1 advanced database course (esed5204) eng. hanan alyazji university of palestine software...

1

Advanced Database Course

(ESED5204)

Eng. Hanan Alyazji

University of PalestineSoftware Engineering Department

2

Database Security

3

Security

Secrecy: Users should not be able to see things they are not

supposed to.

Security: is keeping unauthorized entities from doing things you

don’t want them to do.

A security policy: is a statement of what is and what is not

allowed.

A security mechanism: is a method, tool, or procedure for

enforcing a security policy.

4

Security types

Computer Security:

Generic name for the collection of tools designed to protect

data and to thwart hackers.

Network Security:

Measures to protect data during their transmission.

Internet Security:

Measures to protect data during their transmission over a

collection of interconnected networks.

5

Database Security

Database Security is the protection of the data against accidental

or intentional loss, destruction, or misuse.

Database system security is more than securing the database.

Secure database.

Secure DBMS.

Secure applications.

Secure operating system in relation to database system.

Secure web server in relation to database system.

Secure network environment in relation to database system.

6

Basic Component of data security

Generally Security is:

Confidentiality.

Protection of data from unauthorized disclosure.

Who is authorized to use data?

Integrity. Assurance that data received is as sent by an authorized entity.

Availability.

Can access data whenever.

C I

A

S

S = Secure

7

Confidentiality

Confidentiality: The property that information is not made

available or disclosed to unauthorized individuals, entities.

Not the same as privacy.

Privacy: The right of an entity (normally a person), acting in

its own behalf, to determine the degree to which it will interact

with its environment, including the degree to which the entity is

willing to share information about itself with others.

Privacy is a reason for confidentiality.

8

Integrity

Integrity: Users should not be able to modify things they are

not supposed to. Data integrity: The property that data has not been changed,

destroyed, or lost in an unauthorized or accidental manner.

System integrity: The quality that a system has when it can

perform its intended function in a unimpaired manner, free

from deliberate unauthorized manipulation.

9

Availability

Availability: authorized users should be able to see and modify

things they are allowed to.

The property of a system or a system resource being accessible

and usable upon demand by an authorized system entity, according

to performance specifications for the system.

i.e., a system is available if it provides services according to the

system design whenever users request them.

Note: Turning off a computer provides confidentiality and

integrity, but hurts availability...

10

Goals of Security

Prevention

Prevent attackers from violating security policy.

Detection

Detect attackers’ violation of security policy.

Recovery

Stop attack, assess and repair damage.

Continue to function correctly even if attack succeeds.

11

Security For:

Vulnerability: An error or weakness in the design, implementation,

or operation of a system.

Vulnerability = a weakness in a security system.

Attack: A means of exploit some vulnerability in a system.

Threat: An adversary that is motivated and capable of exploiting

a vulnerability.

Threat = circumstances that have a potential to cause harm.

12

Security Problems

Information when stored, is subject to:

Copying (and distributing) by unauthorized person.

Modification by unauthorized person.

Information when sent over network, is subject to:

Eavesdropping by unauthorized person.

Modification by unauthorized person.

Organization’s network is subject to:

Access internal resource.

Denial of service attack.

Be used as springboard to attack other networks.

13

Security Attacks

Eavesdropping:

Messages get tapped on its way from source to destination.

Tampering:

Changing contents of messages, inserting erroneous messages,

possibly replacing valid ones.

Replay:

Capture earlier (may be encrypted) messages and send it again.

Impostering (masquerading):

Impostering client to get access to service,

Impostering server to get information from client.

14

Examples of Attackers:

Scan your system for confidential documents.

Corrupt information on your system.

Use your system to store pirated software.

Cause your system to crash.

Use your credit card number stored in computer.

Block access to your system.

Install applications in your system.

15

Threats to data security can come from: Accidental losses:

Attributable to Human error.

Software or hardware failure:

By using procedures on user authorization, uniform software

installation procedures, hardware maintenance.

Theft and fraud.

Loss of privacy (personal data).

Loss of confidentiality (corporate data).

Loss of data integrity (invalid/corrupt data).

Loss of availability.

16

Security policy

Security policy = set of permissions.

A set of requirements and guidelines to ensure a desired level

of security for the activities performed in the system.

Examples:

Messages can only be read by the intended recipient.

Files can only be written by respective owners.

Service should be free from replaying attacks.

The system is secure if and only if the security policy cannot be violated.

17

Security Categories

1. Physical Security.

2. Technological Security.

Application Security.

Operating System Security.

Network Security.

3. Policies & Procedures.

All Three Required for securing database and grantee data is

protected.

18

1. Physical Security: Limit access to physical space to prevent asset theft and

unauthorized entry.

Protecting against information leakage and document theft.

Examples: Computing resources. Storage (live and backups). Communications and remote access. Support (power and cooling).

19

2. Technological Security:

2.1 Application Security: No flaws in identity verification process. Configure server correctly (local files, database content)

2.2 Operating System & Network Security:

Applications use operating system for many functions.

Operating System code likely contains vulnerabilities.

Regularly download patches to eliminate.

Network Security: mitigate malicious traffic.

Tools: Firewalls & Intrusion Detection Systems.

20

3 .Policies & Procedures:

Guard sensitive corporate information.

Employees need to be aware, be educated to be somewhat paranoid

and vigilant.

Example:

Personal attack:

Taking advantage of unsuspecting employees or person.

(e.g. attacker gets employee to divulge his username & password)

21

Security Concepts

Seven Keys Security Concepts:

1. Authentication. Ensure the user is who he/she claims to be.

2. Authorization.

Deal with who can access what and in what mode.

3. Confidentiality.

Protect content of data from being reviled to unauthorized

party.

4. Data / Message Integrity

Ensure data has not been changed

22

5. Accountability

Ability to determine the attacker or principal.

6. Availability

Service/resource is accessible to legitimate use

7. Non-Repudiation

Message sender cannot deny later having sent it.

23

Authorization

Checking whether a user has permission to conduct some

action.

Identity is the key for Authority.

Is a “subject” allowed to access an “object” (open a file)?

Access Control List: mechanism used by many operating

systems to determine whether users are authorized to

conduct different actions.

24

Access Control Model

An Access Control Model includes:

Subjects

Computers,Processes, The system.

Objects

Data, Programs.

Actions

The subjects can performed on the objects(select,Insert, delete,...)

Security Policy

Defines the authorization rules (permissions).

25

Security System

Objects

SubjectsAccess control

26

Access Control Lists (ACLs)

Set of three - tuples

(User, Resource, Privilege)

Specifies which users are

allowed to access which

resources with which

privileges.

Privileges can be assigned

based on roles (e.g. admin).

UserResourcePrivilege

Alice/office/Alice*/Read, write, execute

Bob/home/Bob*/ Read

A Simple ACL

27

Security Models

Access Matrix Model:

Represents two main entities: objects and subjects

Columns represent objects

Rows represent subjects

Objects: tables, views, procedures, database objects

Subjects: users, roles, privileges, modules

Access levels: a subject has access to objects at its level

and all levels below it.

28

Access matrix Security Models

29

Access Modes: Static Modes Dynamic modes

30

31

Roles

Named group of related privileges that are granted to users or

other roles.

Used to group users.

Can reduce hundreds of thousands of security settings to

hundreds of security settings.

If user is in multiple roles, will gain privileges of each role.

32

Privileges

Privileges allow users to perform specific actions in the database.

There are two types of privileges:

1. Object Privileges: allow the user to have access to the data

within an object or execute a stored program.

2. System Privileges: allow the user to logon to the system

and create or manipulate objects.

33

Object Privileges

ALTER : Change the definition of a table.

SELECT : Query the data in a table or view.

DELETE : Delete records from a table or view.

INSERT : Add records to a table or view.

EXECUTE : Run stored procedures and functions.

INDEX : Create an index on a table.

READ : Allow the user to view from a directory.

UPDATE : Modify the data in a table or view. REFERENCE : Create a reference to a table.

34

Account System Privileges

Each ACCOUNT can be allocated many SYSTEM

PRIVILEGEs and many ROLEs

An ACCOUNT has all the PRIVILEGEs

A ROLE can have many SYSTEM PRIVILEGEs and it may

also have a relationship to other ROLEs

ROLEs simplify the administration of the database.

A set of privileges can be assigned to or removed from a

ROLE just once.

35

Oracle Security

Oracle security components: An ACCOUNT is a user account A PROFILE is a set of system resource that are assigned to an

account. A PRIVILEGE is the right to perform a task A ROLE consists of groups of PRIVILEGEs and other ROLEs

36

SQL GRANT Command

The GRANT command gives permissions to users to access and change data.

GRANT privileges ON tablename TO { grantee ... } [ WITH GRANT OPTION ]

Possible privileges are: SELECT: user can retrieve data. UPDATE: user can modify existing data. DELETE: user can remove data. INSERT: user can insert new data. REFERENCES: user can make references to the table. GRANT: is used to grant privileges to users.

37

REVOKE command

The REVOKE command removes permissions from users to

access and change data.

Removes privileges to access a table.

REVOKE {SELECT, INSERT, UPDATE, DELETE} ON

tablename FROM username.

Example

Remove privileges from Smith to insert or delete from emp

REVOKE INSERT, DELETE ON emp FROM smith

38

Application Security Models

Models:

Database role based.

Application role based.

Application function based.

Application role and function based.

Application table based.

39

Security Model Based on Database Roles

Application authenticates application users:

Maintain all users in a table.

Each user is assigned a role. roles have privileges assigned to them

A proxy user is needed to activate assigned roles; all roles are assigned to the proxy user

Model and privileges are database dependent.

40

Security Model Based on Database Roles

Schema User: Oracle user that owns all database objects.

Application User: Oracle user that need access to those schema objects.

41

Security Model Based on Database Roles

Implementation in Oracle:

Create users

Add content to your tables

Add a row for an application user

Look for application user’s role

Activate the role for this specific session

42

Security Model Based on Application Roles

Application roles are mapped to real business roles.

Application authenticates users.

Each user is assigned to an application role.

Application roles are provided with application privileges

(read and write)

43

Security Model Based on Application Roles

44

Security Model Based on Application Functions

Application authenticates users.

Application is divided into functions.

Considerations:

Isolates application security from database.

Passwords must be securely encrypted.

Must use a real database user.

Granular privileges require more effort during implementation.

45

Security Model Based on Application Functions

46

Security Model Based on Application Roles and Functions

Combination of models.

Application authenticates users.

Application is divided into functions:

Roles are assigned to functions.

Functions are assigned to users.

Highly flexible model.

47

Security Model Based on Application Roles and Functions

48

Security Model Based on Application Tables

Depends on the application to authenticate users.

Application provides privileges to the user based on tables; not

on a role or a function.

User is assigned access privilege to each table owned by the

application owner.

49

Security Model Based on Application Tables

50

Questions?

?