Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2...

Section 3

Database Security

CA306 Introduction 3-2

Section Content

• 3.1 Security Overview• 3.2 Security Controls

• 3.3 Views• 3.4 Security in Oracle

• 3.5 Web Database Security


Security Overview

• Database security is the mechanism that protects the database against intentional or accidental threats.

• Database security can be considered in the following situations:+ Theft and fraud;+ Loss of confidentiality;+ Loss of privacy;+ Loss of integrity+ Loss of availability.

• These are situations in which an organisation should seek to reduce risk.

• Theft and fraud affect both the database environment and the entire organisation. The result may not be the alteration of data.


Breaches

• Confidentiality refers to the need to maintain secrecy over data, usually that which is critical to the organisation.

• Privacy refers to the need to protect data.

• Breaches of security which results in the loss of confidentiality could:+ Lead to a loss of competitiveness;+ Lead to legal action taken against the organisation.

• Loss of data results in invalid or corrupted data.


• A threat is any situation or event (intentional or accidental) that may adversely affect a system and consequently the organisation.


Threats

• The extent that an organisation suffers depends on a number of factors: the existence of counter-measures and contingency plans.

• If there is a hardware failure, what is involved (and how long) in restarting the system with minimal loss of data?

• An organisation must identify the types of threats it may encounter, and propose plans and counter-measures.

• What are the potential threats to computer systems?


Sections Covered

3.1 Security Overview• 3.2 Security Controls




3.2 Security Controls

• The types of controls range from physical controls to administrative procedures.

• In most cases the DBMS relies of the Operating System to provide a basic level of security.

• Types of Controls+ Authorisation+ Views+ Backup and Recovery+ Integrity+ Encryption


Authorisation

• Authorisation is the granting of privileges that enable a subject to have legitimate access to a system or some object(s) in the system.

• Authorisation controls are (generally) built into software, and govern both the objects for access, and the types of operations possible.

• The process of authorisation involves authentication of users (applications) requesting access to objects.

• Authorisation can be views (conceptually) in the form of a matrix of privileges.

• Each object has its own authorisation matrix.


Authorisation Matrix

User Create Retrieve Update Delete

Mike X X X

Joe X

Salary_update X X X X

Monthly_rep X

Paula X X


Authentication

• Authentication is the mechanism that determines whether a subject is who he/she/it claims to be.

• The System Administrator provides access to the computer system through a username and password. The password is used by the system to authenticate the user.

• The Database Administrator (DBA) provides access to the DBMS through a similar process, and authentication is necessary at this level also.

• In many cases, both forms of authentication can be synchronised (merged).


Sections Covered

3.1 Security Overview 3.2 Security Controls




3.3 Views

• A view (or subschema) is the dynamic result of one or more query operations.

• In relational databases, a view is a virtual relation that does not exist in the database, but is materialised upon request by the user (with the required authorisation privileges).

• A view mechanism provides a powerful and flexible means of security by hiding parts of the database from certain users.

• The user is unaware of the existence of columns or tuples (or both) that may be missing from a specific table.


View Structure

• Views may be vertical: a projection of a table.

• Views may be horizontal: a query is used to filter tuples from the view

• Views may be based on aggregations: an aggregation operator provides a statistical summary, or overall report. This has the effect of hiding data from individual tuples.

• A view may be based on multiple tables.


Sections Covered


3.3 Views• 3.4 Security in Oracle



3.4 Security in Oracle

• Oracle uses the concept of privileges to permit execution of SQL statements and access to another user’s objects.

• Some examples include the right to:+ Connect to the database (create a session);+ Create (and alter) a table;+ Select rows (from other user’s tables)+ Update rows.

• Oracle provides two distinct categories:+ System privileges;+ Object privileges.


System Privileges

• A system privilege is the right to perform a particular action, or to perform an action on schema objects of a particular type.

• Examples are: the privilege to create tablespaces and users.

• Oracle provides over 80 distinct system privileges.

• System privileges are granted to, or revoked from, users and roles.

• These actions may be achieved through a user interface or through the SQL GRANT and REVOKE statements.

• Note that users must have privileges to GRANT or REVOKE privileges.


Object Privileges

• An object privilege is the right to perform a specific action on a specific table, view, or procedure.

• Different privileges are available for different types of objects. For example, the privilege to delete tuples is an object privilege.

• Some schema objects (indexes and triggers) do not have associated object privileges: their use is controlled with system privileges.

• Users automatically obtain all privileges for schema objects in their schema. Users can grant any object privilege in any schema object they own (to any other user or role).

• If this privilege includes the WITH GRANT OPTION, the grantee can grant further privileges on that object.

• A REVOKE statement will cascade appropriate GRANT privileges.


Roles

• A user can receive a privilege in two ways: explicitly and in the form of a role.

• A user can explicitly grant the privilege (for example) to insert rows in a table (Employee).

GRANT INSERT ON Employee TO maryb

• Privileges can also be granted to a role (a named group of privileges), and this role subsequently granted to one or more users.

• The privilege to select, insert and update rows to the Employee table may be given to a role called Payroll.


Role Sample

• The Payroll role can be granted to all users who operate payroll functions.

• This facilitates easier and better management of privileges.

• Privileges should normally be granted to roles and not to specific users.


Sections Covered


3.3 Views 3.4 Security in Oracle



3.5 Web Database Security

• The challenge is to transmit and receive information over the Internet while ensuring:+ Privacy: it is in accessible to anyone except the sender and receiver.+ Integrity: data has not been altered during transmission.+ Authenticity: the receiver can be sure it came form the sender.+ Non-fabrication: the sender is sure that the receiver is genuine.+ Non-repudiation: the sender cannot deny sending the data.

• However, data must also be protected at the Web Server. The three-tier architecture implies three levels of security.

• A further problem is that HTML pages may contain executable content, e.g. JavaScript or applets.


Malicious Actions

• Executable content can perform malicious actions:+ Corrupt data or executable software.+ Reformat disks.+ Force the system to shut down.+ Collect and download confidential data (eg. passwords)+ Impersonate the user in order to attack other sites on the network.+ Lock up resources.+ Cause non-damaging effects such as messages to appear.


Proxy Servers

• In Web terms, a proxy server is a computer that sits between a browser and web server.

• It intercepts all requests to the Web server, to determine if it can fulfill the requests itself. If not, requests are forwarded to the server.

• Proxy servers have two main purposes: to improve performance and to filter requests.


Improve Performance

• Since a proxy server saves the results of all requests (for some chosen time limit), it can significantly improve performance for groups of users.

• For example, suppose A and B access the web through a proxy server. If B requests a page already selected by A, there is no need to request this page (again) from the server, unless it has been modified since.

• Proxy servers such as those used by Compuserve and America Online can support thousands of users.


Filter Requests

• Proxy servers can also be used to filter requests.

• An organisation may use a proxy server to prevent access to a group of sites.


Firewalls

• A firewall is a system designed to prevent unauthorised access to or from a private network.

• If a Web server is connected to an internal network (which may access the company database), firewall technology can help to prevent unauthorised access.

• Firewalls can be implemented in hardware or software (or both).

• All messages which enter or leave the intranet pass through the firewall, and are examined to check that security criteria is met.


Firewall Techniques

• A packet filter is used to look at each packet entering or leaving the network, and accepts or rejects the packet based on user-defined rules. Although popular and effective, it is prone to IP spoofing where an un-trusted machine appears to be a trusted one.

• An application gateway applies security mechanisms to specific applications (eg. FTP and Telnet servers). This is very effective but carries performance overheads.

• A circuit-level gateway applies security mechanisms when a TCP connection is first established. However, once the connection has been made, packets flow between hosts without further checking.

• A proxy server intercepts all messages entering and leaving the network. It has the effect of hiding the true network address.

Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2...

Documents

Transcript of Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2...