Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Forensics 2 Lecture 2A: Obfuscation and Synchronization of

Published byDonna Copeland Modified over 6 years ago

Similar presentations

Presentation on theme: "Digital Forensics 2 Lecture 2A: Obfuscation and Synchronization of"— Presentation transcript:

1 Digital Forensics 2 Lecture 2A: Obfuscation and Synchronization of
Data Presented by : J.Silaa Lecture: FCI 15 Aug 2017

2 Objectives Dynamic Data masking in SQL server 2016
Dynamic data masking functions/rule Conclusion

3 Dynamic data masking Dynamic data masking is one of the new Security Feature introduced in Sql Server 2016. It provides a mechanism to obfuscate or mask the data from non-privileged users. And the users with sufficient permission will have complete access to the actual or un-masked data.

4 Dynamic data masking Source:DataSunrise

5 SQL server 2016 Example from database layer we will get a clear SSN number like , but the application will mask and display it to the user as XXX-XXX-4567. It doesn’t change the actual value stored in the column.

6 Dynamic data masking functions/rule
Dynamic data masking functions/rule can be defined on the table columns for which we need the masked out-put in the query result Masking function is applied on the query result just before returning the data, if user doesn’t have the enough permission to get the un-masked data Only User with db-owner or UNMASK permission will get the un-masked data in the query result for the masked columns

7 Masking functions Following are the four masking functions which can be defined on table column Default() () Partial() Random()

8 Masking function To understand each of these masking function let us create a Customer Table as shown in the following image by the following script:

9 Sample table script CREATE DATABASE SqlHintsDDMDemo GO
USE SqlHintsDDMDemo CREATE TABLE dbo.Employee ( EmployeeId INT IDENTITY(1,1), Name NVARCHAR(100), DOJ DATETIME, Address NVARCHAR(100), Phone Varchar(15), Salary INT ) INSERT INTO dbo.Employee (Name, DOJ, Address,Phone, Salary) Values ('Basavaraj', '02/20/2005', ' ',900000), ('Kalpana', '07/01/2015', ' ',100000)

10 1 Default () For string types it shows X for each character and max it displays 4 X’s. For numeric types it shows 0 For dates shows :00:00.000 Let us apply the DEFAULT dynamic data masking function on the Name and DOJ columns of the Employee table by executing the following statement…

11 1 Default ().. ---Add DEFAULT() masking function on the Name column ALTER Table Employee ALTER COLUMN NAME ADD MASKED WITH (FUNCTION='DEFAULT()') ALTER COLUMN DOJ ADD MASKED WITH (FUNCTION='DEFAULT()')

12 User permissions Let us create a new user and grant select permission on the Employee table by executing the following query; --Create user reader CREATE USER reader WITHOUT LOGIN --Grant select permission to the user: reader GRANT SELECT ON Employee TO reader

13 User permissions.. Results
Let us try to fetch the records from the Employee table by executing the query in the context of this new user EXECUTE AS USER = 'reader' SELECT * FROM Employee REVERT Results From the result we can see that Name column values are replaced by XXXX and DOJ column values are replaced by :00: in the query result.

14 UNMASK permission Grant UNMASK permission to the newly created user reader to allow viewing of the un-masked data by executing the following query. --Grant Unmask permission to the user: reader GRANT UNMASK TO reader Now try re-executing the previously executed query to fetch the records from the Employee table in the context of the user reader EXECUTE AS USER = 'reader' SELECT * FROM Employee REVERT RESULT: From the result we can see that now the reader user can see the un-masked or actual data of the masked columns Name and DOJ

15 UNMASK permission.. Let us remove the UNMASK permission from the user reader by executing the following statement --Remove Unmask permission from the user: reader REVOKE UNMASK TO reader

16 2. () This dynamic data masking function returns first character as it is and rest is replaced by Let us apply the dynamic data masking function on the Address Column of the Employee table by executing the following statement ---Add () masking function on the Name column ALTER Table Employee ALTER COLUMN Address ADD MASKED WITH (FUNCTION=' ()') Let us try to fetch the records from the Employee table by executing the query in the context of the user reader EXECUTE AS USER = 'reader' SELECT * FROM Employee REVERT

17 ()..

18 ().. Let us verify whether we can query a masked column value by the actual value. In the below example trying to fetch a employee record whose Address is in the context of the user reader EXECUTE AS USER = 'reader’ SELECT * FROM Employee WHERE Address = REVERT RESULT

19 Partial() Let us apply the PARTIAL dynamic data masking function on the Phone column of the Employee table by executing the following statement ALTER Table Employee ALTER COLUMN Phone ADD MASKED WITH (FUNCTION='Partial(2,"-ZZZ-",2)') Let us try to fetch the records from the Employee table by executing the query in the context of the user reader EXECUTE AS USER = 'reader’ SELECT * FROM Employee REVERT

20 4. Random() Can be applied on a column of numeric type
Let us apply the RANDOM dynamic data masking function with a random value range from 1 to 9 on the Salary column of the Employee table by executing the following statement ALTER Table Employee ALTER COLUMN Salary ADD MASKED WITH (FUNCTION='Random(1,9)') Let us try to fetch the records from the Employee table by executing the query in the context of the user reader EXECUTE AS USER = 'reader' SELECT * FROM Employee REVERT

21 4. Random().. Removing MASK definition from the Table Column
Below example shows how we can remove masked definition from the table column. Here in this example we are removing mask definition from the Phone column of the Employee table. ALTER TABLE Employee ALTER COLUMN Phone DROP MASKED

22 Conclusion Dynamic Data masking provides a mechanism to mask or obfuscate the query result at the database level. The data stored in the data base is still in the clear or un-masked format. It is not a physical data encryption feature, an admin user or user with sufficient unmask permission can still see the complete un-masked data. This is a complementary security feature which is best-advised to use in-conjunction with other Sql Server Security features.

23 Conclusion: Dynamic Data masking provides a mechanism to mask or obfuscate the query result at the database level. The data stored in the data base is still in the clear or un-masked format. It is not a physical data encryption feature, an admin user or user with sufficient unmask permission can still see the complete un-masked data. This is a complementary security feature which is best-advised to use in-conjunction with other Sql Server Security features.

24 Reference Basavaraj, B (2016).Dynamic Data Masking in SQL Server 2016.

Download ppt "Digital Forensics 2 Lecture 2A: Obfuscation and Synchronization of"

Similar presentations

Session 2Introduction to Database Technology Data Types and Table Creation.

Session 2Introduction to Database Technology Data Types and Table Creation.
MySQL Access Privilege System

MySQL Access Privilege System
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Database Programming Sections 13. Marge Hohly2 13.1.4  1. Which statements are True about the following sequence? The sequence was used to generate numbers.

Database Programming Sections 13. Marge Hohly  1. Which statements are True about the following sequence? The sequence was used to generate numbers.
9 Copyright © Oracle Corporation, 2001. All rights reserved. Creating and Managing Tables.

9 Copyright © Oracle Corporation, All rights reserved. Creating and Managing Tables.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
DT211 Stage 2 Databases Lab 1. Get to know SQL Server SQL server has 2 parts: –A client, running on your machine, in the lab. You access the database.

DT211 Stage 2 Databases Lab 1. Get to know SQL Server SQL server has 2 parts: –A client, running on your machine, in the lab. You access the database.
30-Jun-15 SQL A Brief Introduction. SQL SQL is Structured Query Language Some people pronounce SQL as “sequel” Other people insist that only “ess-cue-ell”

30-Jun-15 SQL A Brief Introduction. SQL SQL is Structured Query Language Some people pronounce SQL as “sequel” Other people insist that only “ess-cue-ell”
1 Nassau Community CollegeProf. Vincent Costa Acknowledgements: Introduction to Database Management, All Rights ReservedIntroduction to Database Management.

1 Nassau Community CollegeProf. Vincent Costa Acknowledgements: Introduction to Database Management, All Rights ReservedIntroduction to Database Management.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Security and Integrity

Security and Integrity
Introduction to SQL  SQL or sequel  It is a standardised language with thousands of pages in the standard  It can be in database system through GUI,

Introduction to SQL  SQL or sequel  It is a standardised language with thousands of pages in the standard  It can be in database system through GUI,
Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.

Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.
Introduction to Databases Chapter 6: Understanding the SQL Language.

Introduction to Databases Chapter 6: Understanding the SQL Language.
CSIS 4310 – Advanced Databases Virtual Private Databases.

CSIS 4310 – Advanced Databases Virtual Private Databases.
Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.

Security David Frommer Principal Architect Business Intelligence Microsoft Partner of the Year 2005 & 2007.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Chapter 5: Part 1: DDL STRUCTURED QUERY LANGUAGE (SQL)

Chapter 5: Part 1: DDL STRUCTURED QUERY LANGUAGE (SQL)
SQL FUNDAMENTALS SQL ( Structured Query Language )

SQL FUNDAMENTALS SQL ( Structured Query Language )
Chapter 5 MYSQL Database. Introduction to MYSQL MySQL is the world's most popular open-source database. Open source means that the source code, the programming.

Chapter 5 MYSQL Database. Introduction to MYSQL MySQL is the world's most popular open-source database. Open source means that the source code, the programming.

Similar presentations

Ads by Google