Security

1
Chapter 18

• Security
• Transparencies

2
Chapter 18 - Objectives

• Scope of database security.
• Why database security is a serious concern for an
  organization.
• Type of threats that can affect a database
  system.
• How to protect a computer system using
  computer-based controls.
• Security measures provided by Microsoft Access
  and Oracle DBMSs.
• Approaches for securing a DBMS on the Web.

3
Database Security

• Data is a valuable resource that must be strictly
  controlled and managed, as with any corporate
  resource.
• Part or all of the corporate data may have
  strategic importance and therefore needs to be
  kept secure and confidential.

4
Database Security

• Mechanisms that protect the database against
  intentional or accidental threats.
• Security considerations do not only apply to the
  data held in a database. Breaches of security may
  affect other parts of the system, which may in
  turn affect the database.

5
Database Security

• Involves measures to avoid
• Theft and fraud
• Loss of confidentiality (secrecy)
• Loss of privacy
• Loss of integrity
• Loss of availability

6
Database Security

• Threat
• Any situation or event, whether intentional or
  unintentional, that will adversely affect a
  system and consequently an organization.

7
Summary of Threats to Computer Systems
8
Typical Multi-User Computer Environment
9
Countermeasures Computer-Based Controls

• Concerned with physical controls to
  administrative procedures and includes
• Authorization
• Views
• Backup and recovery
• Integrity
• Encryption
• RAID technology

10
Countermeasures Computer-Based Controls

• Authorization
• The granting of a right or privilege, which
  enables a subject to legitimately have access to
  a system or a systems object.
• Authentication
• A mechanism that determines whether a user is who
  he or she claims to be.

11
Countermeasures Computer-Based Controls

• View
• Dynamic result of one or more relational
  operations operating on the base relations to
  produce another relation.
• A virtual relation that does not actually exist
  in the database, but is produced upon request by
  a particular user, at the time of request.

12
Countermeasures Computer-Based Controls

• Backup
• Process of periodically taking a copy of the
  database and log file (and possibly programs) to
  offline storage media.
• Journaling
• Process of keeping and maintaining a log file (or
  journal) of all changes made to database to
  enable effective recovery in event of failure.

13
Countermeasures Computer-Based Controls

• Integrity
• Prevents data from becoming invalid, and hence
  giving misleading or incorrect results.
• Encryption
• The encoding of the data by a special algorithm
  that renders the data unreadable by any program
  without the decryption key.

14
RAID (Redundant Array of Independent Disks)
Technology

• Hardware that the DBMS is running on must be
  fault-tolerant, meaning that the DBMS should
  continue to operate even if one of the hardware
  components fails.
• Suggests having redundant components that can be
  seamlessly integrated into the working system
  whenever there is one or more component failures.

15
RAID Technology

• Main hardware components that should be
  fault-tolerant include disk drives, disk
  controllers, CPU, power supplies, cooling fans.
• Disk drives are most vulnerable components with
  shortest times between failure of any of the
  hardware components.

16
RAID Technology

• One solution is to provide a large disk array
  comprising an arrangement of several independent
  disks organized to improve reliability and
  increase performance.

17
RAID Technology

• Performance is increased through data striping
  the data is segmented into equal-size partitions
  (the striping unit), which are transparently
  distributed across multiple disks.
• Reliability is improved through storing redundant
  information across the disks using a parity
  scheme or an error-correcting scheme.

18
Security in Microsoft Access DBMS

• Provides two methods for securing a database
• setting a password for opening a database (system
  security)
• user-level security, which can be used to limit
  the parts of the database that a user can read or
  update (data security).

19
Securing the DreamHome Database Using a Password
20
User and Group Accounts Dialog Box for the
DreamHome Database
21
User and Group Permissions Dialog Box
22
Creation of a New User with Password
Authentication Set
23
Log on Dialog Box
24
Setting the Permissions
25
DBMSs and Web Security

• Internet communication relies on TCP/IP as the
  underlying protocol.
• However, TCP/IP and HTTP were not designed with
  security in mind. Without special software, all
  Internet traffic travels in the clear and
  anyone who monitors traffic can read it.

26
DBMSs and Web Security

• Must ensure while transmitting information over
  the Internet that
• inaccessible to anyone but sender and receiver
  (privacy)
• not changed during transmission (integrity)
• receiver can be sure it came from sender
  (authenticity)
• sender can be sure receiver is genuine
  (non-fabrication)
• sender cannot deny he or she sent it
  (non-repudiation).
• Must also protect information once it has reached
  Web server.

27
DBMSs and Web Security

• Download may have executable content, which can
  perform following malicious actions
• Corrupt data or execution state of programs.
• Reformat complete disks.
• Perform a total system shutdown.
• Collect and download confidential data.
• Usurp identity and impersonate user.
• Lock up resources.
• Cause non-fatal but unwelcome effects.

28
DBMSs and Web Security

• Measures include
• Proxy servers
• Firewalls
• Message digest algorithms and digital signatures
• Digital certificates
• Kerberos
• Secure sockets layer (SSL) and Secure HTTP
  (S-HTTP)
• Secure Electronic Transactions (SET) and Secure
  Transaction Technology (SST)
• Java security
• ActiveX security.

29
Proxy Servers

• Proxy server is computer that sits between
  browser and Web server.
• It intercepts all requests to Web server to try
  to fulfil requests itself.
• Has two main purposes
• improve performance
• filter requests.

30
Firewalls

• Designed to prevent unauthorized access to/from a
  private network.
• Can be implemented in both hardware and software,
  or a combination of both.
• Several types of firewall techniques
• Packet filter.
• Application gateway.
• Circuit-level gateway.
• Proxy server.

31
Message Digest Algorithms

• Message digest algorithm takes an arbitrary-sized
  string (message) and generates fixed-length
  string (digest or hash).
• A digest has following characteristics
• Should be computationally infeasible to find
  another message that will generate same digest.
• Digest does not reveal anything about message.

32
Digital Signatures

• Digital signature consists of two parts
• string of bits computed from data being signed
  
• private key of individual or organization wishing
  the signature.
• Can be used to verify data comes from this
  individual or organization.

33
Digital Signatures

• Digital signature has many useful properties
• Authenticity can be verified, using public key.
• Cannot be forged (assuming private key is kept
  secret).
• Function of data signed and cannot be claimed to
  be signature for any other data.
• Signed data cannot be changed or signature will
  no longer verify data as being authentic.

34
Digital Certificates

• Attachment to electronic message used for
  security purposes (e.g. verify user sending
  message), and provide receiver with means to
  encode reply.
• Sender applies for certificate from Certificate
  Authority (CA).
• CA issues encrypted certificate containing
  applicants public key and other identification
  information.

35
Digital Certificates

• CA makes its own public key readily available.
• Recipient uses CAs public key to decode
  certificate attached to message, verifies it as
  issued by CA, and obtains senders public key and
  identification information held within
  certificate.
• With this information, recipient can send an
  encrypted reply.
• CAs role is critical, acting as go-between in
  relationship between two parties.

36
Kerberos

• A server of secured user names and passwords.
• Provides one centralized security server for all
  data and resources on network.
• Database access, login, authorization control,
  and other security features are centralized on
  trusted Kerberos servers.
• Has similar function to that of Certificate
  server to identify and validate a user.

37
Secure Sockets Layer (SSL)

• Encryption protocol for transmitting private
  documents.
• Designed to prevent eavesdropping, tampering, and
  message forgery.
• Works by using private key to encrypt data that
  is transferred over SSL connection.
• Layered between application-level protocols such
  as HTTP and TCP/IP transport-level protocol.
• Thus, may be used for other application-level
  protocols such as FTP and NNTP.

38
Secure-HTTP (S-HTTP)

• Protocol for securely transmitting individual
  messages over Web.
• Both SSL and S-HTTP use techniques such as
  encryption, and digital signatures, and
• allow browsers and servers to authenticate each
  other
• allow controlled access to Web site
• ensure data exchanged between browser and server
  is secure and reliable.

39
Secure Electronic Transactions (SET)

• Open, interoperable standard for processing
  credit card transactions over Internet, in simple
  and secure way.
• Transaction is split in such a way that merchant
  has access to information about
• what is being purchased,
• how much it costs,
• whether payment is approved,
• but no information on what payment method
  customer is using.

40
Secure Electronic Transactions (SET)

• Card issuer (e.g. Visa) has access to purchase
  price, but no information on type of merchandise
  involved.
• Certificates are heavily used by SET, both for
  certifying cardholder and for certifying that
  merchant has relationship with financial
  institution.

41
How SET Works
42
Secure Transaction Technology (SST)

• Protocol designed to handle secure bank payments
  over Internet.
• Uses DES encryption of information, RSA
  encryption of bankcard information, and strong
  authentication of all parties involved in
  transaction.

43
Java Security

• Sandbox ensures untrusted application cannot gain
  access to system resources.
• Involves three components
• class loader
• bytecode verifier
• security manager.
• Safety features provided by language and JVM, and
  enforced by compiler and runtime system.
• Security is a policy built on top of safety layer.

44
Class Loader

• Allocates (hierarchically structured) namespace
  for each class.
• Never allows class from less protected
  namespace to replace class from more protected
  namespace.
• Thus, I/O primitives, defined in local Java
  class, cannot be invoked or overridden by classes
  from out with local machine.
• As browsers and Java applications can provide
  their own class loader, this may be viewed as
  weakness in security.

45
Bytecode Verifier

• JVM verifies bytecode instructions before
  allowing application/applet to run.
• Typical checks include verifying
• Compiled code is correctly formatted.
• Internal stacks will not overflow/underflow.
• No illegal data conversions will occur.
• Bytecode instructions are appropriately typed.
• All class member accesses are valid.

46
Security Manager

• Each Java application defines and implements its
  own security policy.
• A Java-enabled browser contains its own Security
  Manager, and any applets it downloads are subject
  to its policies.
• Generally, downloaded applets are prevented from
• Reading and writing files on clients file
  system.
• Making network connections to machines other than
  host.
• Starting other programs on the client.

47
Security Manager

• Loading libraries.
• Defining method calls.
• These restrictions apply to applets downloaded
  over Internet/intranet.
• Also do not apply to applets on clients local
  disk and in directory on CLASSPATH.
• Local applets are loaded by file system loader
  and can read and write files, exit JVM, and are
  not passed through bytecode verifier.

48
ActiveX Security

• ActiveX security model places no restrictions on
  what a control can do.
• Instead, each ActiveX control can be digitally
  signed by its author using system called
  Authenticode.
• Digital signatures are then certified by CA.
• This security model places responsibility for the
  computers security on the user.