Database Security

Lecture2
 Security models
• A security model establishes the external criteria for
the examination of security issues in general, and
provides the context for database considerations,
including implementation and operation.
• Security models explain the features available in the
DBMS which need to be used to develop and operate
the actual security systems.
• They embody concepts, implement policies and
provide servers for such functions.
• Any faults in the security model will translate either
into insecure operation or unsuitable systems.
 Countermeasures
• The types of countermeasure to threats on
computer systems range from physical
controls to administrative procedures.
• Representation of a typical multi-user
computer environment in fig 2. It will be
focused on the following computer-based
security controls for a multi-user
environment.
 Countermeasures
• authorization • access controls • views
• backup and recovery • integrity • encryption

Figure 2: Representation of a typical multi-user computer environment.

 Database Security
• DBMS typically includes a database security and
authorization subsystem that is responsible for
ensuring the security of portions of a database
against unauthorized access.
• There are two main approaches of database
security mechanisms:
■ Discretionary security mechanisms.
These are used to grant privileges to users, including
the capability to access specific data files, records,
or fields in a specified mode (such as read, insert,
delete, or update).
 Database Security
■ Mandatory security mechanisms.
These are used to enforce multilevel security by
classifying the data and users into various
security classes (or levels) and then
implementing the appropriate security policy of
the organization.
 Authentication
• Authentication does not give any privileges for particular
tasks.
• It only establishes that the DBMS trusts that the user is who
he/she claimed to be and that the user trusts that the
DBMS is also the intended system.
• Think about this with an Internet Banking System as an
example. Could a line be intercepted and the person on the
other side pretend to be the bank while you disclosed
passwords and account numbers? Could someone access
the bank and empty your accounts? The part of the process
that deals with this area is the authentication server.
• Authentication is a prerequisite for authorisation.
 Authorisation
• Authorisation relates to the permissions granted
to an authorised user to carry out particular
transactions, and hence to change the state of the
database (write-item transactions) and/or receive
data from the database (read-item transactions).
• The result of authorisation, which needs to be on
a transactional basis, is a vector: Authorisation
(item, auth-id, operation).
• A vector is a sequence of data values at a known
location in the system.
 Authorisation
• How this is put into effect is down to the DBMS functionality.
• At a logical level, the system structure needs an authorisation
server, which needs to co-operate with an auditing server.
• There is an issue of server-to-server security and a problem with
amplification as the authorisation is transmitted from system to
system.
• Amplification here means that the security issues become larger as
a larger number of DBMS servers are involved in the transaction.
• Audit requirements are frequently implemented poorly. To be safe,
you need to log all accesses and log all authorisation details with
transaction identifiers. There is a need to audit regularly and
maintain an audit trail, often for a long period.
• The responsibility to authorize use of the DBMS usually rests with
the Database Administrator (DBA), who must also set up individual
user accounts and passwords using the DBMS itself.
Authentication and Authorisation
• Some DBMSs maintain a list of valid user
identifiers and associated passwords, which
can be distinct from the operating system’s
list.
• However, other DBMSs maintain a list whose
entries are validated against the operating
system’s list based on the current user’s login
identifier.
 Access control
• A security problem common to computer systems
is that of preventing unauthorized persons from
accessing the system itself, either to obtain
information or to make malicious changes in a
portion of the database.
• The security mechanism of a DBMS must include
provisions for restricting access to the database
system as a whole. This function, called access
control, is handled by creating user accounts and
passwords to control the login process by the
DBMS.
 Inference control
• Statistical databases are used to provide statistical information or
summaries of values based on various criteria.
• For example, a database for population statistics may provide statistics
based on age groups, income levels, household size, education levels, and
other criteria.
• Statistical database users such as government statisticians or market
research firms are allowed to access the database to retrieve statistical
information about a population but not to access the detailed confidential
information about specific individuals.
• Security for statistical databases must ensure that information about
individuals cannot be accessed. It is sometimes possible to deduce or infer
certain facts concerning individuals from queries that involve only
summary statistics on groups; consequently, this must not be permitted
either.
• This problem is called statistical database security. The corresponding
control measures are called inference control measures.
 Flow control
• Another security issue is that of flow control, which
prevents information from flowing in such a way that
it reaches unauthorized users.
• Covert channels are pathways on which information
flows implicitly in ways that violate the security policy
of an organization.
• A covert channel is a type of computer attack or threat
that enables communication between various objects
and processes that were not allowed to
communicate because of the system or network's
policy. A covert channel poses a serious problem to
the data that's being transferred.
 Data encryption
• A final control measure is data encryption, which is used to
protect sensitive data (such as credit card numbers) that is
transmitted via some type of communications network.
• Encryption can be used to provide additional protection for
sensitive portions of a database as well. The data is encoded
using some coding algorithm.
• An unauthorized user who accesses encoded data will have
difficulty deciphering it, but authorized users are given decoding
or decrypting algorithms (or keys) to decipher the data.
• Encrypting techniques that are very difficult to decode without
a key have been developed for military applications. However,
encrypted database records are used today in both private
organizations and governmental and military applications.
 Database Security and the DBA

• The database administrator (DBA) is the central

authority for managing a database system.
• The DBA’s responsibilities include granting privileges
to users who need to use the system and classifying
users and data in accordance with the policy of the
organization.
• The DBA has a DBA account in the DBMS, sometimes
called a system or superuser account, which
provides powerful capabilities that are not made
available to regular database accounts and users.
 Database Security and the DBA

• DBA-privileged commands include commands for granting and

revoking privileges to individual accounts, users, or user groups
and for performing the following types of actions:
• 1. Account creation. This action creates a new account and
password for a user or a group of users to enable access to the
DBMS.
• 2. Privilege granting. This action permits the DBA to grant certain
privileges to certain accounts.
• 3. Privilege revocation. This action permits the DBA to revoke
(cancel) certain privileges that were previously given to certain
accounts.
• 4. Security level assignment. This action consists of assigning user
accounts to the appropriate security clearance level.
 Database Security and the DBA

• The DBA is responsible for the overall security

of the database system.
• Action 1 in the preceding list is used to control
access to the DBMS as a whole, whereas
actions 2 and 3 are used to control
discretionary database authorization, and
action 4 is used to control mandatory
authorization.