This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Part of theses slides adopted from presentation from S. SudarshanComputer Science and Eng. Dept I.I.T. Bombay, “Database & Application Security”.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 2
Objectives The scope of database security. Why database security is a serious concern for an
organization. The type of threats that can affect a database system. How to protect a computer system using computer-based
controls. The security measures provided by Microsoft Office
Access DBMSs. Approaches for securing a DBMS on the Web.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 3
Database Security Mechanisms that protect the database
against intentional or accidental threats.
Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 44
Importance of Data Bank accounts Credit card, Salary, Income tax data University admissions, marks/grades Land records, licenses Data = crown jewels for organizations Tax report Recent headlines:
Personal information of millions of credit card users stolen
Century Data ? Tax Data ?
Teknologi Sistem Basis Data – MTI Fasilkom 2010 5
Database Security Data is a valuable resource that must be
strictly controlled and managed, as with any corporate resource.
Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 6
Database Security Involves measures to avoid:
Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability
Teknologi Sistem Basis Data – MTI Fasilkom 2010 7
Database Security Threat
Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 8
Summary of Threats to Computer Systems
Teknologi Sistem Basis Data – MTI Fasilkom 2010 9
Typical Multi-user Computer Environment
Teknologi Sistem Basis Data – MTI Fasilkom 2010 10
Levels of Data Security Human level: Corrupt/careless User Network/User Interface Database application program Database system Operating System Physical level
Teknologi Sistem Basis Data – MTI Fasilkom 2010 11
Physical/OS Security Physical level
Traditional lock-and-key security Protection from floods, fire, etc.
E.g. WTC (9/11).
Protection from administrator error E.g. delete critical files
Solution Remote backup for disaster recovery Plus archival backup (e.g. DVDs/tapes)
Operating system level Protection from virus/worm attacks critical
Teknologi Sistem Basis Data – MTI Fasilkom 2010 12
Database Encryption
e.g. What if you store critical data? Partial solution: encrypt the database at storage level,
transparent to application Whole database/file/relation
Unit of encryption: page Column encryption
Main issue: key management E.g. user provides decryption key (password) when database is started up
Supported by many database systems Standard practice now to encrypt credit card information, and other
sensitive information
Teknologi Sistem Basis Data – MTI Fasilkom 2010 13
Security (Cont.)
Network level: must use encryption to prevent Eavesdropping: unauthorized reading of messages Masquerading:
pretending to be an authorized user or legitimate site, or
sending messages supposedly from authorized users
Teknologi Sistem Basis Data – MTI Fasilkom 2010 14
Network Security All information must be encrypted to prevent
eavesdropping Public/private key encryption widely used Handled by secure http - https://
Must prevent person-in-the-middle attacks E.g. someone impersonates seller or bank/credit card
company and fools buyer into revealing information Encrypting messages alone doesn’t solve this problem
Teknologi Sistem Basis Data – MTI Fasilkom 2010 15
Site Authentication
Digital certificates are used in https to prevent impersonation/man-in-the middle attack Certification agency creates digital certificate by
encrypting, e.g., site’s public key using its own private key
Verifies site identity by external means first! Site sends certificate to buyer Customer uses public key of certification agency to
decrypt certificate and find sites public key Man-in-the-middle cannot send fake public key
Sites public key used for setting up secure communication
Teknologi Sistem Basis Data – MTI Fasilkom 2010 16
Security at the Database/Application Program Authentication and
authorization mechanisms to allow specific users access only to required data
Authentication: who are you? Prove it!
Authorization: what you are allowed to do
Teknologi Sistem Basis Data – MTI Fasilkom 2010 17
Database vs. Application Application authenticates/authorizes users Application itself authenticates itself to
database Database password
DatabaseApplicationProgram
Teknologi Sistem Basis Data – MTI Fasilkom 2010 1818
User Authentication
Password Most users abuse passwords. For e.g.
Easy to guess passwordShare passwords with others
Smartcards Need smartcard + a PIN or password
Bill Gates
Teknologi Sistem Basis Data – MTI Fasilkom 2010 19
User Authentication Central authentication systems allow users to be
authenticated centrally LDAP or MS Active Directory often used for central
authentication and user management in organizations Single sign-on: authenticate once, and access
multiple applications without fresh authentication Microsoft passport, PubCookie etc Avoids plethora of passwords Password only given to central site, not to applications
Teknologi Sistem Basis Data – MTI Fasilkom 2010 20
Countermeasures – Computer-Based Controls
Concerned with physical controls to administrative procedures and includes: Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology
Teknologi Sistem Basis Data – MTI Fasilkom 2010 21
Countermeasures – Computer-Based Controls
Authorization The granting of a right or privilege, which
enables a subject to legitimately have access to a system or a system’s object.
Authentication is a mechanism that determines whether a user is, who he or she claims to be.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 22
Countermeasures – Computer-Based Controls
Access control Based on the granting and revoking of
privileges. A privilege allows a user to create or access
(that is read, write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities.
Privileges are granted to users to accomplish the tasks required for their jobs.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 23
Countermeasures – Computer-Based Controls
Most DBMS provide an approach called Discretionary Access Control (DAC).
SQL standard supports DAC through the GRANT and REVOKE commands.
The GRANT command gives privileges to users, and the REVOKE command takes away privileges.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 24
Countermeasures – Computer-Based Controls
View Is the dynamic result of one or more
relational operations operating on the base relations to produce another relation.
A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 25
Countermeasures – Computer-Based Controls Backup
Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media.
Journaling Process of keeping and maintaining a log file (or
journal) of all changes made to database to enable effective recovery in event of failure.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 26
Countermeasures – Computer-Based Controls
Integrity Prevents data from becoming invalid, and
hence giving misleading or incorrect results.
Encryption The encoding of the data by a special
algorithm that renders the data unreadable by any program without the decryption key.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 27
RAID (Redundant Array of Independent Disks) Technology Hardware that the DBMS is running on
must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.
Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 28
RAID (Redundant Array of Independent Disks) Technology The main hardware components that
should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans.
Disk drives are the most vulnerable components with the shortest times between failure of any of the hardware components.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 29
RAID (Redundant Array of Independent Disks) Technology One solution is to provide a large disk
array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 30
RAID (Redundant Array of Independent Disks) Technology Performance is increased through data
striping: the data is segmented into equal-size partitions (the striping unit), which are transparently distributed across multiple disks.
Reliability is improved through storing redundant information across the disks using a parity scheme or an error-correcting scheme.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 31
RAID (Redundant Array of Independent Disks) Technology There are a number of different disk
Teknologi Sistem Basis Data – MTI Fasilkom 2010 32
RAID 0 and RAID 1
RAID Level 0: Block striping; non-redundant. Used in high-performance applications where data lose is not critical.
RAID Level 1: Mirrored disks with block stripingOffers best write performance. Popular for applications such as storing log files in a database system.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 33
RAID 2 and RAID 3RAID Level 2: Memory-Style Error-Correcting-Codes (ECC) with bit striping.RAID Level 3: Bit-Interleaved Parity
•a single parity bit is enough for error correction and detection•When writing data, corresponding parity bits must also be computed and written to a parity bit disk•Subsumes Level 2 (provides all its benefits, at lower cost).
Teknologi Sistem Basis Data – MTI Fasilkom 2010 34
RAID 4 and RAID 5RAID Level 4
•Provides higher I/O rates for independent block reads than Level 3 •Provides high transfer rates for reads of multiple blocks than no-striping
•Before writing a block, parity data must be computed •Parity block becomes a bottleneck for independent block writes since every block write also writes to parity disk
RAID Level 5: •Block-Interleaved Distributed Parity; partitions data and parity among all N + 1 disks, rather than storing data in N disks and parity in 1 disk.
•E.g., with 5 disks, parity block for nth set of blocks is stored on disk (n mod 5) + 1, with the data blocks stored on the other 4 disks.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 35
Security in Microsoft Office Access DBMS Provides two methods for securing a
database: setting a password for opening a database
(system security); user-level security, which can be used to
limit the parts of the database that a user can read or update (data security).
Teknologi Sistem Basis Data – MTI Fasilkom 2010 36
Securing the DreamHome database using a password
Teknologi Sistem Basis Data – MTI Fasilkom 2010 37
User and Group Accounts dialog box for the DreamHome database
Teknologi Sistem Basis Data – MTI Fasilkom 2010 38
User and Group Permissions dialog box
Teknologi Sistem Basis Data – MTI Fasilkom 2010 39
Creation of a new user with password authentication set
Teknologi Sistem Basis Data – MTI Fasilkom 2010 40
Log on dialog box
Teknologi Sistem Basis Data – MTI Fasilkom 2010 41
Setting the Insert, Select, and Update privileges
Teknologi Sistem Basis Data – MTI Fasilkom 2010 42
DBMSs and Web Security Internet communication relies on TCP/IP
as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.
Teknologi Sistem Basis Data – MTI Fasilkom 2010 43
DBMSs and Web Security Must ensure while transmitting
information over the Internet that: inaccessible to anyone but sender and receiver
(privacy); not changed during transmission (integrity); receiver can be sure it came from sender
(authenticity); sender can be sure receiver is genuine (non-
fabrication); sender cannot deny he or she sent it (non-
repudiation).
Teknologi Sistem Basis Data – MTI Fasilkom 2010 44
DBMSs and Web Security Measures include:
Proxy servers Firewalls Message digest algorithms and digital signatures Digital certificates Kerberos Secure sockets layer (SSL) and Secure HTTP (S-HTTP) Secure Electronic Transactions (SET) and Secure Transaction
Technology (SST) Java security ActiveX security
Teknologi Sistem Basis Data – MTI Fasilkom 2010 45