provided by most DBMS Effective Weakness

• Unauthorized user can trick authorized user into disclosing sensitive data

SQL standard supports DAC GRANT and REVOKE commands

GRANT command Gives privileges to users

REVOKE command Takes privileges from users

Countermeasures – Computer-Based Controls

Mandatory Access Control (MAC) Based on system-wide policies Cannot be changed by individual users Not supported by SQL standard

Each database object assigned a security class Each user assigned a clearance for a security

class Rules are imposed on reading and writing of

database objects by users

Countermeasures – Computer-Based Controls

MAC Determines whether user can read/write

object Based on rules of security level of object

and clearance of userRules ensure sensitive data never ‘passed

on’ to another user without necessary clearance

Bell-LaPudula Model

Each database object assigned security class Each subject assigned clearance Four classes:

Top secret (TS), Secret (S), Confidential (C), Unclassified (U) TS > S > C > U

Two restrictions:1. Simple Security property

• Subject S is allowed to read Object O only if class(S) >= class(O)

2. *_Property• Subject S is allowed to write object O only if class(S) <= class (O)

Popular Model for MAC called Bell-LaPudula

Countermeasures – Computer-Based Controls

View dynamic result of one or more relational operations

operating on base relations to produce another relation Virtual relation Produced upon request by particular user, at time of

request Backup

Process of periodically taking copy of database, log file, programs to offline storage media

Journaling Process of maintaining log file/journal of all changes made

to database to enable effective recovery in event of failure

Countermeasures – Computer-Based Controls

IntegrityPrevents invalid data

• Misleading or incorrect results

EncryptionEncoding of data by special algorithm Renders data unreadable by any program

without decryption key

RAID (Redundant Array of Independent Disks) Technology

DBMS hardware must be fault-tolerant Continues to operate even if one hardware components fails

Main hardware components include: Disk drives, disk controllers, CPU, power supplies, cooling

fans Disk drives most vulnerable component

• Has shortest times between failures of other hardware components

Suggests having redundant components

Seamlessly integrated into working system whenever component failure occurs

RAID (Redundant Array of Independent Disks) Technology

Large disk array comprising an arrangement of several independent disks

Organized to improve reliability and increase performance

Performance Increased through data striping

• Data segmented into equal-size partitions (striping unit)• Transparently distributed across multiple disks

Reliability Improved through storing redundant information across the

disks using parity scheme or error-correcting scheme

RAID (Redundant Array of Independent Disks) Technology

Different disk configurations aka RAID levels RAID 0 Nonredundant RAID 1 Mirrored RAID 0+1 Nonredundant and Mirrored RAID 2 Memory-Style Error-Correcting Codes RAID 3 Bit-Interleaved Parity RAID 4 Block-Interleaved Parity RAID 5 Block-Interleaved Distributed Parity RAID 6 P+Q Redundancy

DBMS and Web Security

Internet communication relies on TCP/IP TCP/IP and HTTP not designed with

security in mind Without special software, all Internet

traffic travels ‘in the clear’ Anyone who monitors traffic can read it

DBMS and Web Security

Must ensure while transmitting information over the Internet that: inaccessible to anyone but sender and receiver

(privacy); not changed during transmission (integrity); receiver can be sure it came from sender

(authenticity); sender can be sure receiver is genuine (non-

fabrication); sender cannot deny he or she sent it (non-

repudiation).

DBMS and Web Security

Measures include: Proxy servers Firewalls Message digest algorithms and digital signatures Digital certificates Kerberos Secure sockets layer (SSL) and Secure HTTP (S-HTTP) Secure Electronic Transactions (SET) and Secure

Transaction Technology (SST) Java security ActiveX security

How Secure Electronic Transactions (SET) Works

Chapter 19