You are on page 1of 32

Database Security,

Authorization, & Encryption

Sahil Bhagat
Database Security, Authorization, and Encryption
1. Introduction to Database Security
2. Auditing and Access Control
3. Flow Control
4. Encryption and Decryption
5. (DBA) Database Administrator Security
6. Privileges
7. Authorization
8. Types of Securities for Database
• Physical
• Network
• Programming
9. Backups
10. Data Integrity
Database Security
• An organized collection of data Types of Security
• Data is typically organized to • Legal and ethical issues
model aspects of reality in a way
that supports processes requiting • Policy issues
information. • System-related issues
ex. Hotel Booking System, Airline • The need to identify multiple security
Reservations, and Warehouse levels
Inventory

Database Security refers to the collective measures used to


protect and secure a database or database management software
from illegitimate use and malicious threats and attacks.
Database Security

Threats to DB
• Loss of integrity
• Loss of availability
• Loss of confidentiality
To protect DB against these types of threats four A DBMS includes a DB security and authorization
kinds of countermeasures can be implemented: subsystem that ensures security against
• Access control
unauthorized access

• Inference control
• Flow control
2 types of DB security mechanisms:

• Encryption
1. Discretionary security mechs
2. Mandatory security mechs
Database Security (Continued)
Access Control is a security mechanism that
restricts unauthorized access by handling user
accounts and passwords

A security issue associated with DB is controlling


access to a statistical DB, which provides stats or
summaries of values based on criteria
• one countermeasure to this is called inference
control measures

Flow control prevents information from flowing


to unauthorized users by use of covert channels,
which are information pathways
Access Control Auditing
• Refers to security features that control who • Monitoring and recording of selected user
can access resources in the OS database actions
• Apps call access control functions to set who
• Database adninistrators and consultants often
can access resources or control access to
resources provided by the app set up auditing for security purposes

• Mechanism of authorization to enforce that ex. Ensures that users do not access information
requests to a system resource or functionality without permission
should be granted
• Gives administrators the ability to control,
restrict, monitor, and protect resource
availabilty, integrity, and confidentiality
• Access controls are security features that
control how users and systems communicate
and teract with other systems and resources
Role-Based Access Control

• Role-based access control(RBAC) emerged in


the 1990s for managing and enforcing security
in large-scale enterprise wide systems • RBAC is a good model for addressing the key
security requirements of Web-based
• Roles can be created using the CREATE ROLE applications; whereas, DAC and MAC models
and DESTROLY ROLE commands. lack capabilities needed to support the security
• RBAC is an alternative to traditional requirements for enterprises and Web-based
discretionary and mandatory access controls; it applications
ensures that only authorized users are given
access to vertain data or resources.
Discretionary Access Control VS Mandatory Access
Control

MAC policies ensure a high degree of protection because


DAC policies are characterized
it restricts any illegal flow of information.
by a high degree of flexibility,
making them suitable for a • Mandatory policies have a drawback of being too rigid
variety of application domains. and only applicable in limited environments.
• DAC models are vulnerable
to attacks, such as Trojan In many practical situations, discretionary policies are
horses embedded in preferred because they provide better trade-offs between
applications security and applicability.
Flow Control

Flow control regulates the distribution or flow of information among accessible objects.
ex. A flow between object X and Y occurs when a program reads values from X and writes
values into Y

A flow policy specifies the channels along which information is allowed to move.
• 2 classes of information
1. confidential(C)
2. nonconfidential(N)
Database Security (Continued)

• A final issue is data encryption, which is used to protect sensitive


information such as credit card numbers
Encryption
• In cryptography, encryption is the process of encoding messages or
information in such a way that only authorized parties can read it
• Converts data to a cipher text format that cannot be easily understood by
unauthorized personnel
• Enhances security of files and messages by scrambling the contents so that
it can be read only by someone who has the encryption key
• This process is called decryption
Encryption (Continued)

• "Masks" data for secure transmission or • Symmetric Encryption:


storage 1. Encryption key = decrption key; all authorized
users know decryption key(a weakness)
1. Encrypt(data, encrption key) = encrpted data
2. DES, has 56-bit key; AES has 128-bit,192-bit
2. Decrypt(encrypted data, decryption key = or 256-bit
original data
• Public-Key Encryption (Asymmetric): has 2
3. Without decryption key, the encrypted data is keys
meaningless 1. User's public encryption key: Known to all
2. Decryption key: Known only to this user
Encryption (Example)

CREATE ASYMMETRIC KEY Sales09 WITH ALGORITHM= RSA_2048


An asymmetric key is a securable
ENCRYPTION BY PASSWORD = '<enterStrongPasswordHere>'; entity at the database level. In its
default form, this entity contains both
Creating an asymmetric key a public key and a private key. When
executed without the FROM clause,
CREATE ASYMMETRIC KEY generates
a new key pair. When executed with
CREATE ASYMMETRIC KEY Sales AUTHORIZATION Ashley the FROM clause, CREATE
FROM FILE = 'c:\Sales\Managers\Ashley.tmp' ENCRYPTION BY ASYMMETRIC KEY imports a key pair
PASSWORD = '<enterStrongPasswordHere>'; from a file or imports a public key from
an assembly.
Encryption: Creating an asymmetric key from a file,
giving authorization to a user
Decryption (Example)
-- First, open the symmetric key with which to decrypt the data. • A secret key algorithm, symmetric algorithm,
is a cryptographic algorithm that uses the
OPEN SYMMETRIC KEY SSN_Key DECRYPTION BY
same key to encrypt and decrypt data.
CERTIFICATE HResources037;
• DecryptByKey uses a symmetric key. This
SELECT NationalIDNumber, EncryptedNationalID
symmetric key must already be open in the
AS 'Encrypted ID Number', CONVERT(nvarchar, database.
DecryptByKey(EncryptedNationalID)) • There can be multiple keys open at the same
AS 'Decrypted ID Number' time. You do not have to open the key
FROM HResources.Employee; immediately before decrypting the cipher
text.
Decrypting by using a symmetric key • Symmetric encryption and decryption is
relatively fast, and is suitable for working with
large amounts of data.
Encryption and Decryption (Continued)
An encryption key infrastructure is made up of 6 items:
• Plaintext: the data, which is a readable message, is fed
into the algorithm as input.
• Encryption algorithm: completes several alterations to
the plaintext.
• Public and private keys: pair of keys that have been
selected in case one key is used for decryption, then the
other is used for encryption.
• The exec conversions done by the encryption algorithm
hinge on the public or private key that is provided as
input.
• Ciphertext:
• Is the scrambled message produced as output. It
depends on the plaintext and the key.
• Decryption algorithm:
• This algorithm accepts the ciphertext and the matching
key and produces the original plaintext.
Digital Signatures
• Digital Signature: an example of using encryption methods to
provide authentication services in e-commerce applications.
• Digital Signature: combining a unique streak to an individual
with a body of text.
• The streak, digital signature, should be memorable, others should
be capable of knowing that the signature does come from the
creator.

• A digital signature consists of a string of symbols.


• Public key methods are the means of creating digital signatures.
• For each use, signature must be different. This can be accomplished
by creating each digital signature a function of the message that it is
signing, plus a time stamp.
DB security and the DBA
The database administrator(DBA) is the central authority for database
management
• He or she is responsible for
1. granting privileges to use the system
2. classifying users and data according to the policy of the organization
The DBA is responsible for the overall security of the system
DB security and the DBA
The DBA has a DBA account in the DBMS called the superuser account

These accounts can: A database management system (DBMS) is system


1. create accounts software for creating and managing databases. The
2. grant privileges DBMS provides users and programmers with a
3. revoke privileges systematic way to create, retrieve, update and
4. assign security levels manage data. A DBMS makes it possible for end users
to create, read, update and delete data in a database.
DB security and the DBA
When someone must access the system the DBA must create a id and password for
the new user account

DBA use a system log to record all operations done during a login session

If any damage is done to the DB during a login session the DBA carries out a database
audit to review all changes
• the DB log used for security purposes is the audit trail
Types of Discretionary Privileges

Enforcement of discretionary access control is based on granting and revoking privileges


• account level- DBA specifies the privileges that each account holds independently of the
relations in the DB
• ex. CREATE SCHEMA or CREATE TABLE, CREATE VIEW, ALTER, DROP,MODIFY, and
SELECT
• relation level- DBA controls privileges to access each relation or view in the DB
1. to control granting and revoking of relation privileges each relation R in a DB is assigned an
owner account, which is typically the account that created it
2. ex. SELECT privilege on R: gives account retrieval privilege
MODIFY privileges on R: gives account the capability to modify
Revoking & Granting Privileges
The DMA can revoke privileges by using one of the following:
• Revoke SELECT ON viewname FROM username;
• REVOKE privileges ON object FROM user;

Users can grant privileges to another account by using the GRANT OPTION,
which means that secondary accounts can grant privileges to tertiary
accounts. Examples:
• GRANT CREATETAB TO A1;
• GRANT SELECT, INSERT, UPDATE, DELETE ON employees TO username;
Oracle Privileges

Why Is It Important to Restrict


System Privileges?
Because system privileges are so powerful, by default the database is configured to
prevent typical (non-administrative) users from exercising the ANY system privileges
(such as UPDATE ANY TABLE) on the data dictionary.

Guideline to secure user accounts and privileges:


• Practice the principle of least privilege.
• Grant necessary privileges only.
• Lock and expire default (predefined) user accounts.
Example: ALTER USER ANONYMOUS PASSWORD EXPIRE ACCOUNT LOCK;
• Monitor the granting privileges
Authorization

• Is the function of specifying access


rights to resources related to
information security, general
computer security and control access
• Is to define access policy
• Process of giving someone permission
to do or have something
Types of Authorization

• Read Authorization
• Update Authorization
• Alter Authorization
• changes the ownership of a database
Control who can view fields of your R by
using VIEW

ex. If the owner X of a R wants another account Y to be able to retrieve only some
fields of R, then X can create a view V of R that includes only those attributes and
then grant SELECT on V to Y.
Statistical DB Security

Statistical DB are used to produce stats on various populations and can include
confidential data
• users are permitted to retrieve statistical queries by using COUNT, SUM,
MIN, MAX, AVERAGE, and STANDARD DEVIATION.
Physical Security
• Physical security is a non-technical security. With this security, you are able to
protect your database form natural disasters, burglary, theft, vandalism, and
terrorism.
1. Using CCTV cameras
2. Making fire doors exit only
3. Limiting entry points of buildings
4. Planning for bomb detection
5. Having redundant utilities such as electricity, water, voice and data
6. Using biometric identification
Network Security

• Network security refers to the links, routers, and switches, which allow hosts to
communicate with one another. It basically ensures that the data cannot be compromised,
and that the data is not accessible to anyone who is not authorized to see it. The IT
department is responsible for providing secure and reliable network experience.
1. Providing confidentiality of data guarantees that only authorized users can view the
snsitive information
2. Firewalls
3. Using intrusion detection
4. Using traffic level monitoring
5. Using host-based packet
Programming Security
• Programming Securities such as Server Security, Databasse Connections,
Table Access Control etc.
1. Your database back end should never be on the same macahine as your
web server for security and performance purposes
2. Updates to a database via a web page by users should be validated and
updates should be warranted and safe
3. Table access control should be a collaboration of both the system
administrators and the database developer
Backups
• Duplicates the intended database
• Sindle operation that is usually
scheduled at regular intervals
• Self-contained
ex. Cloud storage, USB drives, RAID3,
hard copy
Data Integrity
• Maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and
is a critical aspect to the design, implementation and usage of any system which stores,
processes, or retrieves data
• Ensures the quality of the data in the database
• Can be compromised in multiple ways:
1. Human error during entry
2. Errors that occur when data is transmitted form one computer to another
3. Software bugs and viruses
4. Hardware malfunctions ex. disk crashes
5. Natural disasters
• Ways to minimize threats to data integrity
1. Regular backups
2. Controlling access to data via security mechanisms
3. Designing user interface that prevents the input of invalid data
4. Using error detection and correction software when transmitting data
Conclusion
Database Security refers to the collective measures used to protect
and secure a database or database management software from
illegitimate use and malicious threats and attacks.

Threats: Preventions:
• Loss of integrity • Access control
• Loss of availability • Inference control
• Loss of confidentiality • Flow control
• Encryption

You might also like