chapter5_db_security.pdf

Computer Security:

Computer Security:

Principles and Practice

Principles and Practice

First Edition First Edition

by William Stallings and Lawrie Brown by William Stallings and Lawrie Brown

Chapter 5 –

Agenda

Agenda

 Questions and Review_{Questions and Review}

 Database Security Lecture_{Database Security Lecture}

 Break_Break

Announcements

Announcements

 IT Club this Tuesday and Wednesday_{IT Club this Tuesday and Wednesday}

 7:00 to 9:007:00 to 9:00  Extra helpExtra help

 PMI project updatePMI project update

 Quiz for CITA-250 this Friday_{Quiz for CITA-250 this Friday}

 Supplemental Readings posted to Website_{Supplemental Readings posted to Website}

Questions and Review

Questions and Review

 Are there questions about previous _{Are there questions about previous}

material? material?

 Quiz will be multiple choice_{Quiz will be multiple choice}  Covers chapters 1 – 4_{Covers chapters 1 – 4}

Database Security Overview

Database Security Overview

 Issues regarding privacy and information_{Issues regarding privacy and information}  Database review (very brief)_{Database review (very brief)}

 Database Security Mechanisms_{Database Security Mechanisms}  Database Vulnerabilities_{Database Vulnerabilities}

 Database Countermeasures_{Database Countermeasures}

 Advanced Technologies for Database _{Advanced Technologies for Database}

Database Security Issues

Database Security Issues

 Individuals have a right to privacy_{Individuals have a right to privacy}

 Society has a right to information_{Society has a right to information}

 How do we balance these conflicting _{How do we balance these conflicting}

needs? needs?

 Example: medical information_{Example: medical information}

 Thesis_Thesis: as the use of databases increases, _{: as the use of databases increases,}

the conflict between privacy and the conflict between privacy and

Database Security: Outline

Relational Databases

Relational Databases

 constructed from tables of data_{constructed from tables of data}

 each column holds a particular type of dataeach column holds a particular type of data  each row contains a specific value theseeach row contains a specific value these

 ideally has one column where all values are ideally has one column where all values are

unique, forming an identifier/key for that row unique, forming an identifier/key for that row

 _{have multiple tables linked by identifiershave multiple tables linked by identifiers}

 use a query language to access data _{use a query language to access data}

Relational Database Example

Relational Database Elements

Relational Database Elements

 relation / table / file_{relation / table / file}

 tuple / row / record_{tuple / row / record}

 attribute / column / field_{attribute / column / field}

 primary key_{primary key}

 uniquely identifies a rowuniquely identifies a row

 foreign key_{foreign key}

 links one table to attributes in anotherlinks one table to attributes in another

Relational Database Elements

Structured Query Language

Structured Query Language

 Structure Query Language (SQL)_{Structure Query Language (SQL)}

 originally developed by IBM in the mid-1970soriginally developed by IBM in the mid-1970s  standardized language to define, manipulate, standardized language to define, manipulate,

and query data in a relational database and query data in a relational database

 several similar versions of ANSI/ISO standardseveral similar versions of ANSI/ISO standard

CREATE TABLE department (

Did INTEGER PRIMARY KEY, Dname CHAR (30),

Dacctno CHAR (6) )

CREATE TABLE employee ( Ename CHAR (30), Did INTEGER,

SalaryCode INTEGER,

Eid INTEGER PRIMARY KEY, Ephone CHAR (10),

FOREIGN KEY (Did) REFERENCES department (Did) )

CREATE VIEW newtable (Dname, Ename, Eid, Ephone)

AS SELECT D.Dname E.Ename, E.Eid, E.Ephone

FROM Department D Employee E

Database Security

Database Security

Mechanisms

Mechanisms

 SQL Access Control_{SQL Access Control}  Encryption_Encryption

 Database Security depends on_{Database Security depends on}

 Physical SecurityPhysical Security

Database Access Control

Database Access Control

 DBMS provide access control for database_{DBMS provide access control for database}  assume have authenticated user_{assume have authenticated user}

 DBMS provides specific access rights to portions _{DBMS provides specific access rights to portions}

of the database of the database

 e.g. create, insert, delete, update, read, writee.g. create, insert, delete, update, read, write

 to entire database, tables, selected rows or columnsto entire database, tables, selected rows or columns  possibly dependent on contents of a table entrypossibly dependent on contents of a table entry

 _{can support a range of policies:can support a range of policies:}

 centralized administrationcentralized administration

SQL Access Controls

SQL Access Controls

 two commands:_{two commands:}

 _{GRANT { privileges | role } [ON table] GRANT { privileges | role } [ON table]}

TO { user | role | PUBLIC } [IDENTIFIED TO { user | role | PUBLIC } [IDENTIFIED BY password] [WITH GRANT OPTION]

BY password] [WITH GRANT OPTION]

• e.g. GRANT SELECT ON ANY TABLE TO ricflair_{e.g. GRANT SELECT ON ANY TABLE TO ricflair}

 _{REVOKE { privileges | role } [ON table] REVOKE { privileges | role } [ON table]}

FROM { user | role | PUBLIC } FROM { user | role | PUBLIC }

• e.g. REVOKE SELECT ON ANY TABLE FROM ricflair_{e.g. REVOKE SELECT ON ANY TABLE FROM ricflair}

 typical access rights are:_{typical access rights are:}

Cascading Authorizations

Role-Based Access Control

Role-Based Access Control

 _{role-based access control work well for DBMSrole-based access control work well for DBMS}

 eases admin burden, improves securityeases admin burden, improves security

 _{categories of database users:categories of database users:}

 application ownerapplication owner

 end userend user

 administratoradministrator

Database Encryption

Database Encryption

 _{databases typical a valuable info resourcedatabases typical a valuable info resource}

 protected by multiple layers of security: firewalls, protected by multiple layers of security: firewalls, authentication, O/S access control systems, DB

authentication, O/S access control systems, DB

access control systems, and database encryption

access control systems, and database encryption

 _{can encryptcan encrypt}

 entire database - very inflexible and inefficiententire database - very inflexible and inefficient  individual fields - simple but inflexible individual fields - simple but inflexible

 records (rows) or columns (attributes) - bestrecords (rows) or columns (attributes) - best

• also need attribute indexes to help data retrieval_{also need attribute indexes to help data retrieval}

Database Encryption

Database Security

Database Security

Vulnerabilities

Vulnerabilities

 Due to dependencies, databases suffer _{Due to dependencies, databases suffer}

from the same kinds of vulnerabilities as from the same kinds of vulnerabilities as

other system services other system services

 Availability can be compromised with DoSAvailability can be compromised with DoS  Integrity and Confidentiality can be Integrity and Confidentiality can be

compromised with authentication and compromised with authentication and

authorization problems authorization problems

 Confidentiality also suffers from something _{Confidentiality also suffers from something}

Inference

Inference

 Definition_Definition: the process of performing _{: the process of performing}

authorized queries and deducing authorized queries and deducing

unauthorized information from legitimate unauthorized information from legitimate

responses received responses received

 Occurs when_{Occurs when}

 Combinations of data are highly sensitiveCombinations of data are highly sensitive  Combinations of data can be used to infer Combinations of data can be used to infer

Inference

Inference Example

Inference Countermeasures

Inference Countermeasures

 inference detection at database design_{inference detection at database design}

 alter database structure or access controlsalter database structure or access controls

 inference detection at query time_{inference detection at query time}

 by monitoring and altering or rejecting queriesby monitoring and altering or rejecting queries

 need some inference detection algorithm _{need some inference detection algorithm}

 a difficult problema difficult problem

Statistical Databases

Statistical Databases

 provides data of a statistical nature_{provides data of a statistical nature}

 e.g. counts, averagese.g. counts, averages

 two types:_{two types:}

 pure statistical databasepure statistical database

 ordinary database with statistical accessordinary database with statistical access

• some users have normal access, others statistical_{some users have normal access, others statistical}

 access control objective to allow statistical _{access control objective to allow statistical}

Statistical Database Security

Statistical Database Security

 use a characteristic formula C_{use a characteristic formula C}

 a logical formula over the values of attributesa logical formula over the values of attributes

 _e.g.e.g.

(Sex=Male) AND ((Major=CS) OR (Major=EE))

 query set X(_{query set X(}C_C) of characteristic formula _{) of characteristic formula} C_C, _,

is the set of records matching C is the set of records matching C

 a statistical query is a query that produces _{a statistical query is a query that produces}

Statistical Database Example

Countermeasures

Countermeasures

 Query Restriction_{Query Restriction}

 Rejects a query that can lead to a Rejects a query that can lead to a

compromise compromise

 Perturbation (data or output)_{Perturbation (data or output)}

 Answers all queries but answers are Answers all queries but answers are

Protecting

Protecting

Against

Against

Inference

Query Restriction

Query Restriction

 Query Size Restriction_{Query Size Restriction}

 Limit query size to number larger than nLimit query size to number larger than n

 Defeated by issuing several queries with _{Defeated by issuing several queries with}

considerable overlap considerable overlap

Tracker Attacks

Tracker Attacks

 divide queries into parts_{divide queries into parts}

 C = C1.C2C = C1.C2

 count(C.D) = count(C1) - count (C1. ~count(C.D) = count(C1) - count (C1. ~C2)C2)

 combination is called a tracker_{combination is called a tracker}

Other Query Restrictions

Other Query Restrictions

 query set overlap control_{query set overlap control}

 limit overlap between new & previous querieslimit overlap between new & previous queries  has problems and overheads: cooperationhas problems and overheads: cooperation

 partitioning_partitioning

 cluster records into exclusive groupscluster records into exclusive groups  only allow queries on entire groupsonly allow queries on entire groups

 query denial and information leakage_{query denial and information leakage}

 denials can leak informationdenials can leak information

Perturbation

Perturbation

 _{add noise to statistics generated from dataadd noise to statistics generated from data}

 will result in differences in statisticswill result in differences in statistics

 data perturbation techniques_{data perturbation techniques}

 data swappingdata swapping

 generate statistics from probability distributiongenerate statistics from probability distribution

 _{output perturbation techniquesoutput perturbation techniques}

Advanced Technologies for

Advanced Technologies for

DB Security

DB Security

 A negative image of a set of data records is A negative image of a set of data records is

represented rather than the actual records represented rather than the actual records

 U represents the universe of finite-length recordsU represents the universe of finite-length records

 DB represents the positive records (positive)DB represents the positive records (positive)

 NDB = U – DB represents the records NOT in the NDB = U – DB represents the records NOT in the

DB (negative)

DB (negative)

Negative Databases

Negative Databases

 Online Demo _{Online Demo}

 Why is this so important?_{Why is this so important?}

 Protects against casual observersProtects against casual observers  Can protect against inferenceCan protect against inference

 Huge benefit for public policyHuge benefit for public policy

 Collect negative information from peopleCollect negative information from people

• No privacy concern_{No privacy concern}

Summary

Summary

 introduced databases and DBMS_{introduced databases and DBMS}

 relational database review_{relational database review}

 database access control issues_{database access control issues}

 SQL, role-basedSQL, role-based

 inference_inference

 statistical database security issues_{statistical database security issues}

 database encryption_{database encryption}  Negative databases_{Negative databases}

Break

Break

 Please enjoy a short break_{Please enjoy a short break}

 When we return, we will consider the _{When we return, we will consider the}

impact of technology on privacy in our impact of technology on privacy in our

Case Study 2:

Case Study 2:

What was privacy?

What was privacy?

 Where does an individual's right to privacy _{Where does an individual's right to privacy}

end and society's right to quality end and society's right to quality

information begin? information begin?

 Read the Case Study_{Read the Case Study}

 Answer the questions_{Answer the questions}

 _{Develop a point of view and discussDevelop a point of view and discuss}