Database Security:Concepts, Approaches and Challenges

ĐẠI HỌC BÁCH KHOA TP. HỒ CHÍ MINHKhoa khoa học máy tính

Group 20: Võ Văn Vinh : 7140843 Nguyễn Hoàng Tín : 7140260 Vũ Hoàng Việt : 7140266 Phạm Văn Vinh : 7140842

ContentsPart I : DB Security ConceptsPart II : DB Security Approaches Part III: DB Security ChallengesPart IV: Summary

2

DB Security Concepts Authentication:

Authentication is the process or act of confirming that a user who is Attempting to log in to a database, Authorized to log in to a database Examples:

A mobile phone performs authentication by asking for a PIN.

A computer authenticates a username by asking for the corresponding password

3

DB Security Concepts Authorization

Authorization is a process of defining : which users are allowed to access to

database what privileges(access to which views, tables,

attributes, how long…) of use in the database. Examples:

The students are not allowed to modify their Academic Records in the University webpage.

The students are allowed to view their Academic Records in a University webpage.

4

DB Security ConceptsDB Security Requirements- CIA Triad

5

Database Security Concepts Confidentiality(Secrecy)

Data Confidentiality : Data is not made available or disclosed to unauthorized individuals Examples: DB stores Payroll Information

=>Not release/modify the individual salaries to/by unauthorized users.

6

DB Security Concepts

Integrity Data Integrity : Data is changed only in a specified

and authorized manner Examples: A web site of airline Company =>customer’s

reservations are not modified arbitrarily.

Availability: Data Availability:

Data is available when needing to access. Prevention and recovery from making data be

unavailable(Ex … DDoS attacks) Examples: A web site of airline Company =>The

information on flight and reservations are always available.

7

DB Security Concepts

Introducing DB Security Approaches Authentication mechanism Cryptographic techniques Designed Features to detect, prevent, or recover from

a security attacks Recovery Subsystem & Concurrence Control Access Control Privacy-Preserving Techniques for Database(New) Privacy-Preserving Data mining(New) Privacy-Preserving Information Retrieval(New)

8

DB Security Concepts What is Access Control ?

 A process by which users are granted access and certain privileges to systems, resources or information.

Why using Access Control ? Whenever a user tries to access to a data object,

Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures Data Confidentiality.

Whenever a user tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity

9

DB Security Approaches

Part II: DB Security Approaches

-Access ControlPart : Discretionary Access Control(DAC)

Part : Mandatory Access Control (MAC)

-Privacy-Preserving Data TechniquesPart : Privacy-Preserving Data Techniques

10

1II

2II

3II

DB Security Concepts What is Access Control ?

Control of rules determined by security policies for all direct accesses to the system

Why using Access Control ? Whenever a subject tries to access to a data object,

Access Control checks the rights of the user against the set of authorization which states whether the subject can perform a particular action on the data object=>Access Control ensures the Data Confidentiality.

Whenever a subject tries to modify some data, Access Control verifies the user have the right to modify the data=>Access Control assures the Data Integrity

11

DB Security Approaches

There are two Access Control Models: Discretionary Access Control(DAC) Mandatory Access Control(MAC)

12

Part II : DB Security Approaches

PART

Discretionary Access Control(DAC)

13

1II

Introduction to DAC

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong => Discretionary access control (DAC) is a type of access control

defined

Discretionary Access Control (DAC)

owner object

Specifies Users/ groups who can access

There are two levels for assigning privileges to use the database system

The account/system level: The administrator / DBA specifies the particular

privileges that each account holds independently of the objects in the

database system.

The object level / relation (or table) level: The administrator can control the

privilege to access each individual object in the database system

Introduction to DAC

The account/system level privileges (example) CREATE SCHEMA CREATE TABLE CREATE VIEW ALTER DROP MODIFY SELECT

Introduction to DAC

The relation/object level privileges Data objects: relation or view Includes:

INSERT UPDATE DELETE REFERENCE

SQL for Data Control

Commands:• GRANT• REVOKE

Based on three central objects:• Users• Database objects• Privileges: select, modify (insert, update, delete),

reference

SQL for Data Control

GRANT: pass privileges on their own database objects to other users

GRANT <privilege list>

ON <database objects>

TO <user list> REVOKE: take back (cancel) privileges on

their own database objects from other users

REVOKE <privilege list>

ON <database objects>

FROM <user list>

An Example

Suppose that the DBA creates four accounts A1, A2, A3, A4 and wants only A1 to be able to create base relations. Then the DBA must issue the following GRANT command in SQL

GRANT CREATETAB TO A1;

An Example(2)

User account A1 can create tables under the schema called EXAMPLE.

Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT A1 is then owner of these two relations and hence all

the relation privileges on each of them.

An Example(2)

Suppose that A1 wants to grant A2 the privilege to insert and delete tuples in both of these relations, but A1 does not want A2 to be able to propagate these privileges to additional accounts:

GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;

An Example(2) - Notice

Owner account A1 automatically has the GRANT OPTION, allowing it to grant privileges on the relation to other accounts

However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command.

Suppose that A1 wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts. A1 can issue the following command:

GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION;

An Example(2)

Now, A3 can grant the SELECT privilege on the EMPLOYEE relation to A4 by issuing the following command:

GRANT SELECT ON EMPLOYEE TO A4;

Notice that A4 cannot propagate the SELECT privilege to other accounts because the GRANT OPTION was not given to A4.

An Example(2)

Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command:

REVOKE SELECT ON EMPLOYEE FROM A3;

The DBMS must now revoke the SELECT privilege on EMPLOYEE from A3, and it must also automatically revoke the SELECT privilege on EMPLOYEE from A4. This is because A3 granted that privilege to A4, but A3 does not have the privilege anymore.

An Example(3)

Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege.

The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view:

CREATE VIEW A3EMPLOYEE AS

SELECT Name, Bdate, Address

FROM EMPLOYEE

WHERE Dno = 5;

GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION

Role Based Access Control (RBAC)

Hierarchies RBAC

Constrained RBAC

Add a requirement for enforcing separation of duty (SOD) Static SOD – SSD (based on user-role

assignment) Impose restriction on role intersections: 2

roles can not have common users Dynamic SOD – DSD (based on role

activation) Restrict the activation of roles at run time

RBAC in commercial DBMS

INFORMIX Online Dynamic Server Version 7.2

Sybase Adaptive Server release 11.5

Oracle Enterprise Server Version 8.0

Mandatory Access Control (MAC)

Based on multilevel security (MLS) Top Secret > Secret > Confidential > Unclassified

Subject has security clearance of a given level Object has security classification of a given level Two required properties for confidentiality (Bell-

LaPadula) No read up (simple security property)

Class(S) >= Class(0) No write down (star property)

Class(S) <= Class(0)

Part II: Database Security

PART

Mandatory Access Control(MAC)

33

2II

Mandatory Access Control (MAC)

Polyinstantiation

Mandatory Access Control (MAC)

Pros Ensure a high degree of protection, prevent

any illegal flow of information. Suitable for military and high security types of

applications. Cons:

Require strict classification of subjects and objects

Applicable to few environments.

Part II : Database Security Approaches

PART

Privacy-Preserving Data Techniques

36

3II

Privacy-Preserving Data Techniques

Why needing Privacy-Preserving Data Techniques ? Importance of data representation Increasing number of data set including

Individual Data Data availability causes the serious

threats for the privacy of Individuals and Organizations

37

Privacy-Preserving Data Techniques

Modifying the released data by removing items related to Individuals(data anonymity). Problems : The remaining data can be linked with

others infos, so people can recover the privacy data Solutions : Generalizations Techniques (Relations to

Fuzzy Concepts)

38

Privacy-Preserving Data Techniques

Privacy-Preservation Data in Data Mining Context Causes: Data mining techniques may recover

the removed information All approaches are based on modifying or

perturbing data Developments are based Commutative

Encrypted Techniques

39

Privacy-Preserving Data Techniques

Hippocratic Databases Incorporating privacy protection in relational

database system. Privacy policies stored in privacy-policy

tables Privacy authorization stored in privacy-

authorization tables Privacy authorization defines authorized

users

40

PART III

Database Security CHALLENGES

41

Database Security Challenges

Data quality & Completeness Data quality : A perception or an

assessment of data's fitness to serve its purpose in a given context. 

Data Completeness : Data is not modified comparing with the original

Database Security Challenges Data quality & Completeness

Is data complete and of acceptable quality ? Is data from Web is relyable ? How to assess and attest the quality of data ?

Techniques and organizational solutions Quality stamps Providing more effective integrity verification Tools for assessment of data quality Application-level recovery

Database Security Challenges

Intellectual Property Rights(IPR) Who create data Can be illegal if using this data

Techniques Watermaking techniques for relational data are

used to detect IPR violations

Database Security Challenges Database Survivability

Confinement : Actions to eliminate the attacker’s access

Damage assessment: Determine the problem including failed function and corrupted data

Reconfiguration : Run in safe-mode while recovery

Repair:Recover data, reinstall failed system Fault treatment:Identify the weakness and

prevent the recurrence of the faults

Database Security Challenges Access control and privacy for mobile

users Mobile is popular and larger variety device

available Computing power and sensor in environment User with continuous online activities Personal information and become impotant key Need efficient storage, potable access rights

Database Security Challenges Techniques for mobile users

Access control mechanisms + standar for id manage

Trust negotiation Processing techniques for continuous queries

PART III

Summary

48

Summary DB Security Concepts

Confidentialilty, Integrity and Avalaiblity Database Sercurity Approaches

Access Control Privacy-Preserving Data Techniques

Database Security Challenges Data quality and Completeness Access Control and Pravicy for Mobile users Intellectual Property Right Database survivability

50

References

[1] Database security-concepts, approaches, and challenges(2005)

[2] Ramez Elmasri and Shamkant B. Navathe Fundamentals of Database Systems”, 6th Edition (2010)

THANK YOU !

51

Questions1. Why is the access control of information systems necessary?

A For the preservation of their authenticity, confidentiality, integrity and availability.

B For the preservation of their integrity and availability.

C For the preservation of their confidentiality and integrity.

D For the preservation of their authenticity, confidentiality and availability.

2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?

A MAC (Mandatory Access Control)

B RBAC (Role Based Access Control)

C DAC (Discretionary Access Control)

D None of the above.

52

Answers1. Why is the access control of information systems necessary?

A For the preservation of their authenticity, confidentiality, integrity and availability.

B For the preservation of their integrity and availability.

C For the preservation of their confidentiality, integrity.

D For the preservation of their authenticity, confidentiality and availability.

2. Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?

A MAC (Mandatory Access Control)

B RBAC (Role Based Access Control)

C DAC (Discretionary Access Control)

D None of the above.

53