Unit-4

Database Application Security Models: Introduction - Types of Users-

Security Models - Application Types - Application Security Models -
Data Encryption. Excessive privileges, SQL Injections-Countermeasures
of Malware, Countermeasures of Weak Audit Trail-DB Vulnerabilities
and Misconfiguration-Countermeasures of Denial of Service, Stolen
Database Backups - CONTROL METHODS: Access Control, Access
control models for XML databases, Inference Policy- User
Identification, Authentication, Accountability, Password Cryptography.
 Types of Users
• A database user is used to log on to an application.
• For each application user, a database account must be created and
assigned specific privileges.

Distinction between an application and a database:

Application:
• It is a program that solves a problem or performs for a specific
business function. Examples of application include MS word, Adobe
Acrobat Reader, and inventory program.
•
1. Application administrator is an application user that has application
privileges to administer application users and their roles, application
administrator do not require any special database privileges.
2. Application owner is a database user who owns application tables and
objects.
Database:
• It is collection of related data files used by an application. Database
Management system is a collection of program that maintains data
files.
• An application user is a record created for a user within the
application schema to use for authentication to the application. An
application user does not have database privileges or role assigned
to the user. All privileges and role are granted by the application
and are specific to the application.
The following is a list of the users.
• 1. Database administrator is a user account that has database administration
privileges that enable the user to perform any administration task.
• 2. Database User is a type of user account that has database roles and privileges
assigned to it.
• 3. Proxy User is a database user the has specific roles and privileges assigned
to it, the proxy user is employed to work on behalf of an application user, this
type is useful for adding and isolating application users from the database.
• 4. Schema owner is a database user that owns database objects.
• 5. Virtual user is an account that has access to the database through another
database user account; a virtual user is referred to in some case as a proxy user.
 Security Models
Access Matrix Model:
• This model uses a matrix to represent two main entities that can be used for any
security implementation.
• The columns are represented by object and the rows are subjects.
• An object can be a table, view, procedure, or any other database object a
subject can be a user, role, privilege, or a module.
• The intersection of a row and column is an authorization cell, representing the
access details on the object granted to the subject.
• The authorization cell can be access, operation, or commands.
• This model is based on the take-grant model. The model uses the subject and object
entities as the main security entities, and it uses access modes to indicate the tasks
that the subject is allowed to perform on the objects.
• The access modes are divided into static and dynamic modes. The level shown in the
table is a numeric value to indicate the degree of access.
 Application Type
• This section describes the commonly used application types to understand where
data security should be enforced.
1. Client/server Applications:
• Client/server architecture became a dominating configuration for all application
because it provides a flexible and scalable structure that could take advantage
of the processing power of the personal computer, the capacity and power of a
dedicated server.
• The client/server architecture, which is composed of three main components
found in client/server application. These components are usually spread out in
several tiers.
• Each tier has a logical or physical component, which can contain one or more of
the following components.
• User interface component represents all screen, reports, and codes that
handle the interaction between the user and the application.
• Business logic component contains all the code that performs data
validation and business rules implementation.
• Data access component contains code that retrieves, inserts, delete, and
update data.
• A client/server application consists of a minimum of two tiers. Normally
four to five tiers is the maximum configuration. The data access
component of the client/server architecture is the component
responsible for retrieving and manipulating data. The security module
should be embedded in this component.
2. Web Applications

• Client/server architecture once dominated business application, but not

for long.
• Application architecture evolved with the rise of dot-com and web-
based companies.
• This new client/server architecture is based on the web and is therefore
referred to as a web application.
• A web application uses the web to connect and communicate to the
server.
• A web application uses HTML page created using Active, java applets
or beans, or ASP these web pages embedded with other web services.
The components of the web application
• Web browser layer it is a program that allows users to navigate through web pages found
on the internet.
• Web server layer is a software program residing on a computer connected to the internet
that responds to requests submitted by the web browsers.
• Application server layer is a software program residing on a computer that is used for
data processing and for interfacing to the business logic and database server.
• Business logic layer is a software program that implements business rules.
• Database server layer is a software program that stores and manages data.
• In this architecture, each layer resides on a separate computer. The main reason for
separating web-application layers to reside on different computers is to distribute the
processing load for optimum performance.
3. Data Warehouse Applications

• Data warehouse are used in decision-support application to support executive

management in decision-making processes.
• A data warehouse is a collection of many types of data taken from a number
of different databases that support various corporate departments.
• The collection of data forms a snapshot of a business at a specific moment.
• The architecture of these types of data warehousing application is composed
of a database server on which the application data resides.
• The application data is extracted by a process that transforms the data to
warehouse mode.
• In additional, the data warehouse is accessed by software applications or
reporting applications called online analytical processing to retrieve
data and generate reports with the capability of data drilling and
mining.
• Data drilling involves the process of focusing on specific elements within a larger
dataset to extract detailed information.
Other Applications:
• These applications still require a security layer to protect them against
inappropriate access and execution of process. The security layer should be
embedded within the application.
• In additional, password should be protected by using an encryption
mechanism similar to database systems, the password is stored in a
configuration file or operation system registry file.
 Application Security Models
• The purpose of Application Security Model is to prevent attackers from accessing,
modifying or deleting sensitive or copyrighted data.
• The two main concepts of security model are their applications and implementation.
• The five different application security models that are commonly used by the industry
to provide data security and access protection at the table level.
The following lists outlines the security model:

1. Database role based.

2. Application role based.
3. Application function based.
4. Application role and function based.
5. Application table based.
1. Security Model Based on Database Roles

• This model depend on the application to authenticate the application users by

maintaining all end users in a table with their encryption password.
• In this model, each end user is assigned a database role, which has specific
database privilege for accessing application table.
• The user can access whatever privileges are assigned to the role.
• In this model, proxy user is needed to activate assigned roles.
• All roles are assigned to the proxy user.
• The architectural view of the model has common control columns prefixed with
CTL. These control columns contains information about manipulate record.
• CTL_INS_DTTM contains the date and time when the record was created.
• CTL_UPD_DTTM contains the date and time when the record was last updated.
• CTL_UPD_USER contains the user name that created the record or last updated the
record. This is important for auditing, tracking changes, and ensuring accountability
within the database system.
• CTL_REC_STAT can be used to indicate the status of the record. Common statuses
might include active, inactive, deleted, pending, or other states that are relevant to the
application's logic and workflow. This is essential for managing the lifecycle of records,
implementing business rules, and ensuring data integrity.
2. Security Model Based on Application Roles

• The concept of an application role security model are similar to the concept of
database role security model in that they are both methods for organizing and
administrating privileges. Application roles are mapped specifically to real
business roles.
• The security model that is based on application roles depends on the application to
authenticate the application users. Authentication is accomplished by maintaining
all end users in a table with their encrypted password.
• In this model, each end user is assigned an application role, and the application role is
provided with application privileges to read/write specific modules of the application.

APPLICATION_USERS:
• This is used to store and maintain all end users of the application with their encrypted
passwords.

APPLICATION_ROLES:
• All roles defined by the application and for each role a privilege is assigned. The
privilege can be read, write, or read/write.
The points need to be considered during security Model:
• This model is primitive and does not allow the flexibility required to make changes necessary for
security. For example a user called Scott who has a clerk role, and the clerk has privileges to
read, add, and modify. This means that Scott can perform these operations on all modules of the
application.
Privileges are limited to any combination of the following:
• read
• add
• delete
• update
• admin
• This model isolates the application security from the database, which make implementation of
database independent.
• Only one role is assigned to an application user.
• Maintenance of the application security does not require specific database privilege. This lowers
the risk of database violation.
• Passwords must be securely encrypted. preferably using private and public keys this case we
must modify the structure of APPLICATION_USER
3. Security Model based on Application Functions

• The security model that is based on application function depends on the

application to authenticate the application user by maintaining all end user in a
table with their encrypted password.
• In this model the application is divided into functions. For instance, if you were
using an inventory application we need to have a function name CUSTOMER that
maintain customers and another function name PRODUCTS for maintain
products, and so on
The following list presents characteristics of this security model:
• In this model the application security from the database, this makes
implementation independent.
• Maintenance of the application security does not require specific database
privileges which lower the risk of database violations.
• Password must be securely encrypted, preferably using private and public
key.
• In this case we must modify the structure of the APPLICATION_USERS
table by adding columns to store public and private keys.
• The application must be designed in a granular fashion.
• The more granular the privileges, the more effort are needed to implement
them.
4. Security Model based on Application Roles and Functions

• This security model is a combination of both the role and function security
models. The application roles and functions security model depends on the
application to authenticate the application users.
• The application authenticates users by maintaining all end users in a table with
their encrypted passwords.
• In this model the application is divided into function and roles are assigned to
function that are in turn assigned to users.
The following list present characteristics of this security model:
• This model provides flexibility for implementing application security.
• This model isolates the application security from the database, which make
implementation database independent.
• Maintenance of the application security does not require specific database privileges,
which lower the risk of database violations.
• Password must be securely encrypted, preferably using private and public keys. In
this case the structure of the APPLICATION_USER table by adding columns to store
public and private key.
• The application must use a real database user to log on and connect to the application
database. The user name and password must be encrypted and stored in a
configuration file.
• The application must be designed in a very granular fashion, which means that the
function or modules of the application perform specific task.
• The more granular the privileges, the more effort needed to implement them.
5. Security model based on Application Table

• This application security model depends on the application to authenticate

users by maintaining all end users in a table with their encrypted passwords.
The application provides privileges to the user based on tables, not on a role
or a function.
• An application user many be granted a read privilege on an application by adding
an entry in APPLICATION_USER_TABLES.
The following list present characteristics of this security model:
• This model isolates the application security from the database, which make
implementation database independent.
• Maintenance of the application security does not require specific database
privileges, which lowers the risk of database violations.
• Password must be securely encrypted, preferably using private and public
keys.
• The application must use a real database user to log on and connect to the
application database.
• Security is implemented easily by using table access privileges that are
assigned to each end user.
 Data Encryption
• Data Encryption is an important part of preserving data integrity, and
confidentiality.
• Data encryption is a security method where information is encoded
and can only be accessed or decrypted by a user with the correct
encryption key.
• Encrypted data, also known as ciphertext, appears scrambled or
unreadable to a person or entity accessing without permission.
Key Objective of Encryption Data
• Confidentiality: Encryption ensures that only authorized parties can
get access to data and recognize the information.
• Data Integrity: Encryption can also provide data integrity by making
sure that the encrypted data remains unchanged during
transmission. Any unauthorized changes to the encrypted
information will render it undecipherable or will fail integrity checks.
• Authentication: Encryption may be used as part of authentication
mechanisms to verify the identification of the communication party.
Types of Data Encryption
• There are multiple encryption techniques, each of which have been
developed with various security requirements.
The two types of data encryption are

1. Symmetric and
2. Asymmetric encryption
1. Symmetric Key Encryption
• There are a few strategies used in cryptography algorithms.
• For encryption and decryption processes, some algorithms employ a
unique key.
• In such operations, the unique key must be secured since the system
or person who knows the key has complete authentication to decode
the message for reading.
• This approach is known as “symmetric encryption” in the field of
network encryption.
2. Asymmetric Key Encryption
• Some cryptography methods employ one key for data encryption and
another key for data decryption.
• As a result, anyone who has access to such a public communication
will be unable to decode or read it.
• This type of cryptography, known as “public-key” encryption, is used
in the majority of internet security protocols.
• The term “asymmetric encryption” is used to describe this type of
encryption.
States of Data Encryption

• Data encryption in transit: Information that is actively moving from

one point to another, such as via the internet or over a private
network, is referred to as data in transit. Data is deemed less safe
when in transit due to the weaknesses of transfer techniques.
• Encryption of data at rest: Data encryption at rest decreases the risk
of data breach caused by lost or stolen devices, inadvertent password
sharing, or accidental permission granting by increasing the time it
takes to access information and providing the time required to
discover data loss, ransomware attacks, remotely erased data, or
changed credentials.