II.I Selected Database Issues: 1 - Security Slide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6
Dec 15, 2015
II.I Selected Database Issues: 1 - Security Slide 1/23
II. Selected Database Issues
Part 1: SecurityLecture 3
Lecturer: Chris Clack
3C13/D6
II.I Selected Database Issues: 1 - Security Slide 2/23
1. Content
3.1 Objectives3.2 DBMS and Web security
- 3.2.1 Proxy servers - 3.2.2 Firewalls - 3.2.3 Message digest algorithms and digital signatures - 3.2.4 Digital certificates - 3.2.5 Kerberos - 3.2.6 Secure sockets layer and secure HTTP - 3.2.7 Secure electronic transactions and secure technology- 3.2.8 Java security - 3.2.9 ActiveX security
Content
II.I Selected Database Issues: 1 - Security Slide 3/23
3.1 Objectives
Objectives
In this Lecture you will learn:
1. Approaches for securing a DBMS on the Web
II.I Selected Database Issues: 1 - Security Slide 4/23
3.2 DBMS and Web Security
II.I Selected Database Issues: 1 - Security Slide 5/23
3.2 DBMS and Web security
DBMS and Web security• Internet communications rely on TCP/IP as the underlying
protocol. These, along with HTTP were not designed with security in mind.
• Without special software all information is traveling ‘in the clear ’ (anyone monitoring it can read it)
• This form of attack is easy with freely available `packet sniffing’ software.
Need to transmit and receive information while ensuring:1. Privacy: it is inaccessible to anyone but the sender and
receiver 2. Integrity: it has not been changed during transmission 3. Authenticity: the receiver can be sure it came from the
sender4. Non-fabrication: the sender can be sure the receiver is
genuine 5. non-repudiation: the sender cannot deny he or she sent
it
II.I Selected Database Issues: 1 - Security Slide 6/23
3.2 DBMS and Web security
DBMS and Web security
Once information reaches the Web server, it needs to be protected
Need to ensure secured access to and of the database, given the popular three-tier architecture in a Web environment.
Need to watch executable content: HTML pages may contain ActiveX controls, JavaScript/ VBScript.
II.I Selected Database Issues: 1 - Security Slide 7/23
3.2 DBMS and Web security
DBMS and Web securityExecutables can perform the following malicious
actions, measures need to be taken to prevent them:
• corrupt data or the execution state of a program• reformat complete disks• perform a total system shutdown• collect and download confidential data, such as
files or passwords to other sites• usurp identity and impersonate the user or user’s
computer to attack other targets on the network• Lock up resources making them unavailable for
legitimate users and programs• cause non-fatal but unwelcome effects, especially
on output devices
II.I Selected Database Issues: 1 - Security Slide 8/23
3.2 DBMS and Web security
Web Proxy Servers
Web proxy server: in a Web environment it is a computer that sits between a Web browser and a Web server. It intercepts all requests to the Web server to see if it can fulfill them itself if not then it forwards them on.
two main purposes:1. Improve Performance: It saves the results of
all requests for a certain amount of time. Much faster. 2. Filter requests: an organisation may want to
prevent its employees from accessing a certain set of Web sites, a proxy server can do this.
II.I Selected Database Issues: 1 - Security Slide 9/23
3.2 DBMS and Web security
Fire WallsFirewall: A system designed to prevent unauthorized access or to form a private network. Can be implemented in hardware or software or both.
Frequently used to stop unauthorized internet users accessing an intranet.
All messages attempting to enter or leave the private network must pass its security criteria to pass through it.
Standard security advice: Web servers are unconnected to any in-house networks and regularly backed up.
Firewall technology can help prevent unauthorized access when the Web server has to be connected to an internal network.
II.I Selected Database Issues: 1 - Security Slide 10/23
3.2 DBMS and Web security
Fire WallsSeveral types of Firewall technique:
• Packet Filter: looks at each packet entering/leaving the network and accepts/rejects based on user defined rules. Fairly effective. Transparent to users. Difficult to configure. Susceptible to ‘IP spoofing‘ . Can degrade performance.• Application gateway: applies security mechanisms to specific applications, i.e. Telnet and FTP. Effective but can degrade performance.• Circuit-level gateway: applies security mechanisms when a TCP or UDP (User Datagram Protocol) connection is established. Once connection is made, packets flow freely between hosts without further checking.•Proxy server: intercepts all messages entering/leaving network. In effect hides the true network addresses. (cf. Web Proxy Server)
In practice many firewalls provide more than one technique. First line of defense in protecting private information. For greater security, data should be encrypted.
II.I Selected Database Issues: 1 - Security Slide 11/23
3.2 DBMS and Web security
Message digest algorithms
‘Message digest algorithm’ or ‘one-way hash function’ :
takes arbitrary sized string (message) and generates a fixed length string (the digest or hash).
A digest has the following characteristics:
•it should be computationally infeasible to find another message that will generate the same digest.•the digest reveals nothing about the message.
II.I Selected Database Issues: 1 - Security Slide 12/23
3.2 DBMS and Web security
Digital signatures‘Digital signature’ consists of two parts:
1. a string of bits computed from the data that is being signed’
2. the private key of the individual or organization giving the signature.
The signature can be used to verify the data came from the individual or
organization. Its useful properties are:
• its authenticity can be verified, using a computation based on the corresponding public key
• it cannot be forged (assuming the private key is kept secret)• it cannot be claimed to be the signature for any other data • the signed data cannot be changed, otherwise the signature
will no longer verify the data as being authentic
II.I Selected Database Issues: 1 - Security Slide 13/23
3.2 DBMS and Web security
Digital CertificateDigital certificate: Attachment to electronic message used for
security purposes (e.g. verify user sending message). Provides receiver with means to encode reply.
1. Sender applies for certificate from Certificate Authority (CA). 2. CA issues encrypted certificate containing applicants public key and
other identification information. 3. CA makes its own public key readily available. 4. Recipient uses CA’s public key to decode certificate attached to
message, verifies it as issued by CA.5. Recipient obtains senders public key and identification information held
within certificate. With this information, recipient can send an encrypted reply.
CA’s role is critical, acting as go-between. As the clients and servers may
not yet have established mutual trust yet both want to have a secure session.
II.I Selected Database Issues: 1 - Security Slide 14/23
3.2 DBMS and Web security
Kerberos
‘Kerberos’: A server of secured user names and passwords
(named after the three-headed monster in Greek mythology that
guarded the gates of hell).
Provides one centralized security server for all data andresources on network: Database access, login,
authorization control, and other security features.
Has similar function to that of Certificate server: to identify and
validate a user.
.
II.I Selected Database Issues: 1 - Security Slide 15/23
3.2 DBMS and Web security
Secure sockets layer (SSL)‘Secure sockets layer (SSL)’: Encryption protocol for transmitting private documents. Designed to prevent eavesdropping, tampering, and
message forgery.
Works by using private key to encrypt data that is transferred over SSL
connection. (see http://developer.netscape.com/tech/security/ssl/howitworks.html )
Layered between application-level protocols such as HTTP and TCP/IP
transport-level protocol. Thus, may be used for other application-level
protocols such as FTP and NNTP.
Netscape and Internet Explorer support SSL. Used to gain credit card
information by many Web sites
II.I Selected Database Issues: 1 - Security Slide 16/23
3.2 DBMS and Web security
secure HTTP
‘secure HTTP’: Protocol for securely transmitting individual
messages over Web. A modified version of the standard HTTP
protocol.
SSL and S-HTTP use techniques such as encryption, digital signatures, and:• allow browsers and servers to authenticate each other• allow controlled access to Web site• ensure data exchanged between browser and server is
secure and reliable.
SSL creates a secure connection over which any amount of data can be
sent securely. S-HTTP transmits individual messages only. Complementary
rather than competing technologies.
II.I Selected Database Issues: 1 - Security Slide 17/23
3.2 DBMS and Web security
‘Secure Electronic Transactions (SET)’: Open, interoperable standard for processing credit card transactions over Internet, in
simpleand secure way.To address privacy concerns, the transaction is split such that:• The merchant has access to information about:
• what is being purchased,• how much it costs,• whether payment is approved, But no information on • what payment method customer is using.
• The card issuer (e.g. Visa) has access to • purchase price, payment methodBut no information on • type of merchandise involved.
Secure Electronic Transactions (SET)
Certificates are heavily used by SET, both for certifying cardholder and for certifying that merchant has relationship with financial institution.
II.I Selected Database Issues: 1 - Security Slide 18/23
3.2 DBMS and Web security
Secure Electronic Transactions (SET)
II.I Selected Database Issues: 1 - Security Slide 19/23
3.2 DBMS and Web security
Java security‘The Java Sandbox’: ensures untrusted application cannot gain access to system resources.
Involves three components:1. class loader2. bytecode verifier3. security manager
Safety features are provided by the language and the Java Virtual Machine (JVM), and enforced by compiler and runtime system.
II.I Selected Database Issues: 1 - Security Slide 20/23
3.2 DBMS and Web security
Java security1. Classloader
• Allocates (hierarchically structured) namespace for each class.• Never allows class from less protected namespace to replace class from more protected namespace.• Thus, I/O primitives, defined in local Java class, cannot be invoked or overridden by classes from outside local machine.
2. Bytecode verifier•JVM verifies bytecode instructions before allowing application/ applet to run. Typical checks include verifying:
- Compiled code is correctly formatted. - Internal stacks will not overflow/underflow.
- No illegal data conversions will occur.- Bytecode instructions are appropriately typed.- All class member accesses are valid.
II.I Selected Database Issues: 1 - Security Slide 21/23
3.2 DBMS and Web security
3. The Security ManagerEach Java application defines and implements its own security policy.A Java-enabled browser contains its own Security Manager, and any applets it downloads are subject to its policies.
Generally, downloaded applets are prevented from:•Reading and writing files on clients file system.•Making network connections to machines other than host.•Starting other programs on the client. •Loading libraries.•Defining method calls.
Java security
These restrictions apply to applets downloaded over Internet/intranet. Do not apply to applets on clients local disk and in directory on CLASSPATH.
Local applets are loaded by file system loader and can read and write files, exit JVM, and are not passed through the bytecode verifier.
II.I Selected Database Issues: 1 - Security Slide 22/23
3.2 DBMS and Web security
The ActiveX security model: Considerably different from Java applets in that it places no restrictions on what a control can do.
1. Each ActiveX control can be digitally signed by its author using system called Authenticode.
2. Digital signatures are then certified by CA.
This security model places responsibility for the computers security on the user.
Before the browser downloads an ActiveX control that has not been
signed or has been certified by an unknown CA it presents a dialog
box warning the user the action may be unsafe.
ActiveX
II.I Selected Database Issues: 1 - Security Slide 23/23
3.3 Summary
Summary
3.2 DBMS and Web security Proxy servers Firewalls Message digest algorithms and digital
signatures Digital certificates Kerberos Secure sockets layer and secure HTTP Secure electronic transactions and secure
technology Java security ActiveX security
NEXT LECTURE:Selected Database Issues 2:Transaction Management: - Concurrency - Serializability- Protocols to prevent conflict.