Database security • Databasesecurity refers to the use of the DBMS features and other related measures to comply with the security requirements of the organization. • James martin, 1977 summarized the seven essential attributes of database security strategy as follows: – Data is: Protected, Reconstructable, Auditable, Tamperproof – Users are: Identifiable, Authorized, Monitored
3.
• Securing datarequires a comprehensive, company-wide approach. That is, you cannot secure data if you do not secure all the processes and systems around it. • Securing data entails securing the overall information system architecture, including hardware systems, software applications, the network and its devices, people (internal and external users), procedures, and the data itself.
4.
Objectives in designinga secure database system • Confidentiality - deals with ensuring that data is protected against unauthorized access, and if the data is accessed by an authorized user, the data is used only for an authorized purpose. I.e. a student should not be allowed to view the grades of other students. • Integrity - it is concerned with keeping data consistent and free of errors, or anomalies. I.e. a student should be allowed to view but not modify grades. • Availability refers to the accessibility of data whenever required by authorized users, for authorized purposes. i.e. a lecturer should be allowed to modify student grades when he/she so wishes.
5.
Security policy • Toachieve the objectives a clear and consistent security policy should be developed to describe what security measures must be enforced. • It answers the following questions: • Where is our information? • What information needs to be protected? • Who are our users? • What are their privileges?
6.
Database integrity • DatabaseIntegrity – Concern that the database as a whole is protected from damage • Element Integrity – Concern that the value of a specific element is written or changed only by actions of authorized users • Element Accuracy – Concern that only correct values are written into the elements of a database
7.
• A securitypolicy is a collection of standards, policies, and procedures created to guarantee the security of a system and ensure auditing and compliance. Policies are general statements of direction or action that communicate and support DBA goals. • Standards describe the minimum requirements of a given DBA activity; they are more detailed and specific than policies. In effect, standards are rules that are used to evaluate the quality of the activity. • Procedures are written instructions that describe a series of steps to be followed during the performance of a given activity.
8.
Security areas ofconsideration – Data ownership – Data classification – which data is crucial? – Access control/cryptography – who can access what? Where? – Disposal - how do we dispose our data? Data security technologies – Disk encryption – Hardware based mechanisms – Backups – Data erasure
9.
Security threats • Theycan be broadly classified into – Technological – The human factor – Natural calamities • Security threats – Theft of data – System failure – Computer fraud – System bugs – Power failure, accidental deletion/modification – Hacking – Telecommunication failure – Operator error – Virus problem – Unknown risks
10.
Countermeasures – Technological –h/w, s/w – Policies and procedures – Education, training and awareness DBA’s privileges – Account creation – Privilege granting – Privilege revoking – Security level assignment
11.
Recommended security safeguards •Change default system passwords. • Change default installation paths. • Apply the latest patches. • Secure installation folders with proper access rights. • Make sure only required services are running. • Set up auditing logs. • Set up session logging. • Require session encryption.
12.
Views in databasesecurity • Views are a valuable tool in enforcing security policies. • A view can be used to create a window or a collection of data that is appropriate for some group of users. • Views allow us to limit access to sensitive data by providing access to a restricted version (defined through a view) of that data rather than to the data itself.
13.
Database audits • Audittrail – a database log that is used mainly for security purposes, it shows who did what, when. • It is impractical to do an audit trail for all accesses because: – It will slow down the process – The trail will be large
14.
• A useris a uniquely identifiable object that allows a given person to log on to the database. • A role is a named collection of database access privileges that authorize a user to connect to the database and use the database system resources. • A profile is a named collection of settings that control how much of the database resource a given user can use.
15.
Roles Three default roles: –Connect Role allows user login and the ability to create their own tables, indexes, etc. – Resource Role is similar to the Connect Role, but allows for more advanced rights such as the creation of triggers and procedures. – Database Administrator Role is granted all system privileges needed to administer the database and users.
16.
Access control • PhysicalAccess Controls – Control over access to physical media of information storage on computers / backups • Communication Access Controls – Control over hacking of information through communication tools like telephone lines etc. • Logical Access Controls – Access controls for those, who have permission to log on to the computer
17.
Passwords and cryptography •Password protection: – Too easy passwords for easy remembrance – Complex passwords noted and kept in a convenient place for remembrance • Cryptography – Science of converting plain text unintelligible and converting encrypted messages into intelligible form
18.
Access control mechanisms •A typical enterprise database contains a great deal of information and usually has several groups of users, most users need to access only a small part of the database to carry out their tasks. • Allowing users unrestricted access to all the data can be undesirable, hence a DBMS offers two main access control mechanisms: – Discretionary access control(DAC) – Mandatory access control(MAC)
19.
Discretionary Access control •The DBMS subsequently keeps track of how these privileges are granted to users, and possibly revoked, and ensures that at all times only users with the necessary privileges can access all objects. • SQL supports discretionary access control through the following commands. – GRANT command - gives privileges to users – REVOKE command - takes away privileges.
20.
Discretionary Privileges • Twolevels of assigning privileges – Account level: CREATE Acc, ALTER Acc, DROP Acc, SELECT Acc – Relation level: SELECT on R, MODIFY on R, REFERENCES on R
21.
Discretionary Privileges • Privilege –System privileges allow a user to create or manipulate objects, but do not give access to actual database objects – Object privileges are used to allow access to a specific database object, such as a particular table or view and are given at the view level • Privileges can be: – Granted – Revoked – Propagated
22.
Limitations of DAC •The DAC mechanisms, while generally effective, have certain weaknesses. In particular, a devious unauthorized user can trick an authorized user into disclosing sensitive data. Mandatory Access Control solves this since it is based on system wide policies that cannot be changed by individual users.
23.
Mandatory access control •Mandatory access control is based on system wide policies that cannot be changed by individual users. • In this approach each database object is assigned a security class, each user is assigned clearance for a security class, and rules are imposed on reading and writing of database objects by users. • The DBMS determines whether a given user can read or write a given object based on certain rules that involve the security level of the object and the clearance of the user. • These rules seek to ensure that sensitive data can never be 'passed on' to a user without the necessary clearance.
24.
Mandatory access control •Security class – Top secret(TS) > Secret(S) > Confidential(C) > Unclassified(U). – Subject class(S) and object class(O) • Two security restrictions – Subject S is not allowed read access to an object O unless class(S) >= class(O) – Subject S is not allowed write access to an object O unless class(S) <= class(O)
25.
Role based accesscontrol (RBAC) • In an organization roles are created for various job functions hence permission to carry out certain tasks are restricted to specific roles. • Rules defined for RBAC: – Role assignment - A subject can exercise a permission only if the subject has selected or been assigned a role. – Role authorization - A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized. – Permission authorization - A subject can exercise a permission only if the permission is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized.
26.
Backups Cold" backupsallow backups when the database is down. "Hot" backups allow backups to be done while the database is up. Logical backups or "exports" take a snapshot of the database at a given point in time by user or specific table(s) and allow recovery of the full database or of single tables if needed.
27.
Replication • Database replicationfacilities can be used to create a duplicate fail-over database site in case of system failure of the primary database. A replicated database can also be useful for off-loading large processing intensive queries.
28.
Parallel servers • ParallelServer makes use of two or more servers in a cluster which access a single database. A cluster can provide load balancing, can scale up more easily, and if a server in the cluster fails only a sub-set of users may be affected.
29.
Data partitioning • Datapartitioning can be used by administrators to aid in the management of very large tables. Large tables can be broken into smaller tables by using data partitioning. One advantage of partitioning is that data that is more frequently accessed can be partitioned and placed on faster hard drives. This helps to ensure faster access times for users.
30.
Firewall • A firewallis a device or set of devices designed to permit or deny network transmissions based upon a set of rules, it is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. • A firewall can be implemented at the software or at the hardware level.