Database Security

1
 Database Security requirements
 Physical database integrity
 Logical database integrity
 Element integrity
 Audit ability
 Access control
 User authentication
 Availability

Database security concerns with mechanisms that protect the

2
 Database Security Measures
Security considerations do not only apply to the
data held in a database. Breaches of security may
affect other parts of the system, which may in turn
affect the database.
Database security involves measures to avoid:
Theft and fraud
Loss of confidentiality (secrecy)
Loss of privacy
Loss of integrity
Loss of availability

3
 Threat
 Any situation or event, whether intentional or
unintentional, that will adversely affect a system
and consequently an organization.

4
Global db Environment

5
 Threats Types-1
 Hardware:
– Fire/ flood/ bombs
– Data corruption due to power loss or surge
– Failure of security mechanisms giving greater access
– Theft of equipment
– Physical damage to equipment
– Electronic interference and radiation
 Communication networks
– Wire tapping
– Breaking or disconnection of cables
– Electronic interference and radiation.
 DBMS and Application Software
– Failure of security mechanism giving greater access
– Program alteration
– Theft of programs
 Database
– Unauthorized amendment or copying of data
– Theft of data
– Data corruption due to power loss or surge.
6
 Threats Types-2
 Data/Database Administrator
– Inadequate security policies and procedures.
 Programmers/ Operators
– Creating trapdoors
– Program alteration (such as creating software that is insecure)
– Inadequate staff training
– Inadequate security policies and procedures
– Staff shortages or strikes.
 Users
– Using another person's means of access
– Viewing and disclosing unauthorized data
– Inadequate staff training
– Illegal entry by hacker
– Blackmail
– Viruses

7
 Security Counter measures-Non Computer-
Based Controls
 Concerned with matters such as policies, agreements, and
other administrative controls such as physical controls to
buildings and safeguarding equipments.
 1. Security policy and contingency plans
 2. Personnel controls
 3. Securing positioning of equipment
 4. Secure data and software
 5. Escrow agreements
 6. Maintenance agreements
 7. Physical access control
 8. Building Controls
 9. Emergency arrangements

8
 Security Counter measures-Computer-Based
Controls
Concerned with electronic administrative procedures.
1. Authorization & Authentication
2. Access controls
3. Confidentiality and Encryption
4. Views
5. Backup and recovery
6. Integrity
7. RAID technology

9
 Authorization & Authentication
 Authorization is the granting of a right or
privilege, which enables a subject to legitimately
have access to a system or a system’s object.
 Authentication is a mechanism that determines
whether a user is, who he or she claims to be.

10
 Access Control
 Based on the granting and revoking of privileges.
 A privilege allows a user to create or access (that is read, write, or modify)
some database object (such as a relation, view, and index) or to run certain
DBMS utilities.
 Privileges are granted to users to accomplish the tasks required for their
jobs.
 Most DBMS provide an approach called Discretionary Access Control
(DAC).
 SQL standard supports DAC through the GRANT and REVOKE
commands.
 The GRANT command gives privileges to users, and the REVOKE
command takes away privileges.
 DAC while effective has certain weaknesses. In particular an
unauthorized user can trick an authorized user into disclosing sensitive
data.
 An additional approach is required called Mandatory Access Control
(MAC).
 One of popular models for MAC is called Bell-LaPudula
 Types of DAC privileges
– a. Account level (independent of relations)
– b. Relation level (at relation/view level uses access matrix). 11
12
 Each relation is assigned an owner account, the
owner is given all privileges on the relation. The
owner can pass privileges to other users by
granting privileges to their accounts.

13
 DAC in SQL
 In SQL, SELECT, INSERT, UPDATE, DELETE, and
specification of integrity constraints can be granted.
 Views can be used to specifying authorizations and
restricting users to part of the database.
 Revoking of privileges can also be done.
 Propagation of privileges must be carefully handled by the
DBMS.
 Syntax
– GRANT { privileges |ALL [PRIVILEGES]} [ON obj] TO users
[WITH GRANT OPTION];
 Where “privileges” -- a list of 1 or more privilege or the phrase ALL
PRIVILEGES
 “obj” -- a list of names of one or more objects (all of the same kind - table,
stored proc, etc.)
 “users” -- specific USERS or PUBLIC
14
 DAC Examples on SQL
 GRANT System(|Object)_Privilege TO useid;
 Examples of table privileges
– GRANT select ON Deposit TO Ibrahim;
– GRANT delete, update (Cname, City) ON Customer
TO Kahn, Jabang;
– GRANT select ON Borrow To PUBLIC;
– GRANT reference ON Branch TO Jugoo;
 Examples of DB & System privileges
– GRANT create table TO Ali;
– GRANT create database TO Kariri, Maryann;
– Revoke is the same:
– REVOKE [WITH GRANT OPTION] privileges [ON
obj] FROM users [CASCADE];

15
 Confidentiality and Encryption
Confidentiality
–How do we handle the existence of a record that only
certain people should know about?
–Encryption
– The encoding of the data by a special algorithm that
renders the data unreadable by any program without the
decryption key.
The inference problem is a way to infer or derive
sensitive data from non-sensitive data.
–The types of inference attacks
Direct Attack (make the query you want).
Indirect Attack: (a) Statistical functions (b) Tracker attacks

16
 Preventing inference attacks
 Limited response suppression (do not display low
frequency results).
 Combined results (e.g. release values in ranges 0 -
10 etc..).
 Random Sample.
 Random Data Perturbation.
 Query analysis.

17
 Aggregation problem
 Combining results of non sensitive data can
produce sensitive data.
 Multilevel Databases
– Security of a single element may be different from other
elements of the same record.
– Two-levels are inadequate to represent some security
situations
– The security of an aggregate may be different from the
security of the individual elements.

18
 5. Backup & Recovery-1
 Backup
 It means a process of periodically taking a copy of
the database and log file (and possibly programs)
to offline storage media.
 Recovery
 Databases maintain log files to recover in the
event of catastrophic failure.
 Journaling
 It means a process of keeping and maintaining a
log file (or journal) of all changes made to
database to enable effective recovery in event of
failure.

19
 5. Backup & Recovery-2
 Check pointing
 It means a point of synchronization between the
database and the transaction log file. All buffers
are force-written to secondary storage.
 Monitoring
 Monitoring check values being entered into the
database to prevent possible errors:
 Range comparisons
 State constraints
 Transition Constraints

20
 6. Integrity
 Prevents data from becoming invalid, and hence
giving misleading or incorrect results.
 Two-Phase Update: It is an integrity preserving
technique in case of interruption during update.
– a. During the first phase DBMS gathers everything
needed to perform tasks (repeatable)
– b. The last event writes a commit flag and then
permanent changes are made to the database (update
can be repeated)
 Internal consistency
– Database systems use internal controls such as a
redundant bit to determine if an internal error occurs

21
 7. RAID
 RAID  Redundant Array of Independent Disks
Technology
 Hardware for DBMS must be fault-tolerant.
 One solution: having fault-tolerant redundant
components
 Fault-tolerant components include disk drives,
disk controllers, CPU, power supplies, and
cooling fans.
 Disk drives are most vulnerable components.

22
 Achieving Multilevel Security
–Separation
 Divide the database into separate databases with different
sensitivity levels
 Encrypt the data in separate tables

–Integrity Lock
 Each data item is assigned a security level and a checksum is
added to prevent integrity violations
–Trusted Front End
 Commutative filter Re-formats the query so that only
appropriate sensitive data is retrieved
 Distributed Databases (separate databases consisting of low
and high sensitivity level data respectively with a trusted
Front end)
 Window/View (Users are shown the appropriate data based
on their clearance)

23