Database security

Database security
• Database security refers to the use of the DBMS
features and other related measures to comply
with the security requirements of the
organization.
• James martin, 1977 summarized the seven
essential attributes of database security strategy
as follows:
– Data is: Protected, Reconstructable, Auditable,
Tamperproof
– Users are: Identifiable, Authorized, Monitored
• Securing data requires a comprehensive,
company-wide approach. That is, you cannot
secure data if you do not secure all the processes
and systems around it.
• Securing data entails securing the overall
information system architecture, including
hardware systems, software applications, the
network and its devices, people (internal and
external users), procedures, and the data itself.
 Objectives in designing a secure
database system
• Confidentiality - deals with ensuring that data is
protected against unauthorized access, and if the data
is accessed by an authorized user, the data is used only
for an authorized purpose. I.e. a student should not be
allowed to view the grades of other students.
• Integrity - it is concerned with keeping data consistent
and free of errors, or anomalies. I.e. a student should
be allowed to view but not modify grades.
• Availability refers to the accessibility of data whenever
required by authorized users, for authorized purposes.
i.e. a lecturer should be allowed to modify student
grades when he/she so wishes.
 Security policy
• To achieve the objectives a clear and
consistent security policy should be developed
to describe what security measures must be
enforced.
• It answers the following questions:
• Where is our information?
• What information needs to be protected?
• Who are our users?
• What are their privileges?
 Database integrity
• Database Integrity
– Concern that the database as a whole is protected from damage
• Element Integrity
– Concern that the value of a specific element is written or
changed only by actions of authorized users
• Element Accuracy
– Concern that only correct values are written into the elements
of a database
• A security policy is a collection of standards, policies,
and procedures created to guarantee the security of a
system and ensure auditing and compliance. Policies
are general statements of direction or action that
communicate and support DBA goals.
• Standards describe the minimum requirements of a
given DBA activity; they are more detailed and specific
than policies. In effect, standards are rules that are
used to evaluate the quality of the activity.
• Procedures are written instructions that describe a
series of steps to be followed during the performance
of a given activity.
Security areas of consideration
– Data ownership
– Data classification – which data is crucial?
– Access control/cryptography – who can access what?
Where?
– Disposal - how do we dispose our data?
Data security technologies
– Disk encryption
– Hardware based mechanisms
– Backups
– Data erasure
 Security threats
• They can be broadly classified into
– Technological
– The human factor
– Natural calamities
• Security threats
– Theft of data
– System failure
– Computer fraud
– System bugs
– Power failure, accidental deletion/modification
– Hacking
– Telecommunication failure
– Operator error
– Virus problem
– Unknown risks
Countermeasures
– Technological – h/w, s/w
– Policies and procedures
– Education, training and awareness
DBA’s privileges
– Account creation
– Privilege granting
– Privilege revoking
– Security level assignment
Recommended security safeguards
• Change default system passwords.
• Change default installation paths.
• Apply the latest patches.
• Secure installation folders with proper access
rights.
• Make sure only required services are running.
• Set up auditing logs.
• Set up session logging.
• Require session encryption.
 Views in database security
• Views are a valuable tool in enforcing security
policies.
• A view can be used to create a window or a
collection of data that is appropriate for some
group of users.
• Views allow us to limit access to sensitive data
by providing access to a restricted version
(defined through a view) of that data rather
than to the data itself.
 Database audits
• Audit trail – a database log that is used mainly
for security purposes, it shows who did what,
when.
• It is impractical to do an audit trail for all
accesses because:
– It will slow down the process
– The trail will be large
• A user is a uniquely identifiable object that allows
a given person to log on to the database.
• A role is a named collection of database access
privileges that authorize a user to connect to the
database and use the database system resources.
• A profile is a named collection of settings that
control how much of the database resource a
given user can use.
 Roles
Three default roles:
– Connect Role allows user login and the ability to
create their own tables, indexes, etc.
– Resource Role is similar to the Connect Role, but
allows for more advanced rights such as the
creation of triggers and procedures.
– Database Administrator Role is granted all system
privileges needed to administer the database and
users.
 Access control
• Physical Access Controls
– Control over access to physical media of
information storage on computers / backups
• Communication Access Controls
– Control over hacking of information through
communication tools like telephone lines etc.
• Logical Access Controls
– Access controls for those, who have permission to
log on to the computer
 Passwords and cryptography
• Password protection:
– Too easy passwords for easy remembrance
– Complex passwords noted and kept in a
convenient place for remembrance
• Cryptography
– Science of converting plain text unintelligible and
converting encrypted messages into intelligible
form
 Access control mechanisms
• A typical enterprise database contains a great
deal of information and usually has several
groups of users, most users need to access only a
small part of the database to carry out their
tasks.
• Allowing users unrestricted access to all the data
can be undesirable, hence a DBMS offers two
main access control mechanisms:
– Discretionary access control(DAC)
– Mandatory access control(MAC)
 Discretionary Access control
• The DBMS subsequently keeps track of how
these privileges are granted to users, and
possibly revoked, and ensures that at all times
only users with the necessary privileges can
access all objects.
• SQL supports discretionary access control
through the following commands.
– GRANT command - gives privileges to users
– REVOKE command - takes away privileges.
 Discretionary Privileges
• Two levels of assigning privileges
– Account level: CREATE Acc, ALTER Acc, DROP Acc,
SELECT Acc
– Relation level: SELECT on R, MODIFY on R,
REFERENCES on R
 Discretionary Privileges
• Privilege
– System privileges allow a user to create or manipulate
objects, but do not give access to actual database
objects
– Object privileges are used to allow access to a specific
database object, such as a particular table or view and
are given at the view level
• Privileges can be:
– Granted
– Revoked
– Propagated
 Limitations of DAC
• The DAC mechanisms, while generally effective, have
certain weaknesses. In particular, a devious
unauthorized user can trick an authorized user into
disclosing sensitive data. Mandatory Access Control
solves this since it is based on system wide policies
that cannot be changed by individual users.
 Mandatory access control
• Mandatory access control is based on system wide policies
that cannot be changed by individual users.
• In this approach each database object is assigned a security
class, each user is assigned clearance for a security class,
and rules are imposed on reading and writing of database
objects by users.
• The DBMS determines whether a given user can read or
write a given object based on certain rules that involve the
security level of the object and the clearance of the user.
• These rules seek to ensure that sensitive data can never be
'passed on' to a user without the necessary clearance.
 Mandatory access control
• Security class
– Top secret(TS) > Secret(S) > Confidential(C) >
Unclassified(U).
– Subject class(S) and object class(O)
• Two security restrictions
– Subject S is not allowed read access to an object O
unless class(S) >= class(O)
– Subject S is not allowed write access to an object
O unless class(S) <= class(O)
 Role based access control (RBAC)
• In an organization roles are created for various job
functions hence permission to carry out certain tasks are
restricted to specific roles.
• Rules defined for RBAC:
– Role assignment - A subject can exercise a permission only if
the subject has selected or been assigned a role.
– Role authorization - A subject's active role must be authorized
for the subject. With rule 1 above, this rule ensures that users
can take on only roles for which they are authorized.
– Permission authorization - A subject can exercise a permission
only if the permission is authorized for the subject's active role.
With rules 1 and 2, this rule ensures that users can exercise only
permissions for which they are authorized.
 Backups
 Cold" backups allow backups when the
database is down.
 "Hot" backups allow backups to be done while
the database is up.
 Logical backups or "exports" take a snapshot
of the database at a given point in time by
user or specific table(s) and allow recovery of
the full database or of single tables if needed.
 Replication
• Database replication facilities can be used to create a
duplicate fail-over database site in case of system
failure of the primary database. A replicated
database can also be useful for off-loading large
processing intensive queries.
 Parallel servers
• Parallel Server makes use of two or more
servers in a cluster which access a single
database. A cluster can provide load
balancing, can scale up more easily, and if a
server in the cluster fails only a sub-set of
users may be affected.
 Data partitioning
• Data partitioning can be used by
administrators to aid in the management of
very large tables. Large tables can be broken
into smaller tables by using data partitioning.
One advantage of partitioning is that data that
is more frequently accessed can be
partitioned and placed on faster hard drives.
This helps to ensure faster access times for
users.
 Firewall
• A firewall is a device or set of devices designed to
permit or deny network transmissions based
upon a set of rules, it is frequently used to
protect networks from unauthorized access while
permitting legitimate communications to pass.
• A firewall can be implemented at the software or
at the hardware level.