Page-2
Oracle Database Security Defense-in-Depth
Access Control
• Oracle Database Vault
• Oracle Label Security
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Encryption and Masking
Auditing and Monitoring
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall
• Oracle Database Firewall
Blocking and Logging
Page-3
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• TDE
• Summary
Page-4
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• TDE
• Summary
Page-5
Data Masking
• What is data masking? Data masking is the process of replacing sensitive information with realistic data based on masking rules.
• Why use data masking? Use data masking so that data can be shared with nonproduction users such as testing companies.
Page-6
Data Masking
EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER
100 King 90 515.123.4567
105 Austin 60 590.423.4569
110 Chen 100 515.124.4269
EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER
468 Jefferies 90 510.555.1256
975 Smith 60 650.555.9753
396 Allen 100 925.555.3597
Page-7
Data Masking: Features
• Uses an irreversible process to replace the sensitive database based on masking rules
• Ensures that the original data cannot be retrieved, recovered, or restored
• Enables you to define a central definition for common data masking formats to be used with all databases
Page-8
Implementing Data Masking
Identifysensitive
information
Createdata mask
formats
Createmasking
definitions
Cloneproductionto staging
Createmasking
definitions
Executemasking
job
Clonestagingto test
Security admin
DBA
Production Staging Test
App DBA
Page-10
Agenda
• Oracle DB Security
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
– TDE
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• Summary
Page-11
Discretionary Access Control
Joe
Fred
GRANT SELECT ON emp TO JOE;
REVOKE SELECT ON emp FROM FRED;
How to secure row or column level?
Page-12
Oracle VPD
• A Virtual Private Database (VPD) combines an application context and FGAC
– Fine-grained access control: associate security policies to database objects
– Application Context: define and access application or session attributes
• Enforce business rules to limit row access
• Use a secure application context to provide high-performance resolution of user attributes
Page-13
Why VPD?
• Scalability – Table Customers contains 1,000 customer records. Suppose we
want customers to access their own records only. Using views, we need to create 1,000 views. Using VPD, it can be done with a single policy function.
• Simplicity– Say, we have a table T and many views are based on T. Suppose we
want to restrict access to some information in T. Without VPD, all view definitions have to be changed. Using VPD, it can be done by attaching a policy function to T; as the policy is enforced in T, the policy is also enforced for all the views that are based on T.
• Security– Server-enforced security (as opposed to application-enforced).
– Cannot be bypassed. (There are two exceptional cases, though.)
Page-14
How Fine-Grained Access Control Works
1. The user accesses a table or view with a policy.
2. The data server calls the policy function.
3. The policy function returns a predicate.
4. The data server adds the predicate to the statement.
5. The data server executes the modified statement.
becomes
SELECT * FROM orders WHERE customer_id = sys_context
('oeapp','cust_id');
SELECT * FROM orders;
Page-15
Application Context
• Application contexts act as secure caches of data that may be used by a fine-grained access control policy.
– Upon logging into the database, Oracle sets up an application context in the user’s section.
– You can define, set and access application attributes that you can use as a secure data cache.
• There is a pre-defined application context, “userenv”.
Page-16
Application Context
• One can create a customized application context and attributes.
– Say, each employee can access a portion of the Customers table, based on the job-position.
– For example, a clerk can access only the records of the customers who lives in a region assigned to him. But a manager can access any record.
– Suppose that the job-positions of employees are stored in a LDAP server (or in the Employee table).
– Such information can be accessed and cached in an application context when an employee logs in.
Page-18
Agenda
• Protecting Data
– Encrypt stored data
– Mask data that is not used for production
– TDE
• Controlling data access
– Implementing the Virtual Private Database (VPD)
– Using Oracle Label Security (OLS)
• Summary
Page-19
Oracle Label Security
Joe
Fred
GRANT SELECT ON emp TO JOE;
REVOKE SELECT ON emp FROM FRED;
• Discretionary Access Control
Page-20
Oracle Label Security
Discretionary
access control
SQL request
OLS access
mediation
Select objectprivilege granted?
User clearance
dominatesdata row label?
Location Storage OLS Label
Nevada Conventional Sensitive
Montana Nuclear Highly Sens.
Colorado Medical Confidential
XX
Confidential
– The objects in the database can have rows that are labeled
– Access to rows is restricted on the basis of Oracle Label Security authorizations.
Page-21
How Sensitivity Labels Are Used
Labels Data
Users
Data sensitivity
Authorizations
Secret
Top Secret
Access mediation