Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1.

Published byNora Short Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1."— Presentation transcript:

1 Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1

2 Concept of Database A database is a collection of data and a set of rules that organize the data by specifying certain relationships among data The data items are stored in a file, but the precise physical format of the file is of no concern to the user. The database consists of records, each of which contained one related group of data. Each record contains fields or elements. 2 CIT460 Information Security Dr.Khalid Dr. Mohannad

3 Database components cd..  Schema: is the logical structure of database  Attribute: name of each column of the database  Relation: is a set of columns  Queries: a command through which users can interact with database managers. 3 CIT460 Information Security Dr.Khalid Dr. Mohannad

4 Advantages of database  Shared access  Minimal redundancy  Data consistency  Data integrity  Controlled access 4 CIT460 Information Security Dr.Khalid Dr. Mohannad

5 Security Objectives Secrecy Prevent/detect/deter improper Disclosure of information Availability Prevent/detect/deter improper Denial of access to services Integrity Prevent/detect/deter Improper modification of information 5 CIT460 Information Security Dr.Khalid Dr. Mohannad

6 Policy Organizational policy Information systems policy 6 CIT460 Information Security Dr.Khalid Dr. Mohannad

7 Database Security Requirements  Protect Sensitive Data from  Unauthorized disclosure  Unauthorized modification  Denial of service attacks  Security Requirments  Physical database integrity  Logical database integrity  Element integrity  Auditability  Access control  User authentication  Availability 7 CIT460 Information Security Dr.Khalid Dr. Mohannad

8 8 Integrity of Database Threats:  Damage of the whole database  Unreadable of an element of the database Protection:  Users must trust the accuracy of the data values.  Database must be protected against corruption. Element Integrity  Users are responsible to enter correct data  However users and programs can make mistakes  Problem when we have same data saved in many files CIT460 Information Security Dr.Khalid Dr. Mohannad

9 9 Reliability Software is reliable if it works for along time without failing. Database is reliable if the following is assured:  Database Integrity  Element integrity  Element accuracy CIT460 Information Security Dr.Khalid Dr. Mohannad

10 10 Auditability  Register all operations (read, write,..)  Such record can help at least to discover who had affected the values and when  Such audit can help us to make a decision if to give some information to user if such authority is given after doing some operations in a sequence.  Have an access but not tell the user CIT460 Information Security Dr.Khalid Dr. Mohannad

11 11 Availability Threats:  Not available  Busy  Down Protection:  Physical protection  Logical protection  Recovery CIT460 Information Security Dr.Khalid Dr. Mohannad

12 Database Confidentiality  Data can not be access by unauthorized users  Data must be categorized  Use some cryptographic tools 12 CIT460 Information Security Dr.Khalid Dr. Mohannad

13 Access Control  Ensures that all direct accesses to object are authorized  Protects against accidental and malicious threats by regulating the read, write and execution of data and programs 13 CIT460 Information Security Dr.Khalid Dr. Mohannad

14 14 Access Control  given system has identified a user  determine what resources they can access  general model is that of access matrix with  subject - active entity (user, process)  object - passive entity (file or resource)  access right – way object can be accessed  can decompose by  columns as access control lists  rows as capability tickets CIT460 Information Security Dr.Khalid Dr. Mohannad

15 15 Trusted Computer Systems  information security is increasingly important  have varying degrees of sensitivity of information  cf military info classifications: confidential, secret etc  subjects (people or programs) have varying rights of access to objects (information)  want to consider ways of increasing confidence in systems to enforce these rights  known as multilevel security  subjects have maximum & current security level  objects have a fixed security level classification CIT460 Information Security Dr.Khalid Dr. Mohannad

16 Chapter 5 : DataBase Security Lecture #2-Week 8 Dr.Khalid Dr. Mohannad Information Security 16 CIT460 Information Security Dr.Khalid Dr. Mohannad

17 Access Control Requires:  Proper user identification  Authentication  Information specifying the access rights is protected form modification 17 Database administrator specifies who will have access:  View, relation, field, record  or element level CIT460 Information Security Dr.Khalid Dr. Mohannad

18 Access Control Components:  Access control policy: specifies the authorized accesses of a system  Access control mechanism: implements and enforces the policy Access Control 18 CIT460 Information Security Dr.Khalid Dr. Mohannad

19 How to specify access control? 19 CIT460 Information Security Dr.Khalid Dr. Mohannad

20 Access Control  Subject: active entity that requests access to an object  - e.g., user or program  Object: passive entity accessed by a subject  - e.g., record, relation, file  Access right (privileges): how a subject is allowed to access an object  - e.g., subject s can read object o 20 CIT460 Information Security Dr.Khalid Dr. Mohannad

21 Protection Object  Database  Relation  Record  Attribute  Element Advantages vs. disadvantages of supporting different granularity levels 21 CIT460 Information Security Dr.Khalid Dr. Mohannad

22 Chapter 5 : DataBase Security Lecture #3-Week 8 Dr.Khalid Information Security 22 CIT460 Information Security Dr.Khalid Dr. Mohannad

23 Access Control Policies  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC) 23 CIT460 Information Security Dr.Khalid Dr. Mohannad

24 24 People and information are classified into different levels of trust and sensitivity. These levels represent the well-known security classifications: Security Levels Unclassified = ⇒ Confidential = ⇒ Secret = ⇒ Top Secret. CIT460 Information Security Dr.Khalid Dr. Mohannad

25 25  Clearance level indicates the level of trust given to a person with a security clearance, or a computer that processes classified information, or an area that has been physically secured for storing classified information. The level indicates the highest level of classified information to be stored or handled by the person, device, or location.  Classification level indicates the level of sensitivity associated with some information, like that in a document or a computer file. The level is supposed to indicate the degree of damage the country could suffer if the information is disclosed to an enemy.  Security levels a generic term for either a clearance level or a classification level. Security Levels cont. CIT460 Information Security Dr.Khalid Dr. Mohannad

26 26 Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges Discretionary Access Control CIT460 Information Security Dr.Khalid Dr. Mohannad

27 Discretionary Access Control (DAC)  For each subject access right to the objects are defined (subject, object, +/- access mode) (Black, Employee-relation, read)  User based  Grant and Revoke  Problems: - Propagation of access rights - Revocation of propagated access rights 27 In Discretionary Access Control DAC, each system object (file or data object) has an owner, and each initial object owner is the subject that causes its creation. Thus, an object's access policy is determined by its owner. CIT460 Information Security Dr.Khalid Dr. Mohannad

28 CIT460 Information Security Dr.Khalid M.O Nahar 28  User may transfer object ownership to another user(s).  User may determine the access type of other users.  After several attempts, authorization failures restrict user access.  Unauthorized users are blind to object characteristics, such as file size, file name and directory path.  Object access is determined during access control list (ACL) authorization and based on user identification and/or group membership. DAC attributes include: CIT460 Information Security Dr.Khalid Dr. Mohannad

29 DAC by Grant and Revoke Brown (owner) Black Red White GRANT SELECT ON Employee TO Red GRANT SELECT ON Employee TO Black WITH GRANT OPTION ? Brown revokes grant given to Black ? Brown does not want Red to access the Employee relation GRANT UPDATE(Salary) ON Employee TO White 29 CIT460 Information Security Dr.Khalid Dr. Mohannad

30 Chapter 5 : DataBase Security Lecture #1-Week 9 Dr.Khalid Information Security 30 CIT460 Information Security Dr.Khalid Dr. Mohannad

31 Implementation Access Control List (column) File 1File 2Joe:Read Joe:WriteSam:Read Joe:OwnSam:Write Sam:Own Capability List (row) Joe: File 1/Read, File 1/Write, File 1/Own, File 2/Read Sam: File 2/Read, File 2/Write, File 2/Own Access Control Triples SubjectAccessObject JoeReadFile 1 JoeWriteFile 1 JoeOwnFile 1 JoeReadFile 2 SamReadFile 2 SamWrite File 2 SamOwnFile 2 (ACL) 31 CIT460 Information Security Dr.Khalid Dr. Mohannad

32 Access Control Mechanisms  Security through Views  Stored Procedures  Grant and Revoke  Query modification 32 CIT460 Information Security Dr.Khalid Dr. Mohannad

33 Security Through Views Assign rights to access predefined views CREATE VIEW Outstanding-Student AS SELECT NAME, COURSE, GRADE FROM Student WHERE GRADE > B Problem: Difficult to maintain updates. 33 CIT460 Information Security Dr.Khalid Dr. Mohannad

34 Stored Procedures  Assign rights to execute compiled programs  GRANT RUN ON TO  Problem: Programs may access resources for which the user who runs the program does not have permission. 34 CIT460 Information Security Dr.Khalid Dr. Mohannad

35 Grant and Revoke GRANT ON To [WITH GRANT OPTION] ------------------------------------------------------------------------------------------------------------------------------------ GRANT SELECT * ON Student TO Matthews GRANT SELECT *, UPDATE(GRADE) ON Student TO FARKAS GRANT SELECT(NAME) ON Student TO Brown GRANT command applies to base relations as well as views 35 CIT460 Information Security Dr.Khalid Dr. Mohannad

36 Grant and Revoke REVOKE [ON ] FROM ------------------------------------------------------------------------------------------------------------------------- REVOKE SELECT* ON Student FROM Blue REVOKE UPDATE ON Student FROM Black REVOKE SELECT(NAME) ON Student FROM Brown 36 CIT460 Information Security Dr.Khalid Dr. Mohannad

37 Chapter 5 : DataBase Security Lecture #2-Week 9 Dr. Khalid Information Security 37 CIT460 Information Security Dr.Khalid Dr. Mohannad

38 Query Modification GRANT SELECT(NAME) ON Student TO Blue WHERE COURSE=“CSCE 590” Blue’s query: SELECT * FROM Student Modified query: SELECT NAME FROM Student WHERE COURSE=“CSCE 590” 38 CIT460 Information Security Dr.Khalid Dr. Mohannad

39 DAC Overview  Advantages: Intuitive ( بديهي ) Easy to implement  Disadvantages: Inherent vulnerability (look TH example) Maintenance of ACL or Capability lists Maintenance of Grant/Revoke Limited power of negative authorization 39 CIT460 Information Security Dr.Khalid Dr. Mohannad

40 40  Global policy: DAC let users to decide the access control policies on their data, regardless of whether those policies are consistent with the global policies. Therefore, if there is a global policy, DAC has trouble to ensure consistency.  Information flow: information can be copied from one object to another, so access to a copy is possible even if the owner of the original does not provide access to the original copy. This has been a major concern for military.  Malicious software: DAC policies can be easily changed by owner, so a malicious program (e.g., a downloaded untrustworthy program) running by the owner can change DAC policies on behalf of the owner.  Flawed software: Similarly to the previous item, flawed software can be “instructed” by attackers to change its DAC policies. CIT460 Information Security Dr.Khalid Dr. Mohannad

41 Chapter 5 : DataBase Security Lecture #3-Week 9 Dr. Khalid Dr. Mohannad Information Security 41 CIT460 Information Security Dr.Khalid Dr. Mohannad

42 Mandatory Access Control Mandatory Access Control (MAC) is a type of access control in which only the administrator manages the access controls. The administrator defines the usage and access policy, which cannot be modified or changed by users, and the policy will indicate who has access to which programs and files. MAC is most often used in systems where priority is placed on confidentiality.access control 42 MAC defines and ensures a centralized enforcement of confidential security policy parameters. CIT460 Information Security Dr.Khalid Dr. Mohannad

43 Mandatory Access Control (MAC)  Security label -Top-Secret, Secret, Public  Objects: security classification -File 1 is Secret, File 2 is Public  Subjects: security clearances -Brown is cleared to Secret, Black is cleared to Public  Dominance (  ) - Top-Secret  Secret  Public 43 CIT460 Information Security Dr.Khalid Dr. Mohannad

44 MAC Cont.  Access rights: defined by comparing the security classification of the requested objects with the security clearance of the subject  If access control rules are satisfied, access is permitted  Otherwise access is rejected  Granularity of access rights! 44 CIT460 Information Security Dr.Khalid Dr. Mohannad

45 45  MAC provides tighter security because only a system administrator may access or alter controls.  MAC policies reduce security errors.  MAC enforced operating systems (OS) delineate and label incoming application data, which creates a specialized external application access control policy. MAC advantages and disadvantages depend on organizational requirements, as follows: CIT460 Information Security Dr.Khalid Dr. Mohannad

46 Role-based access control ( RBAC )  Roles are created for various job functions. The authority to perform any operation is assigned to specific roles. Three primary rules are defined for RBAC:  Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role.  Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized.  Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized. CIT460 Information Security Dr.Khalid M.O Nahar 46

Download ppt "Chapter 5 : DataBase Security Lecture #1-Week 8 Dr.Khalid Dr. Mohannad Information Security CIT460 Information Security Dr.Khalid Dr. Mohannad 1."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.

Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Security Fall 2009McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2009McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.

Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.

Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.

Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google