Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly...
-
date post
19-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly...
Security
Dale-Marie Wilson, Ph.D.
Why Database Security?
Data Valuable resource
• Must be strictly controlled and managed• Corporate resource
Have strategic importance Must be secure and confidential
Database Security
Mechanisms that protect database against intentional or accidental threats
Does not only apply to data held in database
Security breaches may affect other parts of systemEventually affect database
Database Security
Involves measures to avoid: Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability
Threat Any situation or event, intentional or
unintentional, that adversely affects system => organization
Summary of Threats to Computer Systems
Typical Multi-user Computer Environment
Countermeasures – Computer-Based Controls
Concerned with physical controls to administrative procedures and includes: Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology
Countermeasures – Computer-Based Controls
AuthorizationThe granting of a right or privilege, which
enables a subject to legitimately have access to a system or a system’s object
Mechanism that determines whether user is, who he/he claims
Countermeasures – Computer-Based Controls
Access controlGranting/revoking of privileges
Privilege Allows user to create or access (read,
write, modify) database object (relation, view, index) or run DBMS utilities
Granted to user to accomplish tasks required for jobs
Countermeasures – Computer-Based Controls
Discretionary Access Control (DAC) Provided by most DBMS Effective Weakness
• Unauthorized user can trick authorized user into disclosing sensitive data
SQL standard supports DAC GRANT and REVOKE commands
GRANT command Gives privileges to users
REVOKE command Takes privileges from users
Countermeasures – Computer-Based Controls
Mandatory Access Control (MAC) Based on system-wide policies Cannot be changed by individual users Not supported by SQL standard
Each database object assigned a security class Each user assigned a clearance for a security
class Rules are imposed on reading and writing of
database objects by users
Countermeasures – Computer-Based Controls
MAC Determines whether user can read/write
object Based on rules of security level of object
and clearance of userRules ensure sensitive data never ‘passed
on’ to another user without necessary clearance
Bell-LaPudula Model
Each database object assigned security class Each subject assigned clearance Four classes:
Top secret (TS), Secret (S), Confidential (C), Unclassified (U) TS > S > C > U
Two restrictions:1. Simple Security property
• Subject S is allowed to read Object O only if class(S) >= class(O)
2. *_Property• Subject S is allowed to write object O only if class(S) <= class (O)
Popular Model for MAC called Bell-LaPudula
Countermeasures – Computer-Based Controls
View dynamic result of one or more relational operations
operating on base relations to produce another relation Virtual relation Produced upon request by particular user, at time of
request Backup
Process of periodically taking copy of database, log file, programs to offline storage media
Journaling Process of maintaining log file/journal of all changes made
to database to enable effective recovery in event of failure
Countermeasures – Computer-Based Controls
IntegrityPrevents invalid data
• Misleading or incorrect results
EncryptionEncoding of data by special algorithm Renders data unreadable by any program
without decryption key
RAID (Redundant Array of Independent Disks) Technology
DBMS hardware must be fault-tolerant Continues to operate even if one hardware components fails
Main hardware components include: Disk drives, disk controllers, CPU, power supplies, cooling
fans Disk drives most vulnerable component
• Has shortest times between failures of other hardware components
Suggests having redundant components
Seamlessly integrated into working system whenever component failure occurs
RAID (Redundant Array of Independent Disks) Technology
Large disk array comprising an arrangement of several independent disks
Organized to improve reliability and increase performance
Performance Increased through data striping
• Data segmented into equal-size partitions (striping unit)• Transparently distributed across multiple disks
Reliability Improved through storing redundant information across the
disks using parity scheme or error-correcting scheme
RAID (Redundant Array of Independent Disks) Technology
Different disk configurations aka RAID levels RAID 0 Nonredundant RAID 1 Mirrored RAID 0+1 Nonredundant and Mirrored RAID 2 Memory-Style Error-Correcting Codes RAID 3 Bit-Interleaved Parity RAID 4 Block-Interleaved Parity RAID 5 Block-Interleaved Distributed Parity RAID 6 P+Q Redundancy
DBMS and Web Security
Internet communication relies on TCP/IP TCP/IP and HTTP not designed with
security in mind Without special software, all Internet
traffic travels ‘in the clear’ Anyone who monitors traffic can read it
DBMS and Web Security
Must ensure while transmitting information over the Internet that: inaccessible to anyone but sender and receiver
(privacy); not changed during transmission (integrity); receiver can be sure it came from sender
(authenticity); sender can be sure receiver is genuine (non-
fabrication); sender cannot deny he or she sent it (non-
repudiation).
DBMS and Web Security
Measures include: Proxy servers Firewalls Message digest algorithms and digital signatures Digital certificates Kerberos Secure sockets layer (SSL) and Secure HTTP (S-HTTP) Secure Electronic Transactions (SET) and Secure
Transaction Technology (SST) Java security ActiveX security
How Secure Electronic Transactions (SET) Works
Chapter 19