CHAPTER 6

Database Security
 6.1 Introduction to Database Security
Issues
• Database security a broad area
– Legal & ethical, policy, and system-related issues
• Threats to databases
– Loss of integrity
• Improper modification of information
– Data integrity: assures that information and programs are changed only in a specified and
authorized manner
– System integrity: Assures that a system performs its operations in perfect manner.
– Loss of availability
• Legitimate user cannot access data objects.
• Availability: assure that systems works on time and service is not denied to authorized users
– Loss of confidentiality
• Unauthorized disclosure of confidential information
• Data confidentiality: Assures that confidential information is not disclosed to unauthorized
individuals
• Privacy: Assures that individual control or influence what information may be collected and
stored
 Introduction to Database Security Issues (cont’d.)

• A database security and authorization subsystem that is responsible for

against unauthorized access.
• Computer security: The protection afforded to an automated information
system in order to attain the applicable objectives of preserving the
integrity, availability and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and
telecommunications)

• There are different types of database security mechanisms:

1. Discretionary security mechanisms
 Used to grant privileges to users
2. Mandatory security mechanisms
 Classify data and users into various security classes and
 Implement security policy
3. Role-based security
 Introduction to Database Security Issues
(cont’d.)
• Types of database Control measures
– Access control
• Handled by creating user accounts and passwords
– Inference control or statistical database security
• Must ensure information about individuals cannot be accessed
– Flow control
• Prevents information from flowing to unauthorized users
– Data encryption
• Used to protect sensitive transmitted data
 Database Security and the DBA
• Database administrator (DBA)
– Central authority for administering database system
– Superuser or system account
• DBA-privileged commands
– Account creation
– Privilege granting
– Privilege revocation
– Security level assignment
 Access Control, User Accounts, and
Database Audits
• User must log in using assigned username and
password
• Login session
– Sequence of database operations by a certain user
– Recorded in system log
• Database audit
– Reviewing log to examine all accesses and operations
applied during a certain time period.
– database auditing involves observing a database so as to be
aware of the actions of database users. 
– Database administrators and consultants often set up auditing
for security purposes
 Sensitive Data and Types of Disclosures

• Sensitivity of data: is a measure of the importance

assigned to the data by its owner, for the purpose of
denoting its need for protection.
• Several factors can cause data to be classified as
sensitive:
– Inherently sensitive (salary, medical records)
– From a sensitive source
– Declared sensitive: The owner of the data may have
explicitly declared it as sensitive.
– A sensitive attribute or sensitive record
– Sensitivity in relation to previously disclosed data
 Sensitive Data and Types of Disclosures
(cont’d.)
• Factors in deciding whether it is safe to reveal the
data
– Data availability
• Not available when being updated
– Access acceptability
• Authorized users
– Authenticity assurance
• External characteristics of the user
• Example: access only allowed during working hours
 Sensitive Data and Types of Disclosures
(cont’d.)
• Typically a tradeoff between precision and security
• Precision
– Protect all sensitive data while making available as much
nonsensitive data as possible, security area.
• Security
– Ensuring data kept safe from corruption and access
suitably controlled
Relationship Between Information Security
and Information Privacy
• Concept of privacy goes beyond security
– Ability of individuals to control the terms under which
their personal information is acquired and used
– Security a required building block for privacy
• Preventing storage of personal information
• Ensuring appropriate use of personal information
• Trust relates to both security and privacy
 6.2 Discretionary Access Control Based on Granting and Revoking Privileges

• Two levels for assigning privileges to use a database system

– Account level
• Example: CREATE SCHEMA or CREATE TABLE
privilege, ALTER privilege, DROP privilege, MODIFY
privilege(insert ,update )
– Relation (or table) level
• whether they are base relations or virtual (view) relations.
Privileges at the relation level
• specify for each user the individual relations on which each
type of command can be applied.
• Access matrix model: where the rows of a matrix M
represent subjects(users, accounts, programs) and the
columns represent objects(relations, records, columns,
views, operations).
Specifying Privileges Through the Use of Views
• Consider owner A of relation R and other party B
– A can create view V of R that includes only attributes A
wants B to access
• Grant SELECT on V to B
• Can define the view with a query that selects only
those tuples from R that A wants B to access
– Eg: grant select on student to HR
– revoke select on student from HR
 Revocation and Propagation of Privileges
• Revoking of Privileges
– Useful for granting a privilege temporarily
– REVOKE command used to cancel a privilege
• Propagation of privileges using the GRANT
OPTION
– If GRANT OPTION is given, B can grant privilege to
other accounts
– DBMS must keep track of how privileges were granted if
DBMS allows propagation
 6.3 Mandatory Access Control and Role-Based
Access Control for Multilevel Security
• Mandatory access control
– Additional security policy that classifies data and users based
on security classes
– Typical security classes
• Top secret(TS): highest level
• Secret(S)
• Confidential (C)
• Unclassified (U): lowest level , where TS ≥S≥C≥U
– Bell-LaPadula model: The commonly used model for multilevel
security, which classifies each subject(user, account, program) and
object(relation, tuple, column, view, operation) into one of the
security classifications TS, S, C, or U.
– Subject and object classifications.
Comparing Discretionary Access Control
and Mandatory Access Control
• DAC policies have a high degree of flexibility
– Do not impose control on how information is propagated
– A means of restricting access to objects based on the
identity of subjects and/or groups to which they belong.
– The controls are discretionary in the sense that a subject with
a certain access permission is capable of passing that
permission (perhaps indirectly) on to any other subject
(unless restrained by  mandatory access control.
• Mandatory policies ensure high degree of protection
– Rigid
– Prevent illegal information flow
 Role-Based Access Control
• Permissions associated with organizational roles
– Users are assigned to appropriate roles
– Individual users are then assigned to appropriate roles.
• Roles can be created using the CREATE ROLE and
DESTROY ROLE commands.
 Label-Based Security and Row-Level Access
Control
• Sophisticated access control rules implemented by
considering the data row by row
• Each row given a label
– Used to prevent unauthorized users from viewing or
altering certain data
• Provides better granularity of data security
• Label security policy
– Defined by an administrator
 6.4 SQL Injection
• SQL injection
– Most common threat to database system
– SQL injection is a code injection technique that might
destroy your database.
– SQL injection is one of the most common web hacking
techniques.
• Other common threats
– Unauthorized privilege escalation
– Privilege abuse
– Denial of service
– Weak authentication
 SQL Injection Methods
• Attacker injects a string input through the
application
– Changes or manipulates SQL statement to attacker’s
advantage
• Unauthorized data manipulation or execution of
system-level commands
1. SQL manipulation
– Changes an SQL command in the application
– Example: adding conditions to the WHERE clause
 SQL Injection Methods (cont’d.)
• SQL manipulation (cont’d.)
– Typical manipulation attack occurs during database login
2. Code injection
– Add additional SQL statements or commands that are
then processed
• Function call injection
– Database or operating system function call inserted into
vulnerable SQL statement to manipulate data or make a
privileged system call
 Risks Associated with SQL Injection
• Database fingerprinting
• Denial of service
• Bypassing authentication
• Identifying injectable parameters
• Executing remote commands
• Performing privilege escalation
 Protection Techniques
• Bind variables:  is a placeholder in a SQL statement that must be
replaced with a valid value or value address for the statement to execute
successfully. 
– Protects against injection attacks
– Improves performance
• Filtering input (input validation)
– Remove escape characters from input strings
– Escape characters can be used to inject manipulation
attacks
• Function security
– Standard and custom functions should be restricted
 6.5 Introduction to Flow Control
• Flow control
– flow of information among accessible objects
– Verifies information contained in some objects does not
flow explicitly or implicitly into less protected objects.
• Flow policy
– Specifies channels along which information is allowed to
move
• Simple form: confidential and nonconfidential
 Introduction to Flow Control (cont’d.)
• Covert channels
– Allows information to pass from a higher classification
level to a lower classification level through improper
means
– Timing channel requires temporal synchronization
– Storage channel does not require temporal
synchronization
 6.6 Encryption and Public Key
Infrastructures
• Encryption converts data into cyphertext
– Performed by applying an encryption algorithm to data
using a prespecified encryption key
– Resulting data must be decrypted using a decryption key
to recover original data
• Data Encryption Standard (DES)
– Developed by the U.S. Government for use by the general
public
• Advanced Encryption Standard (AES)
– More difficult to crack
 Introduction to Flow Control
• Encryption: It is the process of locking up information
using cryptography. Information that has been locked
this way is encrypted.
• Decryption: The process of unlocking the encrypted
information using cryptographic techniques.
• Key: A secret like a password used to encrypt and
decrypt information. There are a few different types of
keys used in cryptography.

26
 Encryption and Public Key Infrastructures
(cont’d.)
• Symmetric key algorithms
– Also called secret key algorithms
– Need for sharing the secret key
• Can apply some function to a user-supplied password string at
both sender and receiver
• Symmetrical encryption is an old and best-known technique. ... The
sender and the recipient should know the secret key that is used to
encrypt and decrypt all the messages.
• Public (asymmetric) key encryption
– Involves public key and private key
– Private key is not transmitted
– Two keys related mathematically
• Very difficult to derive private key from public key
 Encryption and Public Key Infrastructures
(cont’d.)
• Asymmetrical encryption
• is also known as public key cryptography, which is a
relatively new method, compared to symmetric
encryption.
• Asymmetric encryption
• uses two keys to encrypt a plain text. Secret keys are
exchanged over the Internet or a large network.
• It ensures that malicious persons do not misuse the
keys.

28
 Encryption and Public Key Infrastructures
(cont’d.)

• Public (asymmetric) key encryption steps

– Each user generates a pair of keys to be used for
encryption and decryption of messages
– Each user places public key in a public register or other
accessible file
• Keeps companion key private
– Sender encrypts message using receiver’s public key
– Receiver decrypts message using receiver’s private key
• RSA (Rivest–Shamir–Adleman) public key encryption
algorithm
 Digital Certificates
• A Digital Certificate is an electronic "password" that allows a person, organization
to exchange data securely over the Internet using the public key infrastructure (PKI).
Digital Certificate is also known as a public key certificate or identity certificate.
• Consist of string of symbols
• Each is unique
– Function of the message it is signing, along with a timestamp
– Depends on secret number unique to the signer.
• Combines value of a public key with the identity of the person or service that
holds the corresponding private key into a digitally signed statement
• Information included in the certificate
– Owner information
– Public key of the owner
– Date of certificate issue and validity period
– Issuer identification
– Digital signature
 Discretionary Access Control (cont’d.)
• Relation or table level (cont’d.)
– Each relation R assigned an owner account
– Owner of a relation given all privileges on that relation
– Owner can grant privileges to other users on any owned
relation
• SELECT (retrieval or read) privilege on R
• Modification privilege on R
• References privilege on R
6.7 Privacy Issues and Preservation
• Growing challenge for database security
• Central warehouses for vital information
– Violating security could expose all data
• Remove identity information in released data
• Inject noise into the data
– Must be able to estimate errors introduced
 Challenges of computer security
1. Computer security is not simple
2. A battle of wits between attacker / admin
3. One must consider potential (unexpected) attacks
4. Must decide where to deploy mechanisms
5. Involve algorithms and secret info (keys)
6. Requires constant monitoring

33
 30.11 Summary
• Threats to databases
• Types of control measures
– Access control
– Inference control
– Flow control
– Encryption
• Mandatory access control
• SQL injection
• Key-based infrastructures
END!!!

35