Security and IntegritySecurity and Integrity
Database security and Database security and AuthorizationAuthorization Introduction to security issues Mechanisms used to grant and revoke
privilege in relational database in SQL An overview of the mechanisms for enforcing
multiple levels of security Briefly discusses the security problem in
statistical database Introduces flow control and mentions problems
associated with convert channels. A brief summary of encryption and public key
infrastructure schemes. Summaries the chapter
What is security?
Introduction to Introduction to Database Security Database Security IssuesIssues
Types of SecurityTypes of Security Legal and ethical issues regarding the right to access certain
information. In US there are many laws governing privacy of information.
Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical records
System-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels.
The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.
Threats to DatabaseThreats to Database
Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. Loss of integrity Loss of availability Loss of confidentially
Loss of integrityLoss of integrity Integrity refer to requirement that information be protected
from improper modification.
Modification of data includes Creation Insertion Modification Deletion Change the status of data
Integrity is lost if unauthorized changes are make to the data by either intentional or accidental acts.
If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision
Loss of availabilityLoss of availability
Database availability refers to making objects available to human user or a program to which they have a legitimate right
Loss of confidentiallyLoss of confidentially Database confidentially refers to the
protection of data from unauthorized disclosure.
The impact range from Violent of data privacy act to the damage of
national security Unauthorized could result in loss of
public confidence, embarrassment, or legal action against the organization.
How to protect How to protect databasedatabase
To protect database against these types of 4 kinds of countermeasures can be implemented: Access control Inference control Flow control Encryption
Database security Database security mechanismsmechanisms Discretionary security mechanisms
Grant privilege to users, includes the capability to access specific data files, records, or fields in a specified mode (insert, read, delete, update)
Mandatory security mechanisms Classifying the data and users into various security
classes Implementing the appropriate security policy of the
organization Example
Policy to permit users at a certain classification level to see only the data item classified at the user’s own (or lower) classification level.
Role-based security
Database security and Database security and the DBAthe DBA DBA has a DBA account in the DBMS Called “system” or “superuser” account Provide powerful capabilities that are not available for
regular database accounts and users. DBA privilege commands include commands
for granting and revoking privilege to individual accounts, users or user groups
For performing the followings Account creation Privilege granting Privilege revocation Security level assignment
DBA response for the overall security of the database system.
Access Protection, User accounts, and Database Audits
1. Person need to access database2. DBA create user account and password3. The user login to the DBMS by enter user account and
password4. The DBMS checks that the account and password valid
If the user is permitted to use the DBMS to access the database
5. DBMS keep track of database users and their accounts and passwords by creating and encrypted table of file with the two fields Account and Password. This table was maintained by the DBMS.
When create new user, the data will insert into this table When account is canceled, the corresponding record must
be delete from the table
Keep track of operation6. BDMS keep track of operations on the
database Create login session when user log in Keep track of sequence of database interactions from
the time of logging in to the time of logging out When user log in, the DBMS record the user’s account
and associate it with the terminal from with the terminal from which the user logged on
All operations applied from that terminal are attributed to the user’s account until the log off
Keep track of the update operation If the database is tampered with, the DBA can find out
which user did the tampering
Keep track of operations on system log
System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash.
If have any tampering with database, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period.
When illegal or unauthorized is found, the DBA can determine the account user
Database audits is important for sensitive databases that are updated by many transactions and users. Audit trail is a database log that used mainly for security purposes.
System log
Discretionary Access control Based on Granting and Revoking Privilege
Type of Discretionary Privilege Account level: the DBA specifies the
particular privilege that each account holds independently of the relations in the database
Relation level: the DBA/owner can control the privileges to access each individual relation or view in the database
Account level
Relation level
SQL
SELECT privilege on R: MODIFY privileges on R: REFERENCES privileges on R: **Remark: create view, the
account must have select privilege on all relations in invoked in view definition.
Specifying Privilege using VIEW
Important method to limiting users to manipulate data If user A want user B to be able to
retrieve only some field of relation R (create by A)
Then A can a view V of R that includes only some attributes
And then grant SELECT on V to B
Grant privilege Grant operation on Table/View to
User with grant option Example
GRANT select ON emp to tori; GRANT select ON empcom to nok with
grant option; GRANT update on emp (salary) to tori; GRANT all on emp to nok with grant
option;
example Tori : Grant select on student to Hana; Hana: Select * from Tori.student; Tori : Grant select, update on student to kawa
with grant option; Kawa: Grant select on student to Nara with
grant option; Question: Can Nara grant her privilege to
others? If No, why? If yes, what privilege nara can grant to other users?
Syntax for create view by SQL (oracle)
CREATE VIEW View_name AS SELECT col1,col2,…,coln
FROM table1,…,tablen WHERE condition;
EXAMPLEDEPT (DEPTNO, DNAME, LOC) EMP (EMPNO, ENAME, JOB, MGR, SAL, COMM, DEPTNO)
CREATE VIEW EMPCOM AS Select Empno , Ename, Sal, Comm, E.DeptNo, DnameFROM EMP E, DEPT DWHERE E.DeptNo = D.DeptNo and Comm > 0;
EMPCOM
EMPCOM (Empno , Ename, Sal, Comm, DeptNo, Dname)
Revoking Privileges Purpose for canceling privileges REVOKE operation on table/view/object from
USER Example
REVOKE select on EMP from tori; REVOKE select on EMPCOM from tori;
Propagation of Privileges using the Grant Option
User A create table R (A is owner of R) GRANT
User A grants Privilege on R to User B with grant option (mean B can also grant that privilege on R to other accounts).
User B give grant privilege to User C with grant option This mean privilege on R can propagate to other accounts
without the knowledge of the owner of R REVOKE
If A revoke privilege on R from B. All privilege that B propagated should automatically be revoked
by the system. User receive a certain privilege from two or more sources.
A2 and A3 give certain UPDATE privilege on R To A4 IF A2 revokes the privilege from A4 A4 will still continue to have to privilege by virtual grant from A2 IF A3 revokes the privilege, the A4 totally lose the privilege on R
Role-based Access control (RBAC)
RBAC emerged rapidly in 1990s A proven technology for managing and
enforcing security in large scale enterprisewide system.
Example ORACLE
System level role provide by oracle has 3 roles: CONNECT, RESOURCE, and DBA
Create Role Create role role_name not identified Create role role_name identified by password
Example CREATE role APPL_ROLE not identified GRANT connect to APPL_ROLE GRANT resource to APPL_ROLE GRANT select on student to APPL_ROLE GRANT select, update on student to APPL_ROLE GRANT APPL_ROLE to TORI REVOKE update on student from APPL_ROLE