1 / 26

Security and Integrity

Security and Integrity. Database security and Authorization. Introduction to security issues Mechanisms used to grant and revoke privilege in relational database in SQL An overview of the mechanisms for enforcing multiple levels of security

jamuna
Télécharger la présentation

Security and Integrity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Integrity

  2. Database security and Authorization • Introduction to security issues • Mechanisms used to grant and revoke privilege in relational database in SQL • An overview of the mechanisms for enforcing multiple levels of security • Briefly discusses the security problem in statistical database • Introduces flow control and mentions problems associated with convert channels. • A brief summary of encryption and public key infrastructure schemes. • Summaries the chapter

  3. What is security?

  4. Introduction to Database Security Issues • Types of Security • Legal and ethical issues regarding the right to access certain information. In US there are many laws governing privacy of information. • Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical records • System-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels. • The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.

  5. Threats to Database • Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. • Loss of integrity • Loss of availability • Loss of confidentially

  6. Loss of integrity • Integrity refer to requirement that information be protected from improper modification. • Modification of data includes • Creation • Insertion • Modification • Deletion • Change the status of data • Integrity is lost if unauthorized changes are make to the data by either intentional or accidental acts. • If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision

  7. Loss of availability • Database availability refers to making objects available to human user or a program to which they have a legitimate right

  8. Loss of confidentially • Database confidentially refers to the protection of data from unauthorized disclosure. • The impact range from • Violent of data privacy act to the damage of national security • Unauthorized could result in loss of public confidence, embarrassment, or legal action against the organization.

  9. How to protect database • To protect database against these types of 4 kinds of countermeasures can be implemented: • Access control • Inference control • Flow control • Encryption

  10. Database security mechanisms • Discretionary security mechanisms • Grant privilege to users, includes the capability to access specific data files, records, or fields in a specified mode (insert, read, delete, update) • Mandatory security mechanisms • Classifying the data and users into various security classes • Implementing the appropriate security policy of the organization • Example • Policy to permit users at a certain classification level to see only the data item classified at the user’s own (or lower) classification level. • Role-based security

  11. Database security and the DBA • DBA has a DBA account in the DBMS • Called “system” or “superuser” account • Provide powerful capabilities that are not available for regular database accounts and users. • DBA privilege commands include commands • for granting and revoking privilege to individual accounts, users or user groups • For performing the followings • Account creation • Privilege granting • Privilege revocation • Security level assignment • DBA response for the overall security of the database system.

  12. Access Protection, User accounts, and Database Audits • Person need to access database • DBA create user account and password • The user login to the DBMS by enter user account and password • The DBMS checks that the account and password valid • If the user is permitted to use the DBMS to access the database • DBMS keep track of database users and their accounts and passwords by creating and encrypted table of file with the two fields Account and Password. This tablewas maintained by the DBMS. • When create new user, the data will insert into this table • When account is canceled, the corresponding record must be delete from the table

  13. Keep track of operation • BDMS keep track of operations on the database • Create login session when user log in • Keep track of sequence of database interactions from the time of logging in to the time of logging out • When user log in, the DBMS record the user’s account and associate it with the terminal from with the terminal from which the user logged on • All operations applied from that terminal are attributed to the user’s account until the log off • Keep track of the update operation • If the database is tampered with, the DBA can find out which user did the tampering

  14. System log • Keep track of operations on system log • System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash. • If have any tampering with database, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period. • When illegal or unauthorized is found, the DBA can determine the account user • Database audits is important for sensitive databases that are updated by many transactions and users. Audit trail is a database log that used mainly for security purposes.

  15. Discretionary Access control Based on Granting and Revoking Privilege • Type of Discretionary Privilege • Account level: the DBA specifies the particular privilege that each account holds independently of the relations in the database • Relation level: the DBA/owner can control the privileges to access each individual relation or view in the database

  16. Account level

  17. Relation level

  18. SQL • SELECT privilege on R: • MODIFY privileges on R: • REFERENCES privileges on R: • **Remark: create view, the account must have select privilege on all relations in invoked in view definition.

  19. Specifying Privilege using VIEW • Important method to limiting users to manipulate data • If user A want user B to be able to retrieve only some field of relation R (create by A) • Then A can a view V of R that includes only some attributes • And then grant SELECT on V to B

  20. Grant privilege • Grant operation on Table/View to User with grant option • Example • GRANT select ON emp to tori; • GRANT select ON empcom to nokwith grant option; • GRANT update on emp (salary) to tori; • GRANT all on emp to nok with grant option;

  21. example • Tori : Grant select on student to Hana; • Hana: Select * from Tori.student; • Tori : Grant select, update on student to kawa with grant option; • Kawa: Grant select on student to Nara with grant option; • Question: Can Nara grant her privilege to others? • If No, why? • If yes, what privilege nara can grant to other users?

  22. Syntax for create view by SQL (oracle) CREATE VIEW View_name AS SELECT col1,col2,…,coln FROM table1,…,tablenWHERE condition; EXAMPLE DEPT (DEPTNO, DNAME, LOC) EMP (EMPNO, ENAME, JOB, MGR, SAL, COMM, DEPTNO) CREATE VIEW EMPCOM AS Select Empno , Ename, Sal, Comm, E.DeptNo, Dname FROM EMP E, DEPT D WHERE E.DeptNo = D.DeptNo and Comm > 0; EMPCOM EMPCOM (Empno , Ename, Sal, Comm, DeptNo, Dname)

  23. Revoking Privileges • Purpose for canceling privileges • REVOKE operation on table/view/object from USER • Example • REVOKE select on EMP from tori; • REVOKE select on EMPCOM from tori;

  24. Propagation of Privileges using the Grant Option • User A create table R (A is owner of R) • GRANT • User A grants Privilege on R to User B with grant option (mean B can also grant that privilege on R to other accounts). • User B give grant privilege to User C with grant option • This mean privilege on R can propagate to other accounts without the knowledge of the owner of R • REVOKE • If A revoke privilege on R from B. • All privilege that B propagated should automatically be revoked by the system. • User receive a certain privilege from two or more sources. • A2 and A3 give certain UPDATE privilege on R To A4 • IF A2 revokes the privilege from A4 • A4 will still continue to have to privilege by virtual grant from A2 • IF A3 revokes the privilege, the A4 totally lose the privilege on R

  25. Role-based Access control (RBAC) • RBAC emerged rapidly in 1990s • A proven technology for managing and enforcing security in large scale enterprisewide system.

  26. Example • ORACLE • System level role provide by oracle has 3 roles: CONNECT, RESOURCE, and DBA • Create Role • Create role role_name not identified • Create role role_name identified by password • Example • CREATE role APPL_ROLE not identified • GRANT connect to APPL_ROLE • GRANT resource to APPL_ROLE • GRANT select on student to APPL_ROLE • GRANT select, update on student to APPL_ROLE • GRANT APPL_ROLE to TORI • REVOKE update on student from APPL_ROLE

More Related