Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Published byBeatrix Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM."— Presentation transcript:

1

2 Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM

3 Database Security I know that’s a secret, for it’s whispered everywhere. ------ William Congreve

4 Security  Introduction to Database Security  Discretionary Access Control  Mandatory Access Control  Additional Issues Related to Security

5 Introduction To DB Security Three main objectives  Secrecy  Integrity  Availability

6 Secrecy  Information should not be disclosed to unauthorized users. –For example, a student should not be allowed to examine other students’ grades.

7 Integrity  Only authorized users should be allowed to modify data. –For example, students may be allowed to see their grades, yet not allowed to modify them.

8 Availability  Authorized users should not be denied access. –For example, an instructor who wishes to change a grade should be allowed to do so.

9 Introduction To DB Security  Security policy describes the security measures enforced.  Security mechanisms of the underlying DBMS must be utilized to enforce the policy.

10 Introduction To DB Security  Security measures must be taken at several levels.  Security leaks in the operating system or network connections can circumvent database security mechanisms.

11 Introduction To DB Security Views provide a valuable tool in enforcing security policies.  A view is a table whose rows are not explicitly stored in the database but are computed as needed from a view definition.

12 Introduction To DB Security  We can define views that give a group of users access to just the information they are allowed to see.  For example, we can define a view that allows students to see other students’ name and age but not their grade, and allow all students to access this view, but not the underlying Students table.

13 Introduction To DB Security  Views are valuable in the context of security. -- Create a “window” on a collection of data -- Limit access to sensitive data

14 Access Control  An Access Control mechanism is a way to control the data that is addressable to a given user.

15 Discretionary Access Control  Discretionary access control: –Based on the concept of privileges, and mechanisms for giving users such privileges.

16 privilege  A privilege allows a user to access some data object in a certain manner (e.g., to read or to modify).  SQL-92 supports discretionary access control through GRANT and REVOKE commands.

17 Mandatory Access Control  Mandatory access control is based on systemwide policies that cannot be changed by individual users.  Each database object is assigned a security class ; each user is assigned clearance for a security class, and rules are imposed on reading and writing of database objects by users.

18 Mandatory Access Control  SQL-92 standard does not include any support for mandatory access control.

19 An example will be used for interpreting the details of access control later  Schemas used in example  Sailors(sid:integer, sname:string, rating:integer, age:real)  Boats(bid:integer, bname:string, color:string)  Reserves(sname:string, bid:integer, day:dates)

20 Discretionary Access Control Discretionary Access Control

21 Discretionary access control  It is based on the concept of access rights, or privileges, and mechanisms for giving users such privileges.  A privilege allows a user to access some database object in a certain manner  SQL-92 supports discretionary access control through the GRANT and REVOKE commands.

22  Advantage: effective  Disadvantage: a devious unauthorized user can trick an authorized user into disclosing sensitive data

23  GRANT command: Give users privileges to base tables and views. GRANT privileges ON object TO users [WITH GRANT OPTIONS]  REVOKE command: intended to achieve the reverse, to withdraw the granted privilege from the user. REVOKE [GRANT OPTION FOR] privileges ON object FROM users {RESTRICT | CASCADE}

24 Several privileges:  SELECT : access all columns  INSERT (column-name): insert rows with values in the named column  DELETE: delete rows from the table  REFERENCES(column-name): define foreign keys(in other table) that refer to the specified column.

25 Suppose user Joe has created the tables Boats, Reserves, and Sailors: GRANT INSERT, DELETE ON Reserves TO Bob WITH GRANT OPTION ---- Bob can insert or delete Reserves rows and can authorize other people to do the same. GRANT SELECT ON Reserves TO Michael GRANT SELECT ON Sailors TO Michael WITH GRANT OPTION

26 With the SELECT privilege, Michael can: CREATE VIEW ActiveSailors(name,age,day) As SELECT S.sname, S.age, R.day FROM Sailors S, Reserves R WHERE S.sname=R.sname AND S.rating > 6 But, he cannot grant SELECT on ActiveSailors to others.

27 How about this one: CREATE VIEW YoungSailors (sid, age, rating) AS SELECT S.sid, S.age, S.rating From Sailors S WHERE S.age < 18 Here he can pass on the SELECT privilege on YoungSailors to others. Eg. GRANT SELECT ON YoungSailors TO ERIC

28  GRANT UPDATE (rating) ON Sailors TO Rose Rose can update only the rating column of Sailors rows. For example: UPDATE Sailors S SET S.rating= 8; she can execute this command, which sets all ratings to 8. However, she is not allowed to execute SET S.age = 25, because she is not allowed to update the age field.

29 UPDATE Sailors S SET S.rating = S.rating-1 Can she execute this command? NO! Because it requires the SELECT privilege on the S.rating column and Rose does not have this privilege!

30 GRANT FEFERENCES (bid) ON Boats TO Bill Bill can refer to the bid column of Boats as a foreign key in another table. For example, Bill can create the Reserves table through the following command: CREATE TABLE Reserves (sname CHAR(10) NOT NULL, bid INTEGER, day DATE, PRIMARY KEY (sname), UNIQUE (sname), FOREIGN KEY (bid) REFERENCES Boats) If Bill did not have the REFERENCES privilege on the bid column of Boats, he cannot execute this CREATE statement because the FOREIGN KEY clause requires this privilege.

31 Specifying just the INSERT privilege in a GRANT command is not the same as specifying SELECT (column- name) for each column currently in the table. GRANT INSERT ON Sailors TO Michael Michael has the INSERT privilege with respect to a newly added column. GRANT INSERT ON Sailors(sid), Sailors(sname), Sailors(rating), Sailors(age), TO Michael Michael would not have the INSERT privilege on the new column.

32 REVOKE:  Is a complementary command to GRANT that allows the withdrawal of privileges. REVOKE [ GRANT OPTION FOR ] privileges ON object FROM users { RESTRICT | CASCADE }

33 Some examples on REVOKE Consider what happens after the following sequence of commands, where Joe is the creator of Sailors: GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art) REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe)

34  Bob’s privilege is said to be abandoned when the privilege that he was derived from is revoked.  When the CASCADE keyword is specified, all the abandoned privileges are also revoked.  If the RESTRICT keyword is specified in the REVOKE command, the command is rejected if revoking the privileges would result other privileges becoming abandoned. CASCADE AND RESTRICT

35 GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art) REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe) Here Art will lose the SELECT privilege on Sailors. Bob received this privilege from Art, but he also received it independently from Joe. Thus Bob retains this privilege.

36 GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe) Although Joe granted the same privilege to Art several times, he can revoke it with a single REVOKE command.

37 GRANT SELECT ON Sailors To Art WITH GRANT OPTION (executed by Joe) REVOKE GRANT OPTION FOR SELECT ON Sailors FROM Art CASCADE (executed by Joe) This command would leave Art with the SELECT privilege on Sailors, but Art wont’ have the grant option and can ‘t pass it to others.

38 system Joe Cal Bob Art GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art) GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Bob) GRANT SELECT ON Sailors TO Cal WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Cal) REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe)

39 Grant and Revoke on Views and Integrity Constraints

40 Important points:  A view may be dropped because a SELECT privilege is revoked from the user who created the view.  If the creator of a view gains additional privileges on the underlying tables, he or she automatically gains additional privileges on the view.  The distinction between the REFERENCES and SELECT privileges is important.

41 Mandatory Access Control

42 Mandatory access control  It is based on system wide policies that can not be changed by individual users  In this approach each database object is assigned a security class, each user is assigned clearance for a security class, and rules are imposed on reading and writing of database object by users

43  Mandatory Access Control: –Discretionary access control is susceptible to Trojan horse Schemes whereby a devious unauthorized user can trick an authorized user into disclosing sensitive data –Mandatory access control aims at the loopholes in discretionary access control

44 Role of Database Administrator (DBA) Responsible for the overall security of the system ! Why?  DBA is the owner of data  DBA contributes to developing a security policy  DBA has a special account called system account

45 The DBA deals with…  Creating a new accounts –Each new user or group of users must be assigned an authorization id and a password –Application programs that access the database have the same authorization id as the user executing the program  Mandatory control issues –Assign security classes to each database object and assign security clearance to each authorization

Download ppt "Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM."

Similar presentations

MSc IT UFCE8K-15-M Data Management Prakash Chatterjee Room 2Q18

MSc IT UFCE8K-15-M Data Management Prakash Chatterjee Room 2Q18
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.

Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.
Database Management Systems, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.

Database Management Systems, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
SQL Lecture 10 Inst: Haya Sammaneh. Example Instance of Students Relation  Cardinality = 3, degree = 5, all rows distinct.

SQL Lecture 10 Inst: Haya Sammaneh. Example Instance of Students Relation  Cardinality = 3, degree = 5, all rows distinct.
Introduction to Database Systems 1 SQL: The Query Language Relation Model : Topic 4.

Introduction to Database Systems 1 SQL: The Query Language Relation Model : Topic 4.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Management System

Database Management System
Cs3431 Constraints Sections 6.1 – 6.5. cs3431 Example CREATE TABLE Student ( sNum int, sName varchar (20), prof int, CONSTRAINT pk PRIMARY KEY (snum),

Cs3431 Constraints Sections 6.1 – 6.5. cs3431 Example CREATE TABLE Student ( sNum int, sName varchar (20), prof int, CONSTRAINT pk PRIMARY KEY (snum),
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
1 Relational Model. 2 Relational Database: Definitions  Relational database: a set of relations  Relation: made up of 2 parts: – Instance : a table,

1 Relational Model. 2 Relational Database: Definitions  Relational database: a set of relations  Relation: made up of 2 parts: – Instance : a table,
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’

A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.

A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.

Similar presentations

Ads by Google