DATABASE MODELING AND SECURITY

WHAT IS DATA MODELING?

Data modeling is the act of exploring data-oriented structures.

Define key data modeling terms Entity type Attribute Multivalued attribute Relationship Degree Cardinality Business Rule Associative entity Trigger Supertype Subtype

THE DATA MODELING PROCESS

HOW ARE DATA MODELS USED IN PRACTICE?

Conceptual data models- These are often created as part of initial requirements envisioning efforts to explore the high-level static business structures and concepts.

Logical data models-used to explore the domain concepts, and their relationships, of problem domain.

Physical data models (PDMs)-PDMs are used to design the internal schema of a database, depicting the data tables, the data columns of those tables, and the relationships between the tables.

A SIMPLE LOGICAL DATA MODEL.

A SIMPLE PHYSICAL DATA MODEL

WHAT ABOUT CONCEPTUAL MODELS?

Object-Role models(ORM’s) are preferably created for conceptual models.

COMMON DATA MODELING NOTATIONS

CONT.

CONT.

HOW TO MODEL DATA

The following tasks are performed in an iterative manner

Identify entity types Identify attributes Apply naming conventions Identify relationships Apply data model patterns Assign keys Normalize to reduce data redundancy Denormalize to improve performance

1.Identify Entity Types Entity - a class of real world objects having common

characteristics and properties about which we wish to record information.An entity can be of normal type or weak type.

2.Identify Attributes Attribute - a characteristic of an entity or relationship * Identifier - uniquely determines an instance of an

entity * Identity dependence - when a portion of an

identifier is inherited from another entity * Multi-valued - same attribute having many values

for one entity * Surrogate - system created and controlled unique

key

3. Apply Data Naming Conventions- Every organization should have standards and guidelines applicable to data modeling, something we should be able to obtain from your enterprise administrator.

Identify Relationships Re lat ionship - an association among two or more

entities * occurrence - instance of a relationship is the

collective instances of the related entities * degree - number of entities associated in the

relationship (binary, ternary, other n-ary) * connectivity - one-to-one, one-to-many, many-to-

many * existence dependency (constraint) -

optional/mandatory

A LOGICAL DATA MODEL

5.APPLY DATA MODEL PATTERNS

6.Assign keys-

7. NORMALIZE TO REDUCE DATA REDUNDANCY

 The goal of data normalization is to reduce and even eliminate data redundancy.

Table 2. Data Normalization Rules. First normal form (1NF)-An entity type is

in 1NF when it contains no repeating groups of data.

Second normal form (2NF)-An entity type is in 2NF when it is in 1NF and when all of its non-key attributes are fully dependent on its primary key. 

Third normal form (3NF)-An entity type is in 3NF when it is in 2NF and when all of its attributes are directly dependent on the primary key.

8. DENORMALIZE TO IMPROVE PERFORMANCE The rules of data normalization focus on

reducing data redundancy, not on improving performance of data access.  An important part of data modeling is to denormalize portions of your data schema to improve database access times.

DATABASE SECURITY

CONTENTS Definitions Countermeasures Security Controls Data Protection and Privacy Statistical Databases Web Database Security Issues and Solutions SQL Injection

DATABASE SECURITY DEFINITION

Definition : The protection of the database against

intentional or unintentional threats using computer-based or non-computer-based controls

Areas in which to reduce risk: theft and fraud loss of confidentiality loss of privacy loss of integrity loss of availability

COUNTERMEASURES

Ways to reduce risk Include

Computer Based Controls Non-computer Based Controls

COMPUTER BASED CONTROLS

Security of a DBMS is only as good as the OS

Computer based Security controls available: authorization and authentication views backup and recovery Integrity Encryption

▪ within database and data transport RAID – for fault tolerance associated procedures

▪ e.g. backup, auditing, testing, upgrading, virus checking

NON-COMPUTER BASED CONTROLS Include:

Security policy and contingency plan personnel controls secure positioning of equipment escrow agreements maintenance agreements physical access controls

Both internal and external

DATA SECURITY

Two (original) broad approaches to data security:Discretionary access control

a given user has different access rights (privileges) on different objects

flexible, but limited to which rights users can have on an object

privileges can be passed on at user’s discretionMandatory access control

each data object is labelled with a certain classification level

each user is given a certain clearance level rigid, hierarchic

ROLE BASED ACCESS CONTROL

A specific function within an organisation

Authorizations are granted to the roles Instead of users

Users are made members of roles Privileges can not be passed on to

other users Simplifies authorization management Supported in SQL

SYSTEM R AUTHORIZATION MODEL

One of the first authorization model for RDBMSAs part of System R RDBMS

Based on concept of ‘Protection Objects’Tables and views

Access modesSELECT INSERTDELETEUPDATE

Not all applicable for views

SYSTEM R AUTHORIZATION MODEL

Users can give access to other users through use ofGRANT and REVOKE

Removing REVOKE is recursive System R has a closed world policy

If no authorization then access is deniedHowever authorization can be granted

later Negative authorization

Denials are expressedDenials take precedence

SQL FACILITIES SQL supports discretionary access control

using view mechanism and authorization system

e.g. CREATE VIEW S_NINE_TO_FIVE ASSELECT S.S#, S.SNAME, S.STATUS,

S.CITYFROM SWHERE to_char(SYSDATE, 'HH24:MI:SS‘)

>= ‘09:00:00’AND to_char(SYSDATE, 'HH24:MI:SS‘) <=

‘17:00:00’;

GRANT SELECT, UPDATE (STATUS)ON S_NINE_TO_FIVETO Purchasing;

parameterised view Also referential and entity integrity

ORACLE SECURITY Oracle supports 2 types of privileges

System privileges Rights to perform action on schema objects e.g. create table spaces, create and delete users

Object priviliges Rights to perform actions on database objects e.g. create/delete tables, views, indexes, functions

Priviliges can be granted to users or roles

ORACLE OBJECT PRIVILEGES

Table PrivilegesALTER, DELETE, INDEX, INSERT,

REFERENCES, SELECT, UPDATE View Privileges

DELETE, INSERT, SELECT, UPDATE Privileges can be granted to users or

roles, e.g.CREATE ROLE admin;GRANT INSERT ON my_table TO admin;GRANT admin TO fred;

To revoke/remove roles:REVOKE admin FROM barney;DROP ROLE admin;

ORACLE VIRTUAL PRIVATE DATABASES

Fine-grained access control based on tuple-level access

Uses dynamic query modification Users are given a specific policy

The policy returns a specific WHERE clause in the query depending on the policy SELECT * FROM prop_for_rent

Becomes SELECT * FROM prop_for_rent WHERE prop_type

= ‘F’

DATA PROTECTION AND PRIVACY

Privacy concerns the right of an individual not to have

personal information collected, stored and disclosed either willfully or indiscriminately

Data Protection Act the protection of personal data from unlawful

acquisition, storage and disclosure, and the provision of the necessary safeguards to avoid the destruction or corruption of the legitimate data held

New Freedom of Information Act

STATISTICAL DATABASES

A database that permits queries that derive aggregated information (e.g. sums, averages)but not queries that derive individual

information Tracking

possible to make inferences from legal queries to deduce answers to illegal ones

SELECT COUNT(*) FROM STATS X WHERE X.SEX=‘M’ AND X.OCCUPATION = ‘Programmer’

SELECT SUM(X.SALARY) FROM STATS X WHERE X.SEX=‘M’ AND X.OCCUPATION = ‘Programmer’

SIMPLE EXAMPLE

The following warehouse relation contains information about a number of drivers, and the points they have stored in races.

The only queries allowed are those which utilise aggregate operators, e.g. using count to find out a driver’s total earnings in any one year.

However using this table, statistical tracking is possible.

Explain why?DriverId Race PointsScored PrizeMoney1 Monaco 10 500001 Imola 4 250002 Monaco 6 300003 Monaco 8 400003 Silverstone 10 50000

STATISTICAL DATABASES

Various strategies can be used to minimize problems prevent queries from operating on only a

few database entries swap attribute values among tuples randomly add in additional entries use only a random sample maintain history of query results and

reject queries that use a high number of records identical to previous queries

WEB DATABASE SECURITY ISSUES

Internet is an open networktraffic can easily be monitored, e.g. credit

card numbers Challenge is to ensure that information

conforms to:privacy, integrity, authenticity, non-

fabrication, non-repudiation Information also needs protected on

web server Also need to protect from executable

content

WEB DATABASE SECURITY SOLUTIONS

Various methods can be usedproxy servers

improve performance and filter requestsfirewalls

prevents unauthorised access to/from a private network

digital certificates electronic message attachments to verify that

user is authenticKerberos

centralised security server for all data and resources on network

WEB DATABASE SECURITY SOLUTIONS

Secure Sockets Layer and Secure HTTP▪ SSL - secure connection between client and

server▪ S-HTTP - individual messages transmitted

securely Secure Electronic Transactions

▪ certificates which splits transactions so that only relevant information is provided to each user

Java - Java Virtual Machine (JVM)▪ class loader - checks applications do not violate

system integrity by checking class hierarchies▪ bytecode verifier - verify that code will not crash

or violate system integrity ActiveX -

▪ uses digital signatures, user is responsible for security

SQL INJECTION

‘a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database’1

Can chain SQL commands Embed SQL commands in a string Ability to execute arbitrary SQL queries

SQL INJECTION: EXAMPLE 1 Form asking for username and password Original Query:

SQLQuery = “SELECT count(*) FROM users WHERE username = ‘” + $usename + “‘ AND password = ‘” + $password + “‘;”

Specify usename and password = ‘ OR “ 1=1 ‘

SELECT count(*) FROM users WHERE username = ‘’ OR 1 = 1 AND password = ‘’ OR 1 = 1;

SQL INJECTION : EXAMPLE 2

SQLQuery = “SELECT * FROM staff WHERE staff_no = ” + $name + “;” Enter staff_no: 100 OR 1 = 1

Will give the query:SELECT * FROM staff WHERE staff_no = 100 OR 1 = 1;

Even worse:Enter staff_no: 100; DROP TABLE staff; SELECT * FROM sys.user_tables

Enter staff_no: 100 UNION SELECT SELECT Username, Password FROM Users

SQL INJECTION : REMEDIES Can include:

Strip quotation marks and other spurious characters from strings

Use stored procedures Limit field lengths or even don’t allow text

entries Restrict UNION

THE END