230 likes | 247 Views
3C13/D6. II. Selected Database Issues . Part 1: Security Lecture 3 Lecturer: Chris Clack. 1. Content. Content. 3.1 Objectives 3.2 DBMS and Web security - 3.2.1 Proxy servers - 3.2.2 Firewalls - 3.2.3 Message digest algorithms and digital signatures
E N D
3C13/D6 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack
1. Content Content 3.1 Objectives 3.2 DBMS and Web security - 3.2.1 Proxy servers - 3.2.2 Firewalls - 3.2.3 Message digest algorithms and digital signatures - 3.2.4 Digital certificates - 3.2.5 Kerberos - 3.2.6 Secure sockets layer and secure HTTP - 3.2.7 Secure electronic transactions and secure technology - 3.2.8 Java security - 3.2.9 ActiveX security
3.1 Objectives Objectives In this Lecture you will learn: • Approaches for securing a DBMS on the Web
3.2 DBMS and Web security DBMS and Web security • Internet communications rely on TCP/IP as the underlying protocol. • These, along with HTTP were not designed with security in mind. • Without special software all information is traveling ‘in the clear ’ (anyone monitoring it can read it) • This form of attack is easy with freely available `packet sniffing’ software. • Need to transmit and receive information while ensuring: • Privacy: it is inaccessible to anyone but the sender and receiver • Integrity: it has not been changed during transmission • Authenticity: the receiver can be sure it came from the sender • Non-fabrication: the sender can be sure the receiver is genuine • non-repudiation: the sender cannot deny he or she sent it
3.2 DBMS and Web security DBMS and Web security Once information reaches the Web server, it needs to be protected Need to ensure secured access to and of the database, given the popular three-tier architecture in a Web environment. Need to watch executable content: HTML pages may contain ActiveX controls, JavaScript/ VBScript.
3.2 DBMS and Web security DBMS and Web security • Executables can perform the following malicious actions, measures need to be taken to prevent them: • corrupt data or the execution state of a program • reformat complete disks • perform a total system shutdown • collect and download confidential data, such as files or passwords to other sites • usurp identity and impersonate the user or user’s computer to attack other targets on the network • Lock up resources making them unavailable for legitimate users and programs • cause non-fatal but unwelcome effects, especially on output devices
3.2 DBMS and Web security Web Proxy Servers Web proxy server: in a Web environment it is a computer that sits between a Web browser and a Web server. It intercepts all requests to the Web server to see if it can fulfill them itself if not then it forwards them on. two main purposes: 1. Improve Performance:It saves the results of all requests for a certain amount of time. Much faster. 2. Filter requests:an organisation may want to prevent its employees from accessing a certain set of Web sites, a proxy server can do this.
3.2 DBMS and Web security Fire Walls Firewall: A system designed to prevent unauthorized access or to form a private network. Can be implemented in hardware or software or both. Frequently used to stop unauthorized internet users accessing an intranet. All messages attempting to enter or leave the private network must pass its security criteria to pass through it. Standard security advice: Web servers are unconnected to any in-house networks and regularly backed up. Firewall technology can help prevent unauthorized access when the Web server has to be connected to an internal network.
3.2 DBMS and Web security Fire Walls • Several types of Firewall technique: • Packet Filter:looks at each packet entering/leaving the network and accepts/rejects based on user defined rules. Fairly effective. Transparent to users. Difficult to configure. Susceptible to ‘IP spoofing‘ . Can degrade performance. • Application gateway:applies security mechanisms to specific applications, i.e. Telnet and FTP. Effective but can degrade performance. • Circuit-level gateway:applies security mechanisms when a TCP or UDP (User Datagram Protocol) connection is established. Once connection is made, packets flow freely between hosts without further checking. • Proxy server:intercepts all messages entering/leaving network. In effect hides the true network addresses. (cf. Web Proxy Server) • In practice many firewalls provide more than one technique. First line of defense in protecting private information. For greater security, data should be encrypted.
3.2 DBMS and Web security Message digest algorithms • ‘Message digest algorithm’ • or ‘one-way hash function’ : • takes arbitrary sized string (message) and generates a fixed length string (the digest or hash). • A digest has the following characteristics: • it should be computationally infeasible to find another message that will generate the same digest. • the digest reveals nothing about the message.
3.2 DBMS and Web security Digital signatures • ‘Digital signature’ consists of two parts: • a string of bits computed from the data that is being signed’ • 2. the private key of the individual or organization giving the signature. • The signature can be used to verify the data came from the individual or • organization. Its useful properties are: • its authenticity can be verified, using a computation based on the corresponding public key • it cannot be forged (assuming the private key is kept secret) • it cannot be claimed to be the signature for any other data • the signed data cannot be changed, otherwise the signature will no longer verify the data as being authentic
3.2 DBMS and Web security Digital Certificate • Digital certificate: Attachment to electronic message used for security purposes (e.g. verify user sending message). Provides receiver with means to encode reply. • Sender applies for certificate from Certificate Authority (CA). • CA issues encrypted certificate containing applicants public key and other identification information. • CA makes its own public key readily available. • Recipient uses CA’s public key to decode certificate attached to message, verifies it as issued by CA. • Recipient obtains senders public key and identification information held within certificate. With this information, recipient can send an encrypted reply. • CA’s role is critical, acting as go-between. As the clients and servers may • not yet have established mutual trust yet both want to have a secure session.
3.2 DBMS and Web security Kerberos ‘Kerberos’: A server of secured user names and passwords (named after the three-headed monster in Greek mythology that guarded the gates of hell). Provides one centralized security server for all data and resources on network: Database access, login, authorization control, and other security features. Has similar function to that of Certificate server: to identify and validate a user. .
3.2 DBMS and Web security Secure sockets layer (SSL) ‘Secure sockets layer (SSL)’: Encryption protocol for transmitting private documents. Designed to prevent eavesdropping, tampering, and message forgery. Works by using private key to encrypt data that is transferred over SSL connection. (see http://developer.netscape.com/tech/security/ssl/howitworks.html ) Layered between application-level protocols such as HTTP and TCP/IP transport-level protocol. Thus, may be used for other application-level protocols such as FTP and NNTP. Netscape and Internet Explorer support SSL. Used to gain credit card information by many Web sites
3.2 DBMS and Web security secure HTTP • ‘secure HTTP’:Protocol for securely transmitting individual • messages over Web. A modified version of the standard HTTP • protocol. • SSL and S-HTTP use techniques such as encryption, digital signatures, and: • allow browsers and servers to authenticate each other • allow controlled access to Web site • ensure data exchanged between browser and server is secure and reliable. • SSL creates a secure connection over which any amount of data can be • sent securely. S-HTTP transmits individual messages only. Complementary • rather than competing technologies.
3.2 DBMS and Web security Secure Electronic Transactions (SET) • ‘Secure Electronic Transactions (SET)’: Open, interoperable • standard for processing credit card transactions over Internet, in simple • and secure way. • To address privacy concerns, the transaction is split such that: • The merchant has access to information about: • what is being purchased, • how much it costs, • whether payment is approved, • But no information on • what payment method customer is using. • The card issuer (e.g. Visa) has access to • purchase price, payment method • But no information on • type of merchandise involved. • Certificates are heavily used by SET, both for certifying cardholder and for certifying that merchant has relationship with financial institution.
3.2 DBMS and Web security Secure Electronic Transactions (SET)
3.2 DBMS and Web security Java security ‘The Java Sandbox’: ensures untrusted application cannot gain access to system resources. Involves three components: 1. class loader 2. bytecode verifier 3. security manager Safety features are provided by the language and the Java Virtual Machine (JVM), and enforced by compiler and runtime system.
3.2 DBMS and Web security Java security • 1. Classloader • Allocates (hierarchically structured) namespace for each class. • Never allows class from less protected namespace to replace class from more protected namespace. • Thus, I/O primitives, defined in local Java class, cannot be invoked or overridden by classes from outside local machine. • 2. Bytecode verifier • JVM verifies bytecode instructions before allowing application/ applet to run. Typical checks include verifying: • - Compiled code is correctly formatted. • - Internal stacks will not overflow/underflow. • - No illegal data conversions will occur. • - Bytecode instructions are appropriately typed. • - All class member accesses are valid.
3.2 DBMS and Web security Java security • 3. The Security Manager • Each Java application defines and implements its own security policy. • A Java-enabled browser contains its own Security Manager, and any applets it downloads are subject to its policies. • Generally, downloaded applets are prevented from: • Reading and writing files on clients file system. • Making network connections to machines other than host. • Starting other programs on the client. • Loading libraries. • Defining method calls. These restrictions apply to applets downloaded over Internet/intranet. Do not apply to applets on clients local disk and in directory on CLASSPATH. Local applets are loaded by file system loader and can read and write files, exit JVM, and are not passed through the bytecode verifier.
3.2 DBMS and Web security ActiveX • The ActiveX security model: Considerably different from Java applets in that it places no restrictions on what a control can do. • Each ActiveX control can be digitally signed by its author using system called Authenticode. • Digital signatures are then certified by CA. • This security model places responsibility for the computers security on the user. • Before the browser downloads an ActiveX control that has not been • signed or has been certified by an unknown CA it presents a dialog • box warning the user the action may be unsafe.
3.3 Summary Summary • 3.2 DBMS and Web security • Proxy servers • Firewalls • Message digest algorithms and digital signatures • Digital certificates • Kerberos • Secure sockets layer and secure HTTP • Secure electronic transactions and secure technology • Java security • ActiveX security NEXT LECTURE: Selected Database Issues 2: Transaction Management: - Concurrency - Serializability - Protocols to prevent conflict.