databasesecurity aug14

Database and Web Database Systems

CT014-3-2

Database Security

CT014-3-2 Database and Web Database Systems Database Security

Topic and Structure of the Lesson

• Database security• Security threats• Countermeasures• Web database security• Crash recovery

Slide 2 (of 30)

CT014-3-2 Database and Web Database Systems Database Security Slide 3 (of 30)

Learning Outcomes

At the end of this lesson, YOU should be able to discuss:

•Discuss security threats.•Discuss countermeasures.•Discuss web database security.•Explain crash recovery measures


Key Terms you must be able to use

If you have mastered this topic, you should be able to use the following terms correctly in your assignments and exams:

• Database security• Security threats• Countermeasures• Web database security• Crash recovery


Database Security

• Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource.

• Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential.


Database Security

• Involves measures to avoid:– Theft and fraud– Loss of confidentiality (secrecy)– Loss of privacy– Loss of integrity– Loss of availability

Slide 7 (of 48)


Database Security

• Threat– Any situation or event, whether intentional or

unintentional, that will adversely affect a system and consequently an organization.

Slide 8 (of 48)


Summary of Threats to Computer Systems

Slide 9 (of 48)


Typical Multi-User Computer Environment

Slide 10 (of 48)


Countermeasures – Computer-Based Controls

• Concerned with physical controls to administrative procedures and includes: – Authorization– Views– Backup and recovery– Integrity– Encryption– RAID technology

Slide 11 (of 48)



• Authorization– The granting of a right or privilege, which enables

a subject to legitimately have access to a system or a system’s object.

• Authentication– A mechanism that determines whether a user is

who he or she claims to be.

Slide 12 (of 48)



• View– Dynamic result of one or more relational

operations operating on the base relations to produce another relation.

– A virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

Slide 13 (of 48)



• Backup– Process of periodically taking a copy of the database and log file

(and possibly programs) to offline storage media.

• Journaling– Process of keeping and maintaining a log file (or journal) of all

changes made to database to enable effective recovery in event of failure.

Slide 14 (of 48)



• Integrity– Prevents data from becoming invalid, and hence giving

misleading or incorrect results.

• Encryption– The encoding of the data by a special algorithm that renders

the data unreadable by any program without the decryption key.

Slide 15 (of 48)


RAID (Redundant Array of Independent Disks) Technology

• Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.

• Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures.

Slide 16 (of 48)


RAID Technology

• Main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, cooling fans.

• Disk drives are most vulnerable components with shortest times between failure of any of the hardware components.

Slide 17 (of 48)


RAID Technology

• One solution is to provide a large disk array comprising an arrangement of several independent disks organized to improve reliability and increase performance.

Slide 18 (of 48)


DBMSs and Web Security

• Internet communication relies on TCP/IP as the underlying protocol.

• However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.

Slide 19 (of 48)


DBMSs and Web Security• Must ensure while transmitting information over the

Internet that:– inaccessible to anyone but sender and receiver (privacy);– not changed during transmission (integrity);– receiver can be sure it came from sender (authenticity);– sender can be sure receiver is genuine (non-fabrication);– sender cannot deny he or she sent it (non-repudiation).

• Must also protect information once it has reached Web server.

Slide 20 (of 48)



• Download may have executable content, which can perform following malicious actions:

– Corrupt data or execution state of programs.– Reformat complete disks.– Perform a total system shutdown.– Collect and download confidential data.– Usurp identity and impersonate user.– Lock up resources.– Cause non-fatal but unwelcome effects.

Slide 21 (of 48)



• Measures include:– Proxy servers – Firewalls– Message digest algorithms and digital signatures– Digital certificates– Kerberos– Secure sockets layer (SSL) and Secure HTTP (S-HTTP) – Secure Electronic Transactions (SET) and Secure Transaction

Technology (SST) – Java security– ActiveX security.

Slide 22 (of 48)


Proxy Servers

• Proxy server is computer that sits between browser and Web server.

• It intercepts all requests to Web server to try to fulfill requests itself.

• Has two main purposes: – improve performance;– filter requests.

Slide 23 (of 48)


Firewalls

• Designed to prevent unauthorized access to/from a private network.

• Can be implemented in both hardware and software, or a combination of both.

• Several types of firewall techniques: – Packet filter. – Application gateway.– Circuit-level gateway. – Proxy server.

Slide 24 (of 48)


Message Digest Algorithms

• Message digest algorithm takes an arbitrary-sized string (message) and generates fixed-length string (digest or hash).

• A digest has following characteristics:– Should be computationally infeasible to find another message

that will generate same digest.– Digest does not reveal anything about message.

Slide 25 (of 48)


Digital Signatures

• Digital signature consists of two parts: – string of bits computed from data being ‘signed’; – private key of individual or organization wishing the

signature.

• Can be used to verify data comes from this individual or organization.

Slide 26 (of 48)


Digital Signatures

• Digital signature has many useful properties:– Authenticity can be verified, using public key.– Cannot be forged (assuming private key is kept secret). – Function of data signed and cannot be claimed to be signature

for any other data.– Signed data cannot be changed or signature will no longer

verify data as being authentic.

Slide 27 (of 48)


Digital Certificates

• Attachment to electronic message used for security purposes (e.g. verify user sending message), and provide receiver with means to encode reply.

• Sender applies for certificate from Certificate Authority (CA).

• CA issues encrypted certificate containing applicant’s public key and other identification information.

Slide 28 (of 48)


Digital Certificates

• CA makes its own public key readily available. • Recipient uses CA’s public key to decode certificate

attached to message, verifies it as issued by CA, and obtains sender’s public key and identification information held within certificate.

• With this information, recipient can send an encrypted reply.

• CA’s role is critical, acting as go-between in relationship between two parties.

Slide 29 (of 48)


Kerberos

• A server of secured user names and passwords.• Provides one centralized security server for all data and

resources on network. • Database access, login, authorization control, and other

security features are centralized on trusted Kerberos servers.

• Has similar function to that of Certificate server: to identify and validate a user.

Slide 30 (of 48)


Secure Sockets Layer (SSL)

• Encryption protocol for transmitting private documents. • Designed to prevent eavesdropping, tampering, and

message forgery. • Works by using private key to encrypt data that is

transferred over SSL connection. • Layered between application-level protocols such as

HTTP and TCP/IP transport-level protocol.• Thus, may be used for other application-level protocols

such as FTP and NNTP.

Slide 31 (of 48)


Secure-HTTP (S-HTTP)

• Protocol for securely transmitting individual messages over Web.

• Both SSL and S-HTTP use techniques such as encryption, and digital signatures, and:– allow browsers and servers to authenticate each other;– allow controlled access to Web site;– ensure data exchanged between browser and server is secure

and reliable.

Slide 32 (of 48)


Secure Electronic Transactions (SET)

• Open, interoperable standard for processing credit card transactions over Internet, in simple and secure way.

• Transaction is split in such a way that merchant has access to information about:– what is being purchased, – how much it costs, – whether payment is approved,

• but no information on what payment method customer is using.

Slide 33 (of 48)


Secure Electronic Transactions (SET)

• Card issuer (e.g. Visa) has access to purchase price, but no information on type of merchandise involved.

• Certificates are heavily used by SET, both for certifying cardholder and for certifying that merchant has relationship with financial institution.

Slide 34 (of 48)


How SET Works

Slide 35 (of 48)


Secure Transaction Technology (SST)

• Protocol designed to handle secure bank payments over Internet.

• Uses DES encryption of information, RSA encryption of bankcard information, and strong authentication of all parties involved in transaction.

Slide 36 (of 48)


Java Security

• Sandbox ensures untrusted application cannot gain access to system resources.

• Involves three components: – class loader; – bytecode verifier;– security manager.

• Safety features provided by language and JVM, and enforced by compiler and runtime system.

• Security is a policy built on top of safety layer.

Slide 37 (of 48)


ActiveX Security

• ActiveX security model places no restrictions on what a control can do.

• Instead, each ActiveX control can be digitally signed by its author using system called Authenticode™.

• Digital signatures are then certified by CA. • This security model places responsibility for the

computer’s security on the user.

Slide 38 (of 48)


Quick Review Question

List the potential threats to a database system.

Slide 39 (of 48)


Database Recovery

Slide 40 (of 48)

• Mechanism for restoring a database quickly and accurately after loss or damage

• Recovery facilities:• Backup Facilities• Journalizing Facilities• Checkpoint Facility• Recovery Manager


Backup Facilities

Slide 41 (of 48)

• Automatic dump facility that produces backup copy of the entire database

• Periodic backup (e.g. nightly, weekly)• Cold backup – database is shut down during backup• Hot backup – selected portion is shut down and

backed up at a given time• Backups stored in secure, off-site location


Journalizing Facilities

Slide 42 (of 48)

• Audit trail of transactions and database updates• Transaction log – record of essential data for each

transaction processed against the database• Database change log – images of updated data

• Before-image – copy before modification• After-image – copy after modification


Database Audit Trail

From the backup and logs, databases can be restored in case of damage or loss


Recovery and Restart Procedures

Slide 44 (of 48)

• Switch - Mirrored databases• Restore/Rerun - Reprocess transactions against the

backup• Transaction Integrity - Commit or abort all transaction

changes• Backward Recovery (Rollback) - Apply before images• Forward Recovery (Roll Forward) - Apply after

images (preferable to restore/rerun)


Basic Recovery Technique: Rollback


Basic Recovery Technique:Roll forward


Summary

• What is database security.• Threats to a database system.• Measures taken to protect a database from

potential threats.• Crash recovery procedures.

Slide 47 (of 48)


Q & A

Question and Answer Session


Next Session

Database Concurrency Issues

Slide 48 (of 48)


DWDS Assignment

Due date extended to:Friday 22-August-2014.

databasesecurity aug14

Documents

database securityct014

web database systemsct014

computer systemsslide

log file

corporate resource

crash recovery measuresslide

physical controls

key terms