380 likes | 537 Views
Unit -3. Implementing Security In Databases. Introduction :-. Because of the importance of data and information of organization database security is an important issue in database management. The data stored in DBMS is vital to the organization and is consider as a corporate assets.
E N D
Unit -3 Implementing Security In Databases
Introduction :- • Because of the importance of data and information of organization database security is an important issue in database management. • The data stored in DBMS is vital to the organization and is consider as a corporate assets. • Thus database represent as an essential recourse of an organization, that should be properly secured. • Because of the use of distributed database with client/server architecture, the database environment become more complex. • Managing database security has become more difficult and time consuming. • Therefore it important for the DBA to develop overall policies, procedures and appropriate controls to protect the databases.
The goal of security is the protection of data against threats such as accidental or intentional loss. • These threats create the problems to the database integrity. • Threats may be defined as any situation or event, whether intentional or accidental that may affect the system and consequently the organization. • A threat may be caused by a situation or event involving a person, action or circumstances that are likely to harm an organization. • The harm may be tangible such as loss of hardware, software or data. That harm may be intangible, such as loss of creditably or client confidence in the organization. • Database security involves allowing or disallowing user from performing action on the database thus protecting the database from misuse.
DBA is responsible for overall security of database system. Therefore the DBA of an organization must identify the most serious threats and enforce security to take appropriate control actions to minimize these threats. • Any individual user or a user group needing to access database system, applies to DBA for a user account. • The DBA then create an account number and password for user to access the database basis on policy of organization. • The user afterword login to the DBMS using the given account number and password whenever database access is needed. • The DBMAS checks for the validity for the user’s given account number and password. Then the valid user is permitted to use the DBMS and access the database. • DBMS maintain these two fields of user account and password by creating an encrypted tables.
Threats to database security may be direct, for example, browsing, changing or stealing of data by an unauthorized user access. • To ensure the secure database, all parts of the system must be secure including the database, the hardware, the operating system, networks, users and even the building and houses of the computer system. • Some of the threats that must be addressed in a database security plan are as follows : • Loss of availability • Loss of data integrity • Loss of confidentiality or secrecy • Loss of privacy • Theft and fraud • Accidental losses
Loss of Availability means that the data or the system or both can not be access by the users. This situation can arise due to the crash of hardware, networks or applications. The loss of availability can seriously cause operational difficulties and effect the financial performance of an organization. • Loss of Data Integrity causes invalid or corrupted data which may seriously effect the operation of an organization. Unless data integrity is restore through established backup and recovery procedure, an organization may suffer serious losses or make incorrect and expensive decisions based on the wrong or invalid data. • Loss of Confidentiality refers to loss of protecting or maintaining secrecy over critical data of the organization, which may have strategic value to the organization. Loss of confidentiality may lead to loss of competitiveness.
Loss of Privacy refers to loss of protecting data from individual. Loss of privacy could lead to blackmail, bribery (corruption), public embarrassment, stealing of user password or action being taken against the organization. • Theft and Fraud affects not only the database environment but also the entire organization. Since this situation is relate to the involvement of people attention should be given to reduce opportunity for the occurrence of these activities. For example, control of physical security, so that unauthorized person can not able to gain access to the computer room. Another example of security procedure could be establishment of a firewall to protect from unauthorized access. • Accidental Losses could be unintentional threats including human error, software and hardware.
Authorization :- • Authorization is the process of a grating of right or privileges to the user to have a limited access to a system or objects of the system. • It is an administrative policy of the organization, express as a set of rules that can be used to determine which user has what type of access to which portion of database. • Authentication :- • Authentication is a mechanism that determines whether a user is who he or she claims to be. In other words, an authentication checks whether a user operating upon the database is allow to doing so or not. It verify the identity of the user. • The simplest form of authentication is a simplest consists of a secret password which must be presented when a connection is open to database.
Authorization and Authentication controls can be built into the software. Authorization rules are incorporated in DBMSs that restrict access to data and also restrict the action that people may take when they access data. • For example, a user using a particular password may be authorized to read any record from database but cannot necessarily modify any of those records. • For this reason authentication controls are sometimes refer to as access controls. • Following two types of access control techniques are used in database security system: • Discretionary access control. • Mandatory access control.
(1) Discretionary access control :- (DAC) • DAC is based on the concept of privileges and mechanism for giving such a privileges to user. • It grant the privileges to user on different object, including capability to access specific data file, records or fields in specified mode, such as, read, insert, delete or update or combination. • A user who create a database object such as a table or view automatically gets all applicable privileges on that object. • The DBMS keep track of how these privileges are granted to other users and it is very flexible.
Granting/Revoking Privileges :- • Granting and revoking privileges to the users is the responsibility of database administrator of DBMS. • DBA classifies users and data in accordance with the policy of the organization. • DBA privileged commands include commands for granting and revoking privileges to individual accounts, users or user groups. • It performs the following types of actions : • Account Creation :- This action create a new account and password for a user or a group of users to enable them to access a database. • Privilege Granting:- This action permits the DBA to grant certain privileges to certain accounts. • Privilege Revoking :- this action permits DBA to revoke certain privileges that were previously given to certain accounts.
Security Level Assignment :- This action consists of assigning user accounts to the appropriate security classification level. • The account level privilege assignment :-
Examples of GRANT Privileges :- • Syntax :- GRANT {ALL | privilege list} ON {table-name [column list] | view-name [column list]} TO {PUBLIC | user list} [WITH GRANT OPTION] or GRANT {ALL | privilege list [column list]} ON {table name | view name} TO {PUBLIC | user list} [WITH GRANT OPTION]
Examples of REVOKE Privileges :- • Syntax :- REVOKE {ALL | privilege list} ON {table-name [column list] | view-name [column list]} FROM {PUBLIC | user list} or REVOKE {ALL | privilege list [column list]} ON {table name | view name} FROM {PUBLIC | user list}
Audit Trail :- • An Audit Trail is a special file or database in which the system automatically keep track of all operations performed by user on the regular data. • It is a log of all changes to the database along with information such as which user performed the changes and when the changes were performed. • In some system Audit Trail is physically integrated with the transaction log, in others the Audit Trail and transaction log might be distinct. • The Audit Trail provide the security to the database. For example, if the balance of the bank account is found to be incorrect, bank may wish to track all the updates performed on the account to find out incorrect updates, well as the person who carried out the updates.
A typical Audit Trail entry might contain the information as following :- • Request (Source Text) • Terminal from which the operation was evoked. • User who evoked the operation. • Date and time of the operation. • Tuples and attributes affected. • Old value. • New value.
(2) Mandatory Access Control :- (MAC) • MAC is based on system-wide policies that cannot be changed by individual users. • It is used to enforced multilevel security by classifying the data and user into various security classes or levels and then implementing the appropriate security policy of the organization. • Thus, in this schema each data object is labeled with a certain classification level and each user is given a certain clearance level. • A given data object can then be accessed only by users with the appropriate clearance of a particular classification level. • Thus, a MAC technique classifies data and users based on security classes such as Top Secret (TS), Secret (S), Confidential (C) and Unclassified (U).
The DBMS determines whether a given user can read or write a given object based on certain rules that involve the security level of the object and the clearance of the user. • The commonly used MAC technique for multilevel security is known as the Bel-LaPadula model. • The Bel-LaPadula model is describe in terms of Subject (Users, Accounts, Programs), Objects (Relations or Tables, Tuples, Attributes, Views, Operations) and clearance. • This model classifies each subject and object into one of the security classification TS, S, C, U. • The security classes in a system are organized according to a particular order, with a most secure class and a least secure class.
This model enforces following two restrictions on data access based on the subject/object classification. • Simple Security Property :- • In this case, a subject S is not allowed read access to an object O unless classification of subject S is greater then or equal to classification of object O . class(S) ≥ class(O) • Star Security Property :- • In this case, a subject S is not allowed to write an object O unless classification of subject S is less then or equal to classification of an object O. class (S) ≤ class (O)
While transferring data (packages) from one network to the another network some of the packages which we are sending to the outside of the network as well as we are receiving some of the packages from outside network to the inside network. • At this time for the purpose of security database administrator needs some mechanism that can “keep good bits in and keep bad bits out”. • One method is to used Encryption. However, encryption does nothing to keep digital pest And hackers out. • To Accomplish this goal we need to look at “Firewall”. • While data transferring data packets, each and every sending data packet as well as received data packets has to go through the Firewall.
A firewall is a designed to prevent unauthorized access to or form a private network. Firewalls can be implemented in both hardware and software, or a combination of both. • They are frequently use to prevent unauthorized Internet users from accessing private network connecting to the Internet, especially to the Intranet. • All messages entering and leaving the internet passes to the firewall, which examine each messages and blocks those that do not meet the specified security criteria. • Following are some of the firewall techniques : • Packet filter :- • Application Gateway :- • Circuit-level Gateway :- • Proxy Server :-
Packet Filter :- • Packet Filter looks at each packet entering or leaving the network and accept or reject it based on user-defined rules. • Packet Filtering is a fairly effective mechanism and transparent to user. • Application Gateway :- • In a application gateway, security mechanism is applied to specific applications such as File Transfer Protocol (FTP), and Telnet Servers.
Circuit-level Gateway :- • These security mechanisms are applied when a Transport Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established. Once the connection has been made, packets can flow between the host without further checking. • Proxy Server :- • Proxy Server intercepts all messages entering and leaving the network. In Proxy Server in effect hide the true network address.
Statistical database security system is used to control the access to a statistical database, which is used to provide statistical information or summaries of values based on various criteria. • A Statistical database contains confidential information about individuals or organizations, which is used to answer a Statistical queries concerning sum, average, and numbers with certain characteristics. • Thus a Statistical database permits queries that derive aggregated information, for example, sums, averages, counts, maximums, minimums, standard deviations, means, totals, or a query such a “What is the average salary of managers?”. They do not permits queries that derived individual information such as “What is a salary of employee named Kartik?”. • In Statistical queries, Statistical functions are applied to a population of tuples. A population is a set of tuples of a relation that satisfy some selection condition.
For example, let us consider a relation schema EMPLOYEE : • Each selection condition on the EMPLOYEE relation will specify a particular population of EMPLOYEE tuples. • For example, the condition Gender = ‘M’ specifies the Male population and condition (Gender = ‘M’ and City = ‘Rajkot’) specifies the Male population who lives in Rajkot. • Statistical database security prohibits users not to retrieve individual data, such as the salary of a specific employee. • This is controlled by prohibiting queries that retrieve attribute values and by allowing only queries that involves Statistical aggregate functions such as SUM, MIN, MAX, MEAN, COUNT etc.
Data encryption is a method of coding or scrambling of data so that humans can not read them. • In this method data is encrypted by a special algorithm that renders the data unreadable by any program or human without the decryption key. • This technique is used to protect from threats in user attempt to bypass the system. For example, by physically removing the part of database or by tapping into a communication line and so on. • Data encryption technique convert the readable data into a unreadable data by use of an algorithm. • Encrypted data can not be read by any user unless that user knows the encryption method.
Some of the encryption schemas that are used in database security are as follows : • Simple Substitution Method :- • Polyalphabetic Substitution Method :- • Simple Substitution Method :- • In this method each letter of plaintext is shifted to its immediate successor in the alphabet. • The blank space appears immediately before the alphabet ‘a’ and it follows the alphabet ‘z’. • For example the message “Well done” is encrypted as follows : • Encrypted form :- “xfmmaepof”
Polyalphabetic Substitution Method :- • In this method an encryption key is used. • Suppose we want to encrypt the message “Drive slow”. But now an encryption key is given as, say for example, “safety”. • The encryption is done as follow: • The key is aligned between the plain text and is repeated as many times as necessary for the plaintext to be completely covered. In this example we would have Well done safetysaf
The blank space occupies the 27th (Last but one), and 28th (Last) position in the alphabet. For each character, alphabet position of the plain text character and that of the key character is added. • The resultant number is divided by 27 and reminder is kept separately. • For our example first letter of the plain text ‘W’ is found at 23rd position and first letter of key ‘s’ is found at 19th position. Thus, (23+19) = 42. the reminder after division by 27 is 15. • This process is called division modulus 27. • Now we can find the letter at 15th position is ‘O’ thus the plain text letter ‘W’ is encrypted as ‘O’ in the cipher text. • In this way all the letters can be encrypted.