Database
Security
Database Security 1
Learning Objectives
Describe types various of database security
features provided by DBMS
Database Security 2
1
� Introduction
Database security can be defined as the
protection of the database against
• unauthorized access to or modification of the
database,
• denial of service to authorized users and
• provision of service to unauthorized users
It also includes the measures necessary to
detect, document, and counter threats
Database Security 3
Introduction
Characteristics of database security
• Confidentiality – protection against disclosure to
unauthorized parties
• Integrity – data is not accidentally or maliciously
manipulated, altered or corrupted
• Availability – accessibility, reliability and
assurance of continuity of operation
Database Security 4
2
� Threats
• Browsing - accessing info
• Misuse – malice, errors of omission etc.
• Penetration – Unauthorized access
• Systems Flaws – h/w and s/w errors
• Component Failure – malfunctioning of h/w, s/w
or media
Database Security 5
Threats
• Tampering – attacks to physical and logical
components
• Eavesdropping – passive surveillance of
telecomm channel e.g. tapping, sniffing
• Denial of Service – preventing or delaying
performance e.g. jamming, traffic flooding
Database Security 6
3
� Countermeasures
• Technological – h/w, s/w
• Policies and procedures
• Education, training and awareness
Database Security 7
Integrity
• ensures the integrity of the database, and to
provide concurrency, serializability of
transactions, and to prevent data corruption
– Data Integrity
– Entity Integrity
– Referential Integrity
Database Security 8
4
� Authentication
• Users can be authenticated in a number of
different ways before they are allowed to create
a database session
– Passwords
– Strong Authentication (using two-factor authentication: the
combination of something a user knows (e.g. PIN), and something the user has
(e.g. token card).
• Kerberos and CyberSafe (trusted third-party authentication
system that was created by MIT)
• RADIUS (Remote Authentication Dial-In User Service) an industry
standard protocol adopted by authentication vendors
• Token Cards (two-factor method of authenticating physical card, and
password)
Database Security 9
Authentication
• Smart Cards (has memory and a processor and is read by a smart card reader
located at the client workstation)
• Distributed Computing Environment (DCE) - set of
integrated network services that work across multiple systems to provide a distributed
environment
• Biometrics - physical characteristic such as a fingerprint or voice is used to
identify and authenticate an individual.
• PKI and Certificate-Based Authentication - an industry-
standard set of procedures and policies that can be used to guarantee
secure information exchange. It provides encryption methods and access
controls, as well as secure credentials in the form of digital certificates that
can be used to authenticate users.
Database Security 10
5
� Privileges
• Privilege - permission to access a named object
in a prescribed manner
• Types
– System privileges allow users to perform a particular system
wide action or a particular action on a particular type of schema
object.
– Schema Object Privileges allow users to perform a particular
action on a specific schema object. For example, the privilege to
delete rows of a specific table is an object privilege.
• Privileges can be granted and revoked
• Privileges can also be propagated
Database Security 11
Roles
• Roles are used to ease the management task of
assigning a multitude of privileges to users.
Roles are first created and then given sets of
privileges that can be assigned to users and
other roles. Users can be given multiple roles.
Database Security 12
6
� Roles
Three default roles:
• Connect Role allows user login and the ability to
create their own tables, indexes, etc.
• Resource Role is similar to the Connect Role,
but allows for more advanced rights such as the
creation of triggers and procedures.
• Database Administrator Role is granted all
system privileges needed to administer the
database and users.
Database Security 13
Profiles
• Profiles allow the administrator to place specific
restrictions and controls on a number of system
resources, password use etc. These profiles
can be defined, named, and then assigned to
specific users or groups of users.
Database Security 14
7
� Profiles
Two types of profiles: system resource profiles
and product profiles
• System resource profiles can be used to put
user limits on certain system resources such as
CPU time, No. of data blocks that can be read
per session or program call, the number of
concurrent active sessions, idle time, and the
maximum connection time for a user.
• Product profiles can be used to prevent users
from accessing specific commands or all
commands
Database Security 15
Profiles
• Profiles can be used to prevent intentional or
unintentional system resource "hogs"
Database Security 16
8
� Access Control
• Note
– DBS - enforces DBA's policy
– Operating System vs. Databases
• Access control for Operating Systems
– Deals with unrelated data
– Deals with entire files
• Access control for Databases
– Deals with records and fields
– Concerned with inference of one field from another
• Access control list for several hundred files is easier to implement
than access control list for a database!
Database Security 17
Audits
• Auditing can be performed at different levels: by user, by
statement, by privilege and by schema object
• Audit Trail - A database log that is used mainly for
security purpose
• Audit trail of all accesses is impractical: Slow or Large
• Possible over reporting
• pass through problem - field may be accessed during
select operation but values never reported to user
Database Security 18
9
� Fine-Grained Auditing
• Fine-grained auditing enables organizations to hone their
auditing capabilities to capture and identify particular,
specific data access of concern. In addition to providing
more granular, targeted audit information, such as
detecting misuse of legitimate access, fine-grained
auditing can also serve as an intrusion detection system
for the Oracle database itself.
• Fine-grained auditing enables organizations to define
audit policies, which specify the data access conditions
that trigger the audit event, and use a flexible event
handler to notify administrators that the triggering event
has occurred.
Database Security 19
Views, Stored Program Units,
Triggers
• Views – limit access to predetermined set of
rows and columns of a table
• Stored program units (e.g. stored procedures,
packages, and triggers) can be used for such
purposes as performing a set of related tasks,
enforcing complex security authorizations, or
restricting certain DML operations.
Database Security 20
10
� Row Level Security
• much more granular form of data access is row
level access. In the past, complex and dynamic
views have been used to implement row level
security.
• two more effective approaches to this problem:
Virtual Private Database (VPD), in which you
create your own implementation of row level
security; and label-based access control, in
which you customize a ready-made VPD policy
to accomplish this.
Database Security 21
Virtual Private Database
• Virtual Private Database is the ability to perform
query modification based on a security policy
you have defined in a package, and associated
with a table, view, or synonym. Virtual private
database provides fine-grained access control
that is data-driven, context-dependent, and row-
based
Database Security 22
11
� Label-Based Access Control
• Label-based access control allows organizations to
assign sensitivity labels to data rows, control access to
data based on those labels, and ensure that data is
marked with the appropriate sensitivity label. The most
familiar example of this is perhaps the security
classification system used by the US government. Uses
hierarchical classification labels such as
CONFIDENTIAL, SECRET, or TOP SECRET are
assigned to data based on the sensitivity level of the
information. Access to data labeled at a certain level
(such as SECRET) is restricted to those users who have
been granted that level of access or higher.
Database Security 23
Data Encryption
• Use of strong, standards-based encryption
Database Security 24
12
� Backups
Creating, managing, and restoring backups.
Backing up on-line, even during periods of peak
transaction processing activity.
Server-managed backup and recovery improves
database administrator productivity as well as
simplifying the backup and recovery process.
Can backing up entire database, or a subset of
the database on different devices
Database Security 25
Recovery
The Recovery Manager
Database Security 26
13
� Replication
Database replication facilities can be used to
create a duplicate fail-over database site in
case of system failure of the primary
database. A replicated database can also be
useful for off-loading large processing
intensive queries.
Database Security 27
Parallel Servers
Parallel Server makes use of two or more
servers in a cluster which access a single
database. A cluster can provide load balancing,
can scale up more easily, and if a server in the
cluster fails only a sub-set of users may be
affected.
Database Security 28
14
� Data Partitioning
Data partitioning can be used by administrators
to aid in the management of very large tables.
Large tables can be broken into smaller tables
by using data partitioning. One advantage of
partitioning is that data that is more frequently
accessed can be partitioned and placed on
faster hard drives. This helps to ensure faster
access times for users.
Database Security 29
Multilevel Security
• Partitioning - The database is divided into
separate databases, each at its own
security level
– This destroys basic advantages of databases
i.e. Elimination of redundancy and Improved
accuracy
• Encryption -If sensitive data is encrypted,
a user who accidentally receives sensitive
data cannot interpret the data
Database Security 30
15
� Proposals for Multilevel
Security
• Integrity Lock - A way to provide both integrity
and limited access for a database.
– Each data item consists of three elements
• Data itself
• Classification to indicate sensitivity(e.g. concealed)
• Cryptographic Checksum
Data Classf chksum
Database Security 31
Proposals for Multilevel
Security
• Trusted Front-End (Guard)
– User identifies self to front-end; front-end authenticates user's
identity
– User issues a query to front-end
– Front-end verifies user's authorization to data
– Front-end issues query to database manager
– Database manager performs I/O access
– Database manager returns result of query to front-end
– Front-end verifies validity of data via checksum and checks
classification of data against security level of user
– Front-end transmits data to untrusted front-end for formatting.
– Untrusted front-end transmits
Database data to user
Security 32
16
� Proposals for Multilevel
Security
• View
– A subset of a database, containing exactly the
information that a user is entitled to access
– Can represent a single user's subset
database, so that all of a user's queries
access only that data
Database Security 33
Proposals for Multilevel
Security
• Layered Implementation
– Integrated with a trusted operating system to
form trusted database manager base
– First level -Performs user authentication
– Second level - Performs basic indexing and
computation functions
– Third level - Translates views into the base
relations of the database
Database Security 34
17
