Professional Documents
Culture Documents
Database Security
Chapter 24
Fall 2014
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System
Concepts (5/6) (Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ),
Database Systems: Complete Book (Garcia-Molina et al.)
What is a Threat?
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
Amateurs,
Crackers
Organized Crime
Information Warfare
Script kiddies:
only download and
run scripts, do not
create
Script writers:
write scripts
Elite hackers:
write scripts and
organize attacks
Insiders
Accidental misuse
3
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
Deter it
Make the attack harder or more expensive
Deflect it
Make yourself less attractive to attacker
Detect it
Notice that attack is occurring (or has occurred)
Recover from it
Mitigate the effects of the attack
5
Types of Security
Legal and ethical issues
Some information may be deemed to be private
Policy issues
What kinds of information should not be publicly available
(e.g. credit ratings, public medical records))
System-related issues
Security function should be handled at physical hardware
level, the operating system, or the DBMS
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
1.
2.
3.
4.
Account creation
Privilege granting
Privilege revocation
Security level assignment
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
1. Access control
2. Inference control (deduction prevention)
3. Flow control (consistent security levels)
4. Encryption
13
Access Control
Limiting access to the database as a whole (or parts of
the database)
Requires authentication (e.g., through login and
password)
Usually includes auditing (i.e., logging database
operations by each user)
14
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
Access Control
Access Control
Discretionary Access Control (DAC)
The typical method of enforcing discretionary access
control in a database system is based on the granting and
revoking privileges.
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
Access Control
Discretionary Access Control (DAC)
Access Control
Discretionary Access Control (DAC)
Revoking Privileges
In some cases it is desirable to grant a
privilege to a user temporarily. For example,
The owner of a relation may want to grant the
SELECT privilege to a user for a specific task and
then revoke that privilege once the task is
completed.
Hence, a mechanism for revoking privileges is
needed. In SQL, a REVOKE command is included
for the purpose of canceling privileges.
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
Access Control
Mandatory Access Control (MAC)
The discretionary access control techniques of granting
and revoking privileges on relations has traditionally been
the main security mechanism for relational database
systems.
This is an all-or-nothing method:
A user either has or does not have a certain privilege.
Access Control
Mandatory Access Control (MAC)
Purpose:
Typical security classes are top secret (TS), secret (S), confidential
(C), and unclassified (U), where TS is the highest level and U the
lowest: TS S C U
The commonly used model for multilevel security, known as the
Bell-LaPadula model
Each subject (user, account, program) and object (relation, tuple,
column, view, operation) is classified into one of the security
classifications TS, S, C, or U
Not allowed read access: e.g., user must have sufficiently high
clearance to read top secret data
Not allowed write access: e.g., person with high clearance cannot
update unclassified object
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
10
Access Control
Role-based access control (RBAC)
Role-based access control (RBAC) emerged rapidly in the
1990s as a proven technology for managing and enforcing
security in large-scale enterprise systems.
Purpose: Its basic notion is that permissions are associated
with roles, and users are assigned to appropriate roles.
Roles can be created using the CREATE ROLE and
DESTROY ROLE commands.
The GRANT and REVOKE commands discussed under DAC
can then be used to assign and revoke privileges from roles.
Example: emergency physician can update any patient record
Access Control
Role-based access control (RBAC)
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
11
Inference Control
Inference control: Access to summary data without ability
to determine individuals data
Statistical databases are used mainly to produce statistics or
summaries of values based on various populations
What is a population?
A population is a set of tuples of a relation (table) that satisfy some
selection condition.
Inference Control
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
12
Flow Control
Flow control regulates the distribution or flow of
information among accessible objects.
Keeping information from being transferred illegitimately
Encryption
Encryption is a means of maintaining secure data in
an insecure environment.
Encryption consists of applying an encryption
algorithm to data using some prespecified
encryption key.
The resulting data has to be decrypted using a
decryption key to recover the original data.
The Data Encryption Standard (DES) is a system
developed by the U.S. government for use by the general
public.
1992-2014 by Addison Wesley & Pearson Education, Inc., McGraw Hill, Cengage Learning
Slides adapted and modified from Fundamentals of Database Systems (5/6) (Elmasri et al.), Database System Concepts (5/6)
(Silberschatz et al.), Database Systems (Coronel et al.), Database Systems (4/5) (Connolly et al. ), Database Systems: Complete Book
(Garcia-Molina et al.)
13