1

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 7: Databases

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 2

Objectives for Chapter 7

• Basic database terminology and concepts
• Security requirements for databases
• Implementing access controls in databases
• Protecting sensitive data
• Data mining and big data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 3

Database Terms
• Database administrator
• Database management system (DBMS)
• Record
• Field/element
• Schema
• Subschema
• Attribute
• Relation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 4

Database Example

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 5

Schema Example

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 6

Queries
• A query is a command that tells the
database to retrieve, modify, add, or delete
a field or record
• The most common database query
language is SQL

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 7

Example SQL Query

• SELECT ZIP=‘43210’

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 8

Queries
Other, more complex, selection criteria are
possible, with logical operators such as
and (∧) and or (∨), and comparisons such as
less than (<).

An example of a select query is:

SELECT (ZIP=‘43210’) ∧ (NAME=‘ADAMS’)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 9

Queries
After having selected records, we may project these records onto
one or more attributes.

The select operation identifies certain rows from the database,

and a project operation extracts the values from certain fields
(columns) of those records.

The result of a select-project operation is the set of values of

specified attributes for the selected records.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 10

Queries
Example:

SHOW LAST, FIRST WHERE (ZIP=‘43210’) ∧

(STATE=‘OH’)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 11

Queries

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 12

Advantages of Using Databases

A database is a single collection of data, stored and
maintained at one central location, to which many people
have access as needed.

The actual implementation may involve some other

physical storage arrangement or access.

The essence of a good database is that the users are

unaware of the physical arrangements; the unified logical
arrangement is all they see.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 13

Advantages of Using Databases

A database therefore offers many advantages over a simple file system:

• shared access, so that many users can use one common, centralized set of
data

• controlled access, so that only authorized users are allowed to view or to

modify data values

• minimal redundancy, so that individual users do not have to collect and

maintain their own sets of data

• data consistency, so that a change to a data value affects all users of the data
value

• data integrity, so that data values are protected against accidental or malicious
undesirable changes
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 14

Database Security Requirements

• Physical integrity - The data of a database are immune from physical
problems, such as power failures, and someone can reconstruct the
database if it is destroyed through a catastrophe.

• Logical integrity - The structure of the database is preserved.

With logical integrity of a database, a modification to the value of
one field does not affect other fields, for example.

• Element integrity - The data contained in each element are

accurate.

• Auditability - It is possible to track who or what has accessed

(or modified) the elements in the database.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 15

Database Security Requirements

• Access control - A user is allowed to access only
authorized data, and different users can be restricted to
different modes of access (such as read or write).

• User authentication - Every user is positively identified,

both for the audit trail and for permission to access certain
data.

• Availability - Users can access the database in general

and all the data for which they are authorized.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 16

Reliability and Integrity

• Reliability: in the context of databases, reliability is the
ability to run for long periods without failing
• Database integrity: concern that the database as a whole
is protected against damage
• Element integrity: concern that the value of a specific data
element is written or changed only by authorized users
• Element accuracy: concern that only correct values are
written into the elements of a database

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 17

Two-Phase Update
• Phase 1: Intent
• DBMS does everything it can, other than making changes to the
database, to prepare for the update
• Collects records, opens files, locks out users, makes calculations
• DBMS commits by writing a commit flag to the database
• Phase 2: Write
• DBMS completes all write operations
• DBMS removes the commit flag
• If the DBMS fails during either phase 1 or phase 2, it can
be restarted and repeat that phase without causing harm

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 18

Other Database Security Concerns

• Error detection and correction codes to protect data
integrity
• For recovery purposes, a database can maintain a
change log, allowing it to repeat changes as necessary
when recovering from failure
• Databases use locks and atomic operations to maintain
consistency
• Writes are treated as atomic operations
• Records are locked during write so they cannot be read in a
partially updated state

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 19

Sensitive Data
• Inherently sensitive
• Passwords, locations of weapons
• From a sensitive source
• Confidential informant
• Declared sensitive
• Classified document, name of an anonymous donor
• Part of a sensitive attribute or record
• Salary attribute in an employment database
• Sensitive in relation to previously disclosed information
• An encrypted file combined with the password to open it

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 20

Types of Disclosures
• Exact data
• Bounds
• Negative result
• Existence
• Probable value
• Direct inference
• Inference by arithmetic
• Aggregation
• Hidden data attributes
• File tags
• Geotags

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 21

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 22

Preventing Disclosure
• Suppress obviously sensitive information
• Keep track of what each user knows based
on past queries
• Disguise the data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 23

Security vs Precision
• It is difficult to determine what data are sensitive and how
to protect them.

• The situation is complicated by a desire to share

nonsensitive data.

• With confidentiality in focus, we want to disclose only

those data that are not sensitive.

• This shapes how much data to disclose, with the view in

mind that “less is better than more”.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 24

Security vs Precision
• In contrast, the users of the data must be considered.

• The conservative view suggests that we reject any query that

mentions a sensitive field.

• This may lead to the rejection of many reasonable and

nondisclosing queries.

• We want to disclose as much data as possible, so that users of

the database have access to the data they need.

• This goal, called precision, aims to protect all sensitive data

while revealing as much nonsensitive data as possible.
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 25

Security vs. Precision

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 26

Security vs Precision
• The ideal combination of security and precision allows us
to maintain perfect confidentiality with maximum precision;
in other words, we disclose all and only the
nonsensitive data.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 27

Summary
• Database security requirements include:
• Physical integrity
• Logical integrity
• Element integrity
• Auditability
• Access control
• User authentication
• Availability
• There are many subtle ways for sensitive data to be
inadvertently disclosed, and there is no single answer for
prevention.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.