Department of Computer Science and Engineering

(CSE)

Chapter 5

(Database Security)
Database Security: Introduction, Threats, Counter Measures.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security
Database Security - protection from malicious attempts to steal (view)
or modify data.

University Institute
Database of Engineering (UIE)
and Application
 Department of Computer Science and Engineering
(CSE)

Database Security Issues

Types of Security
Legal and ethical issues
Policy issues
System-related issues
The need to identify multiple security levels

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Threats
Threat is any intentional or accidental event that may adversely affect the
system.
Examples of threats:
- Using another persons log-in name to access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
- Etc.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security Issues

Threats to databases
Loss of integrity
Loss of availability
Loss of confidentiality

To protect databases against these types of threats four kinds of

countermeasures can be implemented:
Access control
Inference control
Flow control
Encryption
RAID Technology

University Institute of Engineering (UIE) Slide 23- 5

 Department of Computer Science and Engineering
(CSE)

Database Security Issues

The security mechanism of a DBMS must include
provisions for restricting access to the database as a
whole
This function is called access control and is handled
by creating user accounts and passwords to control
login process by the DBMS.

The security problem associated with databases is that of controlling the

access to a statistical database, which is used to provide statistical
information or summaries of values based on various criteria.
The countermeasures to statistical database security problem is
called inference control measures.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security Issues

Another security is that of flow control, which prevents information
from flowing in such a way that it reaches unauthorized users.
Channels that are pathways for information to flow implicitly in ways
that violate the security policy of an organization are called covert
channels.
A final security issue is data encryption, which is used to protect
sensitive data (such as credit card numbers) that is being transmitted via
some type communication network.
The data is encoded using some encoding algorithm.
An unauthorized user who access encoded data will have difficulty
deciphering it, but authorized users are given decoding or decrypting
algorithms (or keys) to decipher data.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

RAID
Redundant Array of Independent Disks
The hardware that the DBMS is running on must be fault-tolerant, meaning
that the DBMS should continue to operate even if one of the hardware
components fails.

One solution is the use of RAID technology.

RAID works on having a large disk array comprising an arrangement of

several independent disks that are organized to improve reliability and at the
same time increase performance.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security and DBA

The database administrator (DBA) is the central authority for managing
a database system.
The DBAs responsibilities include
granting privileges to users who need to use the system
classifying users and data in accordance with the policy of the
organization
The DBA is responsible for the overall security of the database system.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security and DBA

The DBA has a DBA account in the DBMS
Sometimes these are called a system or superuser account
These accounts provide powerful capabilities such as:
1. Account creation
2. Privilege granting
3. Privilege revocation
4. Security level assignment
Action 1 is access control, whereas 2 and 3 are discretionarym and 4
is used to control mandatory authorization

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security and DBA

Whenever a person or group of person s need to access a database
system, the individual or group must first apply for a user account.
The DBA will then create a new account id and password for the
user if he/she deems there is a legitimate need to access the database
The user must log in to the DBMS by entering account id and password
whenever database access is needed.

University Institute of Engineering (UIE) Slide 23- 11

 Department of Computer Science and Engineering
(CSE)

Levels of Data Security

Human level: Corrupt/careless User
Network/User Interface
Database application program
Database system
Operating System
Physical level

12
University Institute
Database of Engineering (UIE)
and Application
 Department of Computer Science and Engineering
(CSE)

Physical/OS Security
Physical level
Traditional lock-and-key security
Protection from floods, fire, etc.
E.g. WTC (9/11), fires in IITM, WWW conf website, etc.
Protection from administrator error
E.g. delete critical files
Solution
Remote backup for disaster recovery
Plus archival backup (e.g. DVDs/tapes)
Operating system level
Protection from virus/worm attacks critical

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Encryption
E.g. What if a laptop/disk/USB key with critical data is lost?
Partial solution: encrypt the database at storage level, transparent to
application
Main issue: key management
E.g. user provides decryption key (password) when database is
started up
Supported by many database systems
Standard practice now to encrypt credit card information, and other
sensitive information

University Institute of Engineering (UIE)

 Database/Application Program
Authentication and authorization
mechanisms to allow specific users
access only to required data
Authentication:
who are you? Prove it!
Authorization:
what you are allowed to do

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)
Network Security
Network level: must use encryption to prevent
Eavesdropping: unauthorized reading of messages
Masquerading:
pretending to be an authorized user or legitimate site, or
sending messages supposedly from authorized users
Handled by secure http - https://

Must prevent person-in-the-middle attacks

E.g. someone impersonates seller or bank/credit card company and
fools buyer into revealing information

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Human level /User Authentication

Password
Most users abuse passwords. For e.g.
Easy to guess password
Share passwords with others
Smartcards
Bill Gates
Need smartcard
+ a PIN or password

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Database Security Issues

A DBMS typically includes a database security and authorization
subsystem that is responsible for ensuring the security portions of a
database against unauthorized access.

Two types of database security mechanisms:

Discretionary security mechanisms
Mandatory security mechanisms

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Discretionary Access Control

The typical method of enforcing discretionary access control in a
database system is based on the granting and revoking privileges.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Authorization
Forms of authorization on (parts of) the database:
Read authorization - allows reading, but not modification of data.
Insert authorization - allows insertion of new data, but not
modification of existing data.
Update authorization - allows modification, but not deletion of data.
Delete authorization - allows deletion of data

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Security Specification in SQL

The grant statement is used to confer authorization
grant <privilege list>
on <relation name or view name> to <user list>
<user list> is:
a user-id
public, which allows all valid users the privilege granted
A role (more on this later)
Granting a privilege on a view does not imply granting any privileges
on the underlying relations.
The grantor of the privilege must already hold the privilege on the
specified item (or be the database administrator).

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Privileges in SQL
select: allows read access to relation,or the ability to query using the
view
Example: grant users U1, U2, and U3 select authorization on the
branch relation:
grant select on branch to U1, U2, U3
insert: the ability to insert tuples
update: the ability to update using the SQL update statement
delete: the ability to delete tuples.
references: ability to declare foreign keys when creating relations.
usage: In SQL-92; authorizes a user to use a specified domain
all privileges: used as a short form for all the allowable privileges

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Revoking Authorization in SQL

The revoke statement is used to revoke authorization.
revoke<privilege list>
on <relation name or view name> from <user list> [restrict|cascade]
Example:
revoke select on branch from U1, U2, U3 cascade
Revocation of a privilege from a user may cause other users also to lose
that privilege; referred to as cascading of the revoke.
We can prevent cascading by specifying restrict:
revoke select on branch from U1, U2, U3 restrict
With restrict, the revoke command fails if cascading revokes are
required.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)

Mandatory Access Control for

Multilevel Security
The discretionary access control techniques of granting and revoking
privileges on relations has traditionally been the main security
mechanism for relational database systems.
This is an all-or-nothing method:
A user either has or does not have a certain privilege.
In many applications, and additional security policy is needed that
classifies data and users based on security classes.
This approach as mandatory access control, would typically be
combined with the discretionary access control mechanisms.

University Institute of Engineering (UIE)

 Department of Computer Science and Engineering
(CSE)
Mandatory Access Control for
Multilevel Security
Typical security classes are top secret (TS), secret (S), confidential (C),
and unclassified (U), where TS is the highest level and U the lowest: TS
SCU

The commonly used model for multilevel security, known as the Bell-
LaPadula model, classifies each subject (user, account, program) and
object (relation, tuple, column, view, operation) into one of the security
classifications, T, S, C, or U:
Clearance (classification) of a subject S as class(S) and to the
classification of an object O as class(O).

University Institute of Engineering (UIE)