GROUP MEMBERS:  USMAN AFZAL F  NAEEM SHAHZAD F  BASIT MUNIR F  H.M.TAYYAB MUSHTAQ F  AROOJA HAMID QURESHI F15-045

Database Security - Farkas 4 Security Objectives Secrecy Prevent/detect/deter improper Disclosure of information Availability Prevent/detect/deter improper Denial of access to services Integrity Prevent/detect/deter Improper modification of information

What is database? A structured set of data held in a computer, especially one that is accessible in various ways. A database is a collection of information that is organized so that it can easily be accessed, managed, and updated. In one view, databases can be classified according to types of content: bibliographic, full-text, numeric, and images.information

What is Security?  The state of being free from danger or threat.

What is Database security?  Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks.  It is a broad term that includes a multitude of processes, tools and methodologies that ensure security within a database environment.

What is Database security?  Database security covers and enforces security on all aspects and components of databases.  Database security is defined as the process by which “Confidentiality, Integrity and Availability” of the database can be protected.

Data security includes:  Data stored in database  Database server  Database management system (DBMS)  Other database workflow applications

Data base security administrators Database security is generally planned, implemented and maintained by a database administrator and or other information security professional.

Database security analyzation and implementation: Some of the ways database security is analyzed and implemented include:  Restricting unauthorized access and use by implementing strong and multifactor access and data management controls  Load/stress testing and capacity testing of a database to ensure it does not crash in a distributed denial of service (DDoS) attack or user overload  Physical security of the database server and backup equipment from theft and natural disasters  Reviewing existing system for any known or unknown vulnerabilities and defining and implementing a road map/plan to mitigate them

What is threat?  A statement of an intention to inflict pain, injury, damage, or other hostile action on someone in retribution for something done or not done.  A person or thing likely to cause damage or danger.  A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system.

What is Database Security Threat?  A perennial threat, malware is used to steal sensitive data via legitimate users using infected devices. *Storage media exposure, Backup storage media is often completely unprotected from attack, Gerhart said. “.  Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization.

Summary of potential threats to computer systems:

Why is database security important? If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data could result in  Inaccuracy  Fraud  Erroneous decisions. In addition, unauthorized, unanticipated, or unintentional disclosure could result in loss of  Public confidence, embarrassment, or legal action against the organization.

Countermeasures to database security threats  The types of countermeasure to threats on computer systems range from physical controls to administrative procedures. Despite the range of computer-based controls that are available, it is worth noting that, generally, the security of a DBMS is only as good as that of the operating system, owing to their close association.

Computer-based security controls for a multi-user environment:  authorization  access controls  views  backup and recovery  integrity  encryption  RAID technology

Representation of a typical multi-user computer environment

Authorization  The granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object.  Authorization controls can be built into the software, and govern not only what system or object a specified user can access, but also what the user may do with it. The process of authorization involves authentication of subjects requesting access to objects, where ‘subject’ represents a user or program and ‘object’ represents a database table, view, procedure, trigger, or any other object that can be created within the system.  Authentication A mechanism that determines whether a user is who he or she claims to be  Need smart card or pin code Bill Gates

Authorization Administrator  A system administrator is usually responsible for allowing users to have access to a computer system by creating individual user accounts. Each user is given a unique identifier, which is used by the operating system to determine who they are.  This procedure allows authorized use of a computer system but does not necessarily authorize access to the DBMS or any associated application programs.This procedure allows authorized use of a computer system but does not necessarily authorize access to the DBMS or any associated application programs

Access Controls  Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment. There are two main types of access control: physical and logical.  Physical access control limits access to campuses, buildings, rooms and physical IT assets.  Logical access control limits connections to computer networks, system files and data.

Schema of secure database management system Access Controls

Access control  Access control systems perform authorization identification, authentication, access approval, and accountability of entities through login credentials including passwords, personal identification numbers (PINs), biometric scans, and physical or electronic keys.

Access Controls  The four main categories of access control are:  Mandatory access control  Discretionary access control  Role-based access control  Rule-based access control

Access Controls  Mandatory access control (MAC) is a security strategy that restricts the ability individual resource owners have to grant or deny access to resource objects in a file system. MAC criteria are defined by the system administrator, strictly enforced by the operating system (OS) or security kernel, and are unable to be altered by end users. Mandatory access control (MAC):

Access Controls  In computer security, Discretionary Access Control (DAC) is a type of access control in which a user has complete control over all the programs it owns and executes, and also determines the permissions other users have those files and programs. Because DAC requires permissions to be assigned to those who need access, DAC is commonly called described as a "need-to-know" access model. Discretionary Access Control (DAC):

View  A view is a result set of a stored query. It is the subset of database that is generated or stored from query and stored as a permanent object.  Although the definition is permanent the data contained there is dynamic depending on the point in time at which the view is accessed.  A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

What is view? IDNAMEPHONEDept. no 1harry bill Lara Create view: Emp 10 as SELECT ID, NAME, PHONE from employee where Dept. no is 10 IDNAME 1harry 2bill Index on dept. no

View as a Database Security: The view mechanism is desirable for several reasons:  It provides a powerful and flexible security mechanism by hiding parts of the database from certain users. Users are not aware of the existence of any attributes or tuples that are missing from the view.  It permits users to access data in a way that is customized to their needs, so that the same data can be seen by different users in different ways, at the same time.  It can simplify complex operations on the base relations.  The user is not aware of the existence of any attribute or rows that are missing from the view.

Backup and Recovery  Backup: The process of periodically taking a copy of the database and log file (and possibly programs) on to offline storage media. A DBMS should provide backup facilities to assist with the recovery of a database following failure. It is always advisable to make backup copies of the database and log file at regular intervals and to ensure that the copies are in a secure location

Backup and Recovery  Journaling: The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure. A DBMS should provide logging facilities, sometimes referred to as journaling, which keep track of the current state of transactions and database changes, to provide support for recovery procedures. The advantage of journaling is that, in the event of a failure, the database can be recovered to its last known consistent state using a backup copy of the database and the information contained in the log file. If no journaling is enabled on a failed system, the only means of recovery is to restore the database using the latest backup version of the database.

Purpose of backup and recovery: Two distinct purpose of backup and recovery are:  Primary purpose: is to recover data after data loss, deletion or corruption.  Secondary purpose: is to recover data before from an earlier time.

Integrity  Database integrity makes sure that (authorized) users use that information correctly.  Data integrity is the maintenance of, and the assurance of the accuracy and consistency of, data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes, or retrieves data. The term data integrity is broad in scope and may have widely different meanings depending on the specific context – even under the same general umbrella of computing. This article provides only a broad overview of some of the different types and concerns of data integrity.

Integrity as database security:  Data integrity is a fundamental component of information security.  Maintaining a secure database system by preventing data from becoming invalid.  Only authorized user should be allowed to modify data.  Numeric columns should not accept alphabetic data.  Example: students

Encryption  Encryption is the process of encoding messages or information in such a way that only authorized parties can access it. Encryption does not of itself prevent interference, but denies the message content to the interceptor.  The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. Plain-text Algorithm and password Encrypted data

Encryption To transmit data securely over insecure networks requires the use of a cryptosystem, which includes:  an encryption key to encrypt the data (plaintext);  an encryption algorithm that, with the encryption key, transforms the plaintext into ciphertext;  a decryption key to decrypt the ciphertext;  a decryption algorithm that, with the decryption key, transforms the ciphertext back into plaintext.

RAID (redundant array of independent disks)  RAID (redundant array of independent disks; originally redundant array of inexpensive disks) provides a way of storing the same data in different places (thus, redundantly) on multiple hard disks (though not all RAID levels provide redundancy). By placing data on multiple disks, input/output (operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases

RAID (redundant array of independent disks)  RAID arrays appear to the operating system (OS) as a single logical hard disk. RAID employs the technique of disk mirroring or disk striping, which involves partIoning each drive's storage space into units ranging from a (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order.

RAID (redundant array of independent disks)  In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time.  In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives.

Standard RAID levels  RAID 0: This configuration has striping but no redundancy of data. It offers the best performance but no fault- tolerance RAID 0

Standard RAID levels  RAID 1: Also known as disk mirroring, this configuration consists of at least two drives that duplicate the storage of data. There is no striping. Read performance is improved since either disk can be read at the same time. Write performance is the same as for single disk storage.

Standard RAID levels  RAID 2: This configuration uses striping across disks with some disks storing error checking and correcting (ECC) information. It has no advantage over RAID 3 and is no longer used. RAID 2

Standard RAID levels  RAID 3: This technique uses striping and dedicates one drive to storing parity information. The embedded ECC information is used to detect errors. Data recovery is accomplished by calculating the exclusive OR (XOR) of the information recorded on the other drives. Since an I/O operation addresses all drives at the same time, RAID 3 cannot overlap I/O. For this reason, RAID 3 is best for single-user systems with long record applications. RAID 3

Standard RAID levels  RAID 4: This level uses large stripes, which means you can read records from any single drive. This allows you to use overlapped I/O for read operations. Since all write operations have to update the parity drive, no I/O overlapping is possible. RAID 4 offers no advantage over RAID 5. RAID 4

Standard RAID levels  RAID 5: This level is based on level striping with parity. The parity information is striped across each drive, allowing the array to function even if one drive were to fail. The array’s architecture allows read and write operations to span multiple drives. This results in performance that is usually better than that of a single drive, but not as high as that of a RAID 0 array. RAID 5 requires at least three disks, but it is often recommended to use at least five disks for performance reasons. RAID 5

Standard RAID levels  RAID 6: This technique is similar to RAID 5 but includes a second parity scheme that is distributed across the drives in the array. The use of additional parity allows the array to continue to function even if two disks fail simultaneously. However, this extra protection comes at a cost. RAID 6 arrays have a higher cost per gigabyte (GB)and often have slower write performance than RAID 5 arrays. RAID 6

Standard RAID levels Nested RAID levels:  Some RAID levels are referred to as nested RAID because they are based on a combination of RAID levels. Here are some examples of nested RAID levels.

Standard RAID levels  RAID 10 (RAID 1+0): Combining RAID 1 and RAID 0, this level is often referred to as RAID 10, which offers higher performance than RAID 1 but at a much higher cost. In RAID 1+0, the data is mirrored and the mirrors are striped. RAID 10