csc 240 (blum)1 database security based on chapter 18 in database systems, connolly and begg
TRANSCRIPT
CSC 240 (Blum) 1
Database Security
Based on Chapter 18 in Database Systems, Connolly
and Begg
CSC 240 (Blum) 2
Database As Asset
The collection, organization and maintenance of data can be a difficult, time-consuming task.
Thus, the information contained in a company’s database should be viewed as one of its assets.
Thus the database needs to be protected as much as any other asset (if not more than other assets).
CSC 240 (Blum) 3
Security Policy
Information must be seen as part of a company’s assets and thus worth securing.
On the other hand, if the information is not accessible to an appropriate set of people, it is worthless.
Thus security and accessibility must be balanced. There is no ideal blend that is right for all companies.
An important step toward securing a network is to develop a security policy.
CSC 240 (Blum) 4
Security policy
A security policy is a written document stating how a company intends to protect its information.
While written, it must be flexible so it can adapt to changes in technology and so forth.
A security policy might include A description of who has access to what information
and for what use. A description of security measurements and penalties
for the violation thereof. An evaluation procedure. A policy for educating users.
CSC 240 (Blum) 5
Security Aspects Some aspects of data security to address are
Integrity: the data should be protected from corruption (accidental or intentional).
Availability: the data should be readily accessible by designated users.
Confidentiality: the company’s data should not be accessible by undesignated users.
Privacy: in some situations it is the user’s data that requires protecting.
Theft and Fraud: taking the information itself may be seen as theft or altering the data may be a mechanism for theft
CSC 240 (Blum) 6
Threat Assessment
One should examine the database and the way it is used, looking for threats to the databases.
Threats are problems that might occur. Threats may be intentional, for example,
hackers. Threats may be accidental, for example,
server going down.
CSC 240 (Blum) 7
Threat Examples Using another person’s means of access Unauthorized amendment or copying of data Program alteration Inadequate policies and procedures that allow
a mix of confidential and normal output Wire tapping Illegal entry by hacker Blackmail Creating ‘trapdoor’ into system Theft of data, programs and equipment Failure of security mechanisms, giving greater
access than normal
CSC 240 (Blum) 8
Threat Examples (Cont.) Staff shortages or strikes Inadequate staff training Viewing and disclosing unauthorized data Electronic interference and radiation Data corruption owing to power loss or surge Fire (electrical fault, lightning strike, arson),
flood, bomb Physical damage to equipment Breaking cables or disconnection of cables Introduction of viruses
CSC 240 (Blum) 9
Threat Examples Diagram
CSC 240 (Blum) 10
Countermeasures
Countermeasures are actions taken to prevent, oppose or retaliate for some specific action.
Securing a database and the network it is on involves implementing countermeasures for the threats posed.
CSC 240 (Blum) 11
Countermeasure Diagram
CSC 240 (Blum) 12
Authorization Authorization: what a user (or
application) is allowed to do, i.e. what privileges he has.
Database actions: SELECT: can query data UPDATE: can change data INSERT: can add new data DELETE: can eliminate data
CSC 240 (Blum) 13
Encoding Privileges These privileges are assigned a bit in a
code SELECT: 0001 UPDATE: 0010 INSERT: 0100 DELETE: 1000
The privileges can be assigned to a user field by field. E.g. a given user may be permitted to insert a
new employee record and update most of the employee fields but may not be permitted to update or even select (query) the salary field.
CSC 240 (Blum) 14
Authentication
Authorization is meaningless without authentication.
Authentication: the attempt to determine that a user is who he or she claims to be so the correct privileges can be granted. Typically done using passwords, but may
also involve biometric devices or possessed objects.
CSC 240 (Blum) 15
Views (Subschemas)
A view is a like a table in which only the data a user is allowed to see has been projected and/or selected out. The chair can view some of the data fields
(projection) on members of her department (selection)
Views are generated dynamically from the tables involved.
CSC 240 (Blum) 16
Backups
A backup is a copy of a file or files, in our case database files. It is to be used if the original becomes damaged in some way. The database should be restored to a
“consistent state.” A backup should be made on a separate
medium (disk or tape) and preferably stored at a separate location.
CSC 240 (Blum) 17
Data vaulting
Data vaulting (a.k.a. remote backup service RBS) is the sending of data off premises so that it is protected from threats, such as hardware failure, theft, etc.
There are companies that provide this service. They compress, encrypt, and periodically backup, move the customer's data and store it at their location.
These companies should have good security and reliable equipment.
Cloud Computing
Many companies are currently coming to grips with the notion of “cloud computing”.
Certain services, including aspects of maintaining a company’s database, can be handled by another company with access to the data and/or computer power provided over the network on an “as needed” basis.
One of the big issues is security. What does it mean for someone else to have your company’s data? Perhaps they are better at securing it than your company could be. ??
CSC 240 (Blum) 18
CSC 240 (Blum) 19
Log Files
A log file is a record of the transactions performed on a database.
There may have been transactions on the database since it was last backed up. The log file can be used to used to update the backup database to a more recent state.
The keeping of a log file is also known as journaling.
CSC 240 (Blum) 20
Cryptography
One way to secure data, be it in storage or in transit, is encryption.
Encryption coverts information in its usual readable form (called plaintext) to information in an encoded, unreadable form (called cyphertext).
PGP (Pretty Good Privacy) program: a good encrypter that works with most email systems
CSC 240 (Blum) 21
Encryption The data is stored or transmitted in binary
(numerical) form. To encrypt data one applies some
mathematical operation to it. The mathematical operation should have an
inverse so that one can recover the original data (decrypt the message). Reversible encoding
The mathematical operation often has a parameter (known as a key in encryption) which specifies the precise operation within a family of operations.
CSC 240 (Blum) 22
Caesar Shift Example
The Caesar shift is an early form of encryption.
The mathematical operation is addition. The key (parameter) is the amount added,
e.g. 3 CAT FDW (ASCII for C + 3 is ASCII for F) The inverse operation is subtraction which
uses the same key. FDW CAT (ASCII for F - 3 is ASCII for C)
CSC 240 (Blum) 23
Symmetric vs Asymmetric encryption
Caesar shift is an example of a symmetric encryption, that is one is which the encoding and decoding operations are essentially the same, and knowledge of the encoding key implies knowledge of the decoding key.
When this is not the case, the encryption is said to be asymmetric.
CSC 240 (Blum) 24
Symmetric vs Asymmetric encryption (Cont.)
Asymmetric schemes are more secure but require more time for coding and decoding.
Often secure communication uses a combination of asymmetric and symmetric. The key to the symmetric encryption is sent
using asymmetric encryption. Then the bulk of the communication uses
symmetric encryption.
CSC 240 (Blum) 25
Public Key Encryption
In asymmetric encryption, the parameters for the mathematical operation and its inverse are not the same. Then one is said to have two keys.
For purposes of encryption, it is ideal if knowledge of one of the parameters (keys) does not lead to knowledge of the other.
Such a mathematical operation is the basis for public key encryption.
CSC 240 (Blum) 26
Public Key/Private Key
A user is assigned two keys (a private key and a public key). The private key should be known only to the user. The public key is published along with the user’s
name.
Someone can send the user a private message by using the public key to encrypt, then the user is the only person (presumably) who can decrypt the message.
CSC 240 (Blum) 27
Digital signature
Use this process in reverse. The user encrypts the message with the
private key. Anyone with the users’ public key can decrypt
it. BUT since the user’s public key decoded the
message, the message must have come from the user. This does not give privacy but authentication.
CSC 240 (Blum) 28
Double Key Encryption
To have a private and authenticated transaction use two keys.
Mary encrypts a message with John’s public key and then does a second encryption using her private key.
The message must be decrypted using Mary’s public key (we know it’s from Mary) and further decrypted using John’s private key (only John can do this).
CSC 240 (Blum) 29
Digital Certificate/Certificate Authority
If the two parties don’t know each other, a third party that both trust, the certificate authority, acts as a verifier. The verification is done using a digital certificate.
CSC 240 (Blum) 30
RSA
RSA is an encryption/authentication scheme developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.
RSA is owned by RSA Security. The company licenses the algorithm technologies and also sells development kits.
CSC 240 (Blum) 31
kerberos
An authentication system developed at the Massachusetts Institute of Technology.
Kerberos allows two users to exchange private messages across an open network.
It works by assigning a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in messages to identify the sender of the message.
CSC 240 (Blum) 32
Firewalls
A firewall guards the perimeter of a network, all traffic flows through and is examined by the firewall.
The earliest firewalls performed a packet filtering service. If sending packets is analogous to sending mail then
a having a firewall is analogous to having the mail censored.
Certain packets are not allowed in based on their content or source; certain packets are not allowed out based on their content or destination.
CSC 240 (Blum) 33
Firewall
A firewall can help centralize part of a network’s security effort.
A firewall can prevent outsiders from probing all computers in an
organization flooding the network with unwanted traffic attacking a computer by causing it to crash.
CSC 240 (Blum) 34
Packet filter
CSC 240 (Blum) 35
Firewall The firewall working closely with the router,
it examines each packet to determine whether or not to forward it.
The filtering may be based on any number of criteria: Source or destination IP address
Allow only certain addresses or rule out certain addresses
Direction Service type (FTP, SMTP, telnet, etc., identified by
port number) Time
CSC 240 (Blum) 36
Firewall
A firewall can also maintain an audit trail (log file).
A firewall can be trained to look for virus signatures.
The firewall can scan for tokens or tickets which authenticate users.
A pair of firewalls can agree on an encryption scheme, for instance if two private networks are connected by a public line (a virtual private network).
Tele-commuting
The importance of VPN’s is growing as more companies support the ideas of employees working from home or small satellite locations.
In principle, VPN’s deliver the same network accessibility and security that would be available at the on-site location.
CSC 240 (Blum) 37
CSC 240 (Blum) 38
Proxy server A proxy is somebody who is authorized
to stand in for somebody else. A proxy server stands in for the client on a
private network in that when the client makes a request of a server outside the network, the request is made of the proxy server, the proxy server then makes the request of the destination — that is, it stands in for the client.
The reply is then passed from the proxy to original client.
This way the destination does not learn the address of the true client, only that of the proxy.
CSC 240 (Blum) 39
Caching too
The proxy server hides the private network’s addresses.
Another benefit of a proxy is that it can cache results for the entire network. Like any host client, it checks its cache before requesting something. But the proxy had made the requests for all of the computers on the network.
CSC 240 (Blum) 40
Other References
http://www.webopedia.com http://www.whatis.com Computer Dictionary, Shnier Database Systems, Rob and Coronel