II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - Security Slide 1/23

II. Selected Database Issues

Part 1: SecurityLecture 3

Lecturer: Chris Clack

3C13/D6


1. Content

3.1 Objectives3.2 DBMS and Web security

- 3.2.1 Proxy servers - 3.2.2 Firewalls - 3.2.3 Message digest algorithms and digital signatures - 3.2.4 Digital certificates - 3.2.5 Kerberos - 3.2.6 Secure sockets layer and secure HTTP - 3.2.7 Secure electronic transactions and secure technology- 3.2.8 Java security - 3.2.9 ActiveX security

Content


3.1 Objectives

Objectives

In this Lecture you will learn:

1. Approaches for securing a DBMS on the Web


3.2 DBMS and Web Security


3.2 DBMS and Web security

DBMS and Web security• Internet communications rely on TCP/IP as the underlying

protocol. These, along with HTTP were not designed with security in mind.

• Without special software all information is traveling ‘in the clear ’ (anyone monitoring it can read it)

• This form of attack is easy with freely available `packet sniffing’ software.

Need to transmit and receive information while ensuring:1. Privacy: it is inaccessible to anyone but the sender and

receiver 2. Integrity: it has not been changed during transmission 3. Authenticity: the receiver can be sure it came from the

sender4. Non-fabrication: the sender can be sure the receiver is

genuine 5. non-repudiation: the sender cannot deny he or she sent

it



DBMS and Web security

Once information reaches the Web server, it needs to be protected

Need to ensure secured access to and of the database, given the popular three-tier architecture in a Web environment.

Need to watch executable content: HTML pages may contain ActiveX controls, JavaScript/ VBScript.



DBMS and Web securityExecutables can perform the following malicious

actions, measures need to be taken to prevent them:

• corrupt data or the execution state of a program• reformat complete disks• perform a total system shutdown• collect and download confidential data, such as

files or passwords to other sites• usurp identity and impersonate the user or user’s

computer to attack other targets on the network• Lock up resources making them unavailable for

legitimate users and programs• cause non-fatal but unwelcome effects, especially

on output devices



Web Proxy Servers

Web proxy server: in a Web environment it is a computer that sits between a Web browser and a Web server. It intercepts all requests to the Web server to see if it can fulfill them itself if not then it forwards them on.

two main purposes:1. Improve Performance: It saves the results of

all requests for a certain amount of time. Much faster. 2. Filter requests: an organisation may want to

prevent its employees from accessing a certain set of Web sites, a proxy server can do this.



Fire WallsFirewall: A system designed to prevent unauthorized access or to form a private network. Can be implemented in hardware or software or both.

Frequently used to stop unauthorized internet users accessing an intranet.

All messages attempting to enter or leave the private network must pass its security criteria to pass through it.

Standard security advice: Web servers are unconnected to any in-house networks and regularly backed up.

Firewall technology can help prevent unauthorized access when the Web server has to be connected to an internal network.



Fire WallsSeveral types of Firewall technique:

• Packet Filter: looks at each packet entering/leaving the network and accepts/rejects based on user defined rules. Fairly effective. Transparent to users. Difficult to configure. Susceptible to ‘IP spoofing‘ . Can degrade performance.• Application gateway: applies security mechanisms to specific applications, i.e. Telnet and FTP. Effective but can degrade performance.• Circuit-level gateway: applies security mechanisms when a TCP or UDP (User Datagram Protocol) connection is established. Once connection is made, packets flow freely between hosts without further checking.•Proxy server: intercepts all messages entering/leaving network. In effect hides the true network addresses. (cf. Web Proxy Server)

In practice many firewalls provide more than one technique. First line of defense in protecting private information. For greater security, data should be encrypted.



Message digest algorithms

‘Message digest algorithm’ or ‘one-way hash function’ :

takes arbitrary sized string (message) and generates a fixed length string (the digest or hash).

A digest has the following characteristics:

•it should be computationally infeasible to find another message that will generate the same digest.•the digest reveals nothing about the message.



Digital signatures‘Digital signature’ consists of two parts:

1. a string of bits computed from the data that is being signed’

2. the private key of the individual or organization giving the signature.

The signature can be used to verify the data came from the individual or

organization. Its useful properties are:

• its authenticity can be verified, using a computation based on the corresponding public key

• it cannot be forged (assuming the private key is kept secret)• it cannot be claimed to be the signature for any other data • the signed data cannot be changed, otherwise the signature

will no longer verify the data as being authentic



Digital CertificateDigital certificate: Attachment to electronic message used for

security purposes (e.g. verify user sending message). Provides receiver with means to encode reply.

1. Sender applies for certificate from Certificate Authority (CA). 2. CA issues encrypted certificate containing applicants public key and

other identification information. 3. CA makes its own public key readily available. 4. Recipient uses CA’s public key to decode certificate attached to

message, verifies it as issued by CA.5. Recipient obtains senders public key and identification information held

within certificate. With this information, recipient can send an encrypted reply.

CA’s role is critical, acting as go-between. As the clients and servers may

not yet have established mutual trust yet both want to have a secure session.



Kerberos

‘Kerberos’: A server of secured user names and passwords

(named after the three-headed monster in Greek mythology that

guarded the gates of hell).

Provides one centralized security server for all data andresources on network: Database access, login,

authorization control, and other security features.

Has similar function to that of Certificate server: to identify and

validate a user.

.



Secure sockets layer (SSL)‘Secure sockets layer (SSL)’: Encryption protocol for transmitting private documents. Designed to prevent eavesdropping, tampering, and

message forgery.

Works by using private key to encrypt data that is transferred over SSL

connection. (see http://developer.netscape.com/tech/security/ssl/howitworks.html )

Layered between application-level protocols such as HTTP and TCP/IP

transport-level protocol. Thus, may be used for other application-level

protocols such as FTP and NNTP.

Netscape and Internet Explorer support SSL. Used to gain credit card

information by many Web sites

http://developer.netscape.com/tech/security/ssl/howitworks.html



secure HTTP

‘secure HTTP’: Protocol for securely transmitting individual

messages over Web. A modified version of the standard HTTP

protocol.

SSL and S-HTTP use techniques such as encryption, digital signatures, and:• allow browsers and servers to authenticate each other• allow controlled access to Web site• ensure data exchanged between browser and server is

secure and reliable.

SSL creates a secure connection over which any amount of data can be

sent securely. S-HTTP transmits individual messages only. Complementary

rather than competing technologies.



‘Secure Electronic Transactions (SET)’: Open, interoperable standard for processing credit card transactions over Internet, in

simpleand secure way.To address privacy concerns, the transaction is split such that:• The merchant has access to information about:

• what is being purchased,• how much it costs,• whether payment is approved, But no information on • what payment method customer is using.

• The card issuer (e.g. Visa) has access to • purchase price, payment methodBut no information on • type of merchandise involved.

Secure Electronic Transactions (SET)

Certificates are heavily used by SET, both for certifying cardholder and for certifying that merchant has relationship with financial institution.



Secure Electronic Transactions (SET)



Java security‘The Java Sandbox’: ensures untrusted application cannot gain access to system resources.

Involves three components:1. class loader2. bytecode verifier3. security manager

Safety features are provided by the language and the Java Virtual Machine (JVM), and enforced by compiler and runtime system.



Java security1. Classloader

• Allocates (hierarchically structured) namespace for each class.• Never allows class from less protected namespace to replace class from more protected namespace.• Thus, I/O primitives, defined in local Java class, cannot be invoked or overridden by classes from outside local machine.

2. Bytecode verifier•JVM verifies bytecode instructions before allowing application/ applet to run. Typical checks include verifying:

- Compiled code is correctly formatted. - Internal stacks will not overflow/underflow.

- No illegal data conversions will occur.- Bytecode instructions are appropriately typed.- All class member accesses are valid.



3. The Security ManagerEach Java application defines and implements its own security policy.A Java-enabled browser contains its own Security Manager, and any applets it downloads are subject to its policies.

Generally, downloaded applets are prevented from:•Reading and writing files on clients file system.•Making network connections to machines other than host.•Starting other programs on the client. •Loading libraries.•Defining method calls.

Java security

These restrictions apply to applets downloaded over Internet/intranet. Do not apply to applets on clients local disk and in directory on CLASSPATH.

Local applets are loaded by file system loader and can read and write files, exit JVM, and are not passed through the bytecode verifier.



The ActiveX security model: Considerably different from Java applets in that it places no restrictions on what a control can do.

1. Each ActiveX control can be digitally signed by its author using system called Authenticode.

2. Digital signatures are then certified by CA.

This security model places responsibility for the computers security on the user.

Before the browser downloads an ActiveX control that has not been

signed or has been certified by an unknown CA it presents a dialog

box warning the user the action may be unsafe.

ActiveX


3.3 Summary

Summary

3.2 DBMS and Web security Proxy servers Firewalls Message digest algorithms and digital

signatures Digital certificates Kerberos Secure sockets layer and secure HTTP Secure electronic transactions and secure

technology Java security ActiveX security

NEXT LECTURE:Selected Database Issues 2:Transaction Management: - Concurrency - Serializability- Protocols to prevent conflict.

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

Documents

web security dbms

web slide

web security slide

web server

web security executables

web environment

web browser

selected database issues