Chapter IV

Database Management Systems Security

1
Contents
• Database security Overview
• Database security requirement
• Database integrity
• Database secrecy
• Inference control
• Multilevel databases

2
 Database security Overview
• Any DBMS must provide security functionalities to ensure the secrecy
(confidentiality), integrity, and availability of the stored data.
• Database security is a broad area that addresses many issues, including the
following:
• Various legal and ethical issues regarding the right to access certain
information.
• Policy issues at the governmental, institutional, or corporate level as to
what kinds of information should not be made publicly available.
• System-related issues
• The need in some organizations to identify multiple security levels and
to categorize the data and users based on these classifications.
• Threats to databases can result in the loss or degradation of some or all of
the following commonly accepted security goals: integrity, availability, and3
confidentiality.
 Database security Overview cont…
• To protect databases against threats, it is common to implement four kinds
of control measures: access control, inference control, flow control, and
encryption.
• Access control restricting access to the database as a whole and it is
handled by creating user accounts and passwords to control login process
by the DBMS.
• Inference control refers a way of providing a summary (statistical)
information about the database for different users. It is very common in
case of statistical databases, these are used to provide statistical
information or summaries of values based on various criteria. The
countermeasures to statistical database security problem is called
inference control measures.
4
Database security Overview cont…

• Flow control which prevents information from flowing in such a way

that it reaches unauthorized users. Channels that are pathways for
information to flow implicitly in ways that violate the security policy
of an organization are called covert channels.
• Encryption is final security issue it is data encryption, which is used
to protect sensitive data (such as credit card numbers) that is being
transmitted via some type communication network.
• The data is encoded using some encoding algorithm.
• An unauthorized user who access encoded data will have difficulty
deciphering it, but authorized users are given decoding or decrypting
algorithms (or keys) to decipher data.

5
 Database Security and the DBA
• The database administrator (DBA) is the central authority for managing a database
system. The DBA’s responsibilities include granting privileges to users who need to use
the system and classifying users and data in accordance with the policy of the
organization.
• DBA-privileged commands include commands for granting and revoking privileges to
individual accounts, users, or user groups and for performing the following types of
actions:
1.Account creation
2.Privilege granting
3.Privilege revocation: this action permits the DBA to revoke (cancel) certain privileges
that were previously given to certain accounts.
4.Security level assignment: this action consists of assigning user accounts to the
appropriate security clearance level.

6
 Database Audits
• The database system also keep track of all operations on the database that are applied by a
certain user throughout each login session, which consists of the sequence of database
interactions that a user performs from the time of logging in to the time of logging off.
• The file used to record a users history in a particular session is system log (log file).
• Database audits: is a process of reviewing the log file (history) to examine all accesses
and operations applied to the database during a certain time period.
• When an illegal or unauthorized operation is found, the DBA can determine the account
number used to perform the operation.
• Database audits are particularly important for sensitive databases that are updated by
many transactions and users, such as a banking database that is updated by many bank
tellers.
• A database log that is used mainly for security purposes is sometimes called an audit trail.

7
 Inference control (Statistical database security)
• Statistical databases are used mainly to produce statistics about various
populations. The database may contain confidential data about individuals, which
should be protected from user access.
• However, users are permitted to retrieve statistical information about the
populations, such as averages, sums, counts, maximums, minimums, and standard
deviations.
• Statistical database security techniques must prohibit the retrieval of individual
data.
• This can be achieved by prohibiting queries that retrieve attribute values and by
allowing only queries that involve statistical aggregate functions such as
COUNT,SUM,MIN,MAX, AVERAGE, and STANDARD DEVIATION. Such
queries are sometimes called statistical queries.

8
 Inference control cont……
Example: As an illustration, consider the following statistical queries on a PERSON
table:
Q1: SELECT COUNT(*)FROM PERSON WHERE<condition>;
Q2: SELECT AVG(Income)FROM PERSON WHERE<condition>;
• However we may use this statistical queries for knowing the personal detail of
citizens.
Example: Modify query one in such away:
SELECT COUNT(*)FROM PERSON WHERE (Last_degree=‘Ph.D.’ AND
Sex=‘M’AND City=‘Jigjiga’ AND State=‘Ethiopian Somali’);
• If we get a result of 1 for this query then we know individual details using statistical
queries.

9
 Common Threats to a Database
• Unauthorized privilege escalation: This attack is characterized by an individual
attempting to elevate his or her privilege by attacking vulnerable points in the database
systems.
• Privilege abuse: While the previous attack is done by an unauthorized user, this attack is
performed by a privileged user. For example, an administrator who is allowed to change
student information can use this privilege to update student grades without the
instructor’s permission.
• A Denial of Service (DOS) attack is an attempt to make resources unavailable to its
intended users. It is a general attack category in which access to network applications or
data is denied to intended users by overflowing the buffer or consuming resources.
• Weak Authentication: If the user authentication scheme is weak, an attacker can
impersonate the identity of a legitimate user by obtaining their login credentials.

10
 Common Threats cont….
• Database Platform Vulnerabilities: vulnerabilities in underlying operating systems
(Windows, UNIX, Linux etc.) and additional services installed on a database server
may lead to unauthorized access, data corruption, or denial of service.
• Weak Audit Trail: organizations with weak (or sometimes non-existent) database audit
mechanisms will increasingly affected by attackers as well as insider.
• Database Communication Protocol Vulnerabilities: this attacks can be defeated with
technology commonly referred to as protocol validation. Protocol validation technology
essentially parses (disassembles) database traffic and compares it to expectations. In the
event that live traffic does not match expectations, alerts or blocking actions may be
taken.
• Backup Data Exposure: Backup database storage media is often completely
unprotected from attack. As a result, several high profile security breaches have
involved theft of database backup tapes and hard disks.

11
 SQL Injection
• SQL Injection attack, the attacker injects (inserts) a string input through the
application, which changes or manipulates the SQL statement to the attacker’s
advantage.
• An SQL Injection attack can harm the database in various ways, such as:
• Unauthorized manipulation of the database,
• Retrieval of sensitive data,
• It can also be used to execute system level commands that may cause the system
to deny service to the application.
• In the next slides we try to describes different types of injection attacks.

12
 SQL Injection cont….
• SQL Manipulation: a manipulation attack, which is the most common type of injection
attack, changes an SQL command in the application.
Example: SELECT * FROM users WHERE username = ‘jake’ and PASSWORD=
‘jakespasswd’.
• The attacker can try to change (or manipulate) the SQL statement, by changing it as
follows:
SELECT*FROM users WHERE username = ‘jake’ and (PASSWORD= ‘jakespasswd’
or ‘x’ = ‘x’):
• As a result, the attacker who knows that ‘jake’ is a valid login of some user is able to log
into the database system as ‘jake’ without knowing his password and is able to do
everything that ‘jake’ may be authorized to do to the database system.

13
 SQL Injection cont….
• Code Injection: this type of attack attempts to add additional SQL statements or
commands to the existing SQL statement by exploiting a computer bug, which is
caused by processing invalid data.
• The attacker can inject or introduce code into a computer program to change the
course of execution.
• Code injection is a popular technique for system hacking or cracking to gain
information.

14
 SQL Injection cont…..
• Function Call Injection: in this kind of attack, a database function or operating
system function call is inserted into a vulnerable SQL statement to manipulate the
data or make a privileged system call.
• For example, the dual table is used in the FROM clause of SQL in Oracle when a
user needs to run SQL that does not logically have a table name. To get today’s date,
we can use:
SELECT SYSDATE FROM dual;
• The following example demonstrates that even the simplest SQL statements can be
vulnerable.
SELECT TRANSLATE(‘user input’, ‘from_string’, ‘to_string’)FROM dual;
Example: SELECT TRANSLATE(“UTL_HTTP.REQUEST
(‘http://129.107.2.1/’)’’, ‘98765432’, ‘9876’) FROM dual;
15
 Protection Techniques against SQL
Injection
• Bind Variables (Using Parameterized Statements): the use of bind variables protects
against injection attacks and also improves performance.
Example: PreparedStatement stmt = conn.prepareStatement( “SELECT*FROM
EMPLOYEE WHERE EMPLOYEE_ID=?AND PASSWORD=?”);
stmt.setString(1, employee_id);
stmt.setString(2, password);
• Filtering Input (Input Validation): this technique can be used to remove escape
characters from input strings by using the SQL Replace function.
• Function Security: database functions, both standard and custom, should be restricted,
as they can be exploited in the SQL function injection attacks.

16
End of Chapter Four

17