2 Database security and Authorization Introduction to security issuesMechanisms used to grant and revoke privilege in relational database in SQLAn overview of the mechanisms for enforcing multiple levels of securityBriefly discusses the security problem in statistical databaseIntroduces flow control and mentions problems associated with convert channels.A brief summary of encryption and public key infrastructure schemes.Summaries the chapter
4 Introduction to Database Security Issues Types of SecurityLegal and ethical issues regarding the right to access certain information. In US there are many laws governing privacy of information.Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical recordsSystem-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels.The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.
5 Threats to DatabaseThreats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially.Loss of integrityLoss of availabilityLoss of confidentially
6 Loss of integrityIntegrity refer to requirement that information be protected from improper modification.Modification of data includesCreationInsertionModificationDeletionChange the status of dataIntegrity is lost if unauthorized changes are make to the data by either intentional or accidental acts.If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision
7 Loss of availabilityDatabase availability refers to making objects available to human user or a program to which they have a legitimate right
8 Loss of confidentially Database confidentially refers to the protection of data from unauthorized disclosure.The impact range fromViolent of data privacy act to the damage of national securityUnauthorized could result in loss of public confidence, embarrassment, or legal action against the organization.
9 How to protect database To protect database against these types of 4 kinds of countermeasures can be implemented:Access controlInference controlFlow controlEncryption
10 Database security mechanisms Discretionary security mechanismsGrant privilege to users, includes the capability to access specific data files, records, or fields in a specified mode (insert, read, delete, update)Mandatory security mechanismsClassifying the data and users into various security classesImplementing the appropriate security policy of the organizationExamplePolicy to permit users at a certain classification level to see only the data item classified at the user’s own (or lower) classification level.Role-based security
11 Database security and the DBA DBA has a DBA account in the DBMSCalled “system” or “superuser” accountProvide powerful capabilities that are not available for regular database accounts and users.DBA privilege commands include commandsfor granting and revoking privilege to individual accounts, users or user groupsFor performing the followingsAccount creationPrivilege grantingPrivilege revocationSecurity level assignmentDBA response for the overall security of the database system.
12 Access Protection, User accounts, and Database Audits Person need to access databaseDBA create user account and passwordThe user login to the DBMS by enter user account and passwordThe DBMS checks that the account and password validIf the user is permitted to use the DBMS to access the databaseDBMS keep track of database users and their accounts and passwords by creating and encrypted table of file with the two fields Account and Password. This table was maintained by the DBMS.When create new user, the data will insert into this tableWhen account is canceled, the corresponding record must be delete from the table
13 Keep track of operation BDMS keep track of operations on the databaseCreate login session when user log inKeep track of sequence of database interactions from the time of logging in to the time of logging outWhen user log in, the DBMS record the user’s account and associate it with the terminal from with the terminal from which the user logged onAll operations applied from that terminal are attributed to the user’s account until the log offKeep track of the update operationIf the database is tampered with, the DBA can find out which user did the tampering
14 System log Keep track of operations on system log System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash.If have any tampering with database, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period.When illegal or unauthorized is found, the DBA can determine the account userDatabase audits is important for sensitive databases that are updated by many transactions and users. Audit trail is a database log that used mainly for security purposes.
15 Discretionary Access control Based on Granting and Revoking Privilege Type of Discretionary PrivilegeAccount level: the DBA specifies the particular privilege that each account holds independently of the relations in the databaseRelation level: the DBA/owner can control the privileges to access each individual relation or view in the database
18 SQL SELECT privilege on R: MODIFY privileges on R: REFERENCES privileges on R:**Remark: create view, the account must have select privilege on all relations in invoked in view definition.
19 Specifying Privilege using VIEW Important method to limiting users to manipulate dataIf user A want user B to be able to retrieve only some field of relation R (create by A)Then A can a view V of R that includes only some attributesAnd then grant SELECT on V to B
20 Grant privilegeGrant operation on Table/View to User with grant optionExampleGRANT select ON emp to tori;GRANT select ON empcom to nok with grant option;GRANT update on emp (salary) to tori;GRANT all on emp to nok with grant option;
21 example Tori : Grant select on student to Hana; Hana: Select * from Tori.student;Tori : Grant select, update on student to kawa with grant option;Kawa: Grant select on student to Nara with grant option;Question: Can Nara grant her privilege to others?If No, why?If yes, what privilege nara can grant to other users?
22 Syntax for create view by SQL (oracle) CREATE VIEW View_name AS SELECT col1,col2,…,colnFROM table1,…,tablen WHERE condition;EXAMPLEDEPT (DEPTNO, DNAME, LOC)EMP (EMPNO, ENAME, JOB, MGR, SAL, COMM, DEPTNO)CREATE VIEW EMPCOMAS Select Empno , Ename, Sal, Comm, E.DeptNo, DnameFROM EMP E, DEPT DWHERE E.DeptNo = D.DeptNo and Comm > 0;EMPCOMEMPCOM (Empno , Ename, Sal, Comm, DeptNo, Dname)
23 Revoking Privileges Purpose for canceling privileges REVOKE operation on table/view/object from USERExampleREVOKE select on EMP from tori;REVOKE select on EMPCOM from tori;
24 Propagation of Privileges using the Grant Option User A create table R (A is owner of R)GRANTUser A grants Privilege on R to User B with grant option (mean B can also grant that privilege on R to other accounts).User B give grant privilege to User C with grant optionThis mean privilege on R can propagate to other accounts without the knowledge of the owner of RREVOKEIf A revoke privilege on R from B.All privilege that B propagated should automatically be revoked by the system.User receive a certain privilege from two or more sources.A2 and A3 give certain UPDATE privilege on R To A4IF A2 revokes the privilege from A4A4 will still continue to have to privilege by virtual grant from A2IF A3 revokes the privilege, the A4 totally lose the privilege on Rการแพร่กระจายของสิทธิในการใช้งาน
25 Role-based Access control (RBAC) RBAC emerged rapidly in 1990sA proven technology for managing and enforcing security in large scale enterprisewide system.
26 ExampleORACLESystem level role provide by oracle has 3 roles: CONNECT, RESOURCE, and DBACreate RoleCreate role role_name not identifiedCreate role role_name identified by passwordExampleCREATE role APPL_ROLE not identifiedGRANT connect to APPL_ROLEGRANT resource to APPL_ROLEGRANT select on student to APPL_ROLEGRANT select, update on student to APPL_ROLEGRANT APPL_ROLE to TORIREVOKE update on student from APPL_ROLEConnect give privileges creating sessions in the database. This role gives the following system privilege to user: Alter session, create synonym, create table, create view. But user can not create table on table space unless you grant them a quota on a tablespace.RESOURCE role has the following system privileges: create cluster, index, procedure, sequence, table, trigger,DBA is grant with grant optionCREATE