Database Security
Database Security
Introduction to Database Security Issues
• Types of Security– Legal and ethical issues:
• the right to access certain information. Some information may be deemed to be private and cannot be accessed legally by unauthorized persons
– Policy issues• as to what kinds of information should not be made publicly available-for
example, credit ratings and personal medical records– System-related issues
• whether a security function should be handled at the physical hardware level, the operating system level, or the DBMS level
– The need to identify multiple security levels • identify multiple security levels and to categorize the data and users based
on these classifications-for example, top secret, secret, confidential, and unclassified.
Threats to Databases
• Loss of integrity – Improper modification of information.– Modification creation, insertion, modification, changing the status of
data, and deletion. by either intentional or accidental acts.– If not corrected may contaminate system corrupt data
inaccuracy• Loss of availability
– Objects unavailable to user with legitimate right.• Loss of confidentiality
– unauthorized disclosure of confidential information intentional, unanticipated, or unintentional could result in loss of public confidence, embarrassment, or legal action
Countermeasures
• To protect databases against these types of threats four kinds of countermeasures can be implemented:– Access control– Inference control– Flow control– Encryption
Countermeasures: Access Control• Security mechanism of a DBMS must include provisions for
restricting access to the database as a whole– Handled by creating user accounts and passwords to control login
process by the DBMS.• In a multiuser database system DBMS must ensure that
certain users or user groups to access selected portions of a database without gaining access to the rest of the database.
• DBMS typically includes a database security and authorization subsystem that is responsible for ensuring the security portions of a database against unauthorized access.
... Access Control
... Access Control
• • Discretionary security mechanisms: – Used to grant privileges to users access specific data files, records, or
fields in a specified mode (such as read, insert, delete, or update).• • Mandatory security mechanisms:
– Used to enforce multilevel security by classifying the data and users into various security classes (or levels) then implementing the appropriate security policy.
– For example User at Level 1 can see data in level 1 and lower (level 0), but not higher (Level 2) An extension of this is role-based security
– Typical security classes are top secret (TS), secret (S), confidential (C), and unclassified (U), where TS is the highest level and U the lowest: TS ≥ S ≥ C ≥ U
Countermeasures: Inference control
• The security problem associated with databases is that of controlling the access to a statistical database, which is used to provide statistical information or summaries of values based on various criteria.– Must allow access to certain information needed but not all and not
detailed information on specific individuals. – Must not allow information to be inferred or deduced from statistical
query• The countermeasures to statistical database security problem
is called inference control measures.
Inference Control
• The process of performing queries and deducing unauthorized information from the legitimate responses received
Example: Inference
Countermeasures: Perturbation
14
Example: Perturbation
15
Countermeasures: Flow control
• Another security is that of flow control, which prevents information from flowing in such a way that it reaches unauthorized users.
• Channels that are pathways for information to flow implicitly in ways that violate the security policy of an organization are called covert channels.
• A flow policy specifies the channels along which information is allowed to move.
16
Countermeasures: Encryption
• A final security issue is data encryption, which is used to protect sensitive data (such as credit card numbers) that is being transmitted via some type communication network.
• The data is encoded using some encoding algorithm.– An unauthorized user who access encoded data will have
difficulty deciphering it, but authorized users are given decoding or decrypting algorithms (or keys) to decipher data.
17
Database Administrator (DBA )
• The database administrator (DBA) is the central authority for managing a database system.– The DBA’s responsibilities include
• granting privileges to users who need to use the system• classifying users and data in accordance with the policy of the
organization
• The DBA is responsible for the overall security of the database system.
18
… DBA
• The DBA has a DBA account in the DBMS– Sometimes these are called a system or superuser account– These accounts provide powerful capabilities such as:
• 1. Account creation• 2. Privilege granting• 3. Privilege revocation• 4. Security level assignment
– Action 1 is access control, whereas 2 and 3 are to control discretionary authorization and 4 is used to control mandatory authorization
19
Database Audits
• The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session.– To keep a record of all updates applied to the database and
of the particular user who applied each update, we can modify system log, which includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash.
20
Animated DataBase Courseware• http://adbc.kennesaw.edu/
21
… Database Audits
• If any tampering with the database is suspected, a database audit is performed– A database audit consists of reviewing the log to examine
all accesses and operations applied to the database during a certain time period.
• A database log that is used mainly for security purposes is sometimes called an audit trail.
22
Application Security
23
Application Security
• Application Security, the protection of an application against security threats.
• The current state of Application Security security has been an afterthought.
• Rather than focus on application focus on surrounding environment– Focus not on application security– Focus on protection of data in transit and storage e.g. using
cryptography – But the threats to applications have evolved
• This lack of security foresight has cost billions in lost revenue and now threatens the information technology infrastructure
24
… Application Security
• In developing an application, you must look at all possible threats– Attacker only needs to focus on 1
• Misconceptions:– I have firewall I am safe
• Firewall is good but it is not a complete solution by itself– We encrypt the data on route
• Are you using ANY encryption? Following a standard? Aware of current weaknesses of encryption?
– We adopt SSL (Secure Socket Layers)• SSL is great at encrypting traffic over the network but it does not validate
your application's input or protect you from a poorly configured server.
25
How Do You Build a Secure Web Application?
• It is not possible to design and build a secure Web application until you know your threats.
• Recommendation: Add threat modeling into your application's design phase.– The purpose of threat modeling analyze your
application's architecture and design and identify potentially vulnerable areas that may compromise your system's security (unintentionally or maliciously).
26
… How Do You Build a Secure Web Application?
• After you know your threats, design with security in mind by applying proven security principles. – Follow secure coding techniques to develop secure,
robust, and hack-resilient solutions. – The design and development of application layer software
must be supported by a secure network, host, and application configuration on the servers where the application software is to be deployed.
27
A holistic approach to security
"A vulnerability in a network will allow a malicious user to exploit a host or an application.
A vulnerability in a host will allow a malicious user to exploit a network or an application.
A vulnerability in an application will allow a malicious user to exploit a network or a host."
� Carlos Lyons, Corporate Security, Microsoft
28
A holistic approach to security• protect from TCP/IP-based attacks•implement countermeasures •ensuring traffic integrity
Apply secure configuration settings – e.g. Patches, updates, registry, etc
http://msdn.microsoft.com/en-us/library/ff648636.aspx
Make use of Application Vulnerability Categories as a guide for developing application and evaluating the security of a Web application.
Because the categories represent the areas where security mistakes are most frequently made
29
Anatomy of an Attack• The basic approach used by attackers to target your Web application:
– Survey and assess• survey the potential target to identify and assess its characteristics, its
vulnerabilities, potential entry points– Exploit and penetrate
• Exploit vulnerabilities, get in usually through normal entry (logon page, common pages)
– Escalate privileges• They immediately attempt to escalate privileges e.g. administration privileges
– Maintain access• Having gained access to a system, an attacker takes steps to make future access
easier and to cover his or her tracks backdoor, take over weak accounts– Deny service
• Attackers who cannot gain access often mount a denial of service attack to prevent others from using the application.
30
Application Threats
31
Core Security Principles
• Compartmentalize– Reduce the surface area of attack. – What resources can an attacker get to?– Firewalls, least privileged accounts, and least privileged
code are examples of compartmentalizing.• Use least privilege– By running processes using accounts with minimal
privileges and access rights, you significantly reduce the capabilities of an attacker if the attacker manages to compromise security and run code.
32
Core Security Principles
• Apply defense in depth– Use multiple gatekeepers to keep attackers at bay. – Do not rely on a single layer of security always consider
that one of the layers may be bypassed or compromised.• Do not trust user input– Your application's user input is the attacker's primary
weapon when targeting your application. – Assume all input is malicious until proven otherwise
apply input validation strategy
33
Core Security Principles
• Check at the gate– Authenticate and authorize early at the first gate.�
• Fail securely– If an application fails, do not leave sensitive data accessible. – Do not include details that may help an attacker exploit
vulnerabilities in your application.• Secure the weakest link
– Is there a vulnerability at the network layer that an attacker can exploit? What about the host? Is your application secure?
– Any weak link in the chain is an opportunity for breached security.
34
Core Security Principles
• Create secure defaults– Is the default account set up with least privilege? Is the
default account disabled by default and then explicitly enabled when required?
• Reduce your attack surface– Reduce the surface area of attack by disabling or removing
unused services, protocols, and functionality. – Does your server need all those services and ports? Does
your application need all those features? – If you do not use it, remove it or disable it