Database modeling and security


Published on

Published in: Education, Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Database modeling and security

  2. 2. WHAT IS DATA MODELING? Data modeling is the act of exploring data-oriented structures. Define key data modeling terms  Entity type  Attribute  Multivalued attribute  Relationship  Degree  Cardinality  Business Rule  Associative entity  Trigger  Supertype  Subtype
  4. 4. HOW ARE DATA MODELS USED IN PRACTICE? Conceptual data models- These are often created as part of initial requirements envisioning efforts to explore the high-level static business structures and concepts. Logical data models-used to explore the domain concepts, and their relationships, of problem domain. Physical data models (PDMs)-PDMs are used to design the internal schema of a database, depicting the data tables, the data columns of those tables, and the relationships between the tables.
  7. 7. WHAT ABOUT CONCEPTUAL MODELS? Object-Role models(ORM’s) are preferably created for conceptual models.
  9. 9. CONT.
  10. 10. CONT.
  11. 11. HOW TO MODEL DATA The following tasks are performed in an iterative manner Identify entity types Identify attributes Apply naming conventions Identify relationships Apply data model patterns Assign keys Normalize to reduce data redundancy Denormalize to improve performance
  12. 12.  1.Identify Entity Types Entity - a class of real world objects having common characteristics and properties about which we wish to record information.An entity can be of normal type or weak type. 2.Identify Attributes Attribute - a characteristic of an entity or relationship * Identifier - uniquely determines an instance of an entity * Identity dependence - when a portion of an identifier is inherited from another entity * Multi-valued - same attribute having many values for one entity * Surrogate - system created and controlled unique key
  13. 13.  3. Apply Data Naming Conventions- Every organization should have standards and guidelines applicable to data modeling, something we should be able to obtain from your enterprise administrator. Identify Relationships Re lat ionship - an association among two or more entities * occurrence - instance of a relationship is the collective instances of the related entities * degree - number of entities associated in the relationship (binary, ternary, other n-ary) * connectivity - one-to-one, one-to-many, many-to-many * existence dependency (constraint) - optional/mandatory
  16. 16.  6.Assign keys-
  17. 17. 7. NORMALIZE TO REDUCE DATA REDUNDANCY The goal of data normalization is to reduce and even eliminate data redundancy. Table 2. Data Normalization Rules. First normal form (1NF)-An entity type is in 1NF when it contains no repeating groups of data. Second normal form (2NF)-An entity type is in 2NF when it is in 1NF and when all of its non-key attributes are fully dependent on its primary key. Third normal form (3NF)-An entity type is in 3NF when it is in 2NF and when all of its attributes are directly dependent on the primary key.
  18. 18. 8. DENORMALIZE TO IMPROVE PERFORMANCE The rules of data normalization focus on reducing data redundancy, not on improving performance of data access. An important part of data modeling is to denormalize portions of your data schema to improve database access times.
  20. 20. CONTENTS Definitions Countermeasures Security Controls Data Protection and Privacy Statistical Databases Web Database Security Issues and Solutions SQL Injection
  21. 21. DATABASE SECURITY DEFINITION Definition :  The protection of the database against intentional or unintentional threats using computer-based or non-computer-based controls Areas in which to reduce risk:  theft and fraud  loss of confidentiality  loss of privacy  loss of integrity  loss of availability
  22. 22. COUNTERMEASURES Ways to reduce risk Include  Computer Based Controls  Non-computer Based Controls
  23. 23. COMPUTER BASED CONTROLS Security of a DBMS is only as good as the OS Computer based Security controls available:  authorization and authentication  views  backup and recovery  Integrity  Encryption ▪ within database and data transport  RAID – for fault tolerance  associated procedures ▪ e.g. backup, auditing, testing, upgrading, virus checking
  24. 24. NON-COMPUTER BASED CONTROLS Include:  Security policy and contingency plan  personnel controls  secure positioning of equipment  escrow agreements  maintenance agreements  physical access controls  Both internal and external
  25. 25. DATA SECURITY Two(original) broad approaches to data security:  Discretionary access control  a given user has different access rights (privileges) on different objects  flexible, but limited to which rights users can have on an object  privileges can be passed on at user’s discretion  Mandatory access control  each data object is labelled with a certain classification level  each user is given a certain clearance level  rigid, hierarchic
  26. 26. ROLE BASED ACCESS CONTROLA specific function within an organisation Authorizations are granted to the roles  Instead of users Users are made members of roles Privileges can not be passed on to other users Simplifies authorization management Supported in SQL
  27. 27. SYSTEM R AUTHORIZATION MODEL One of the first authorization model for RDBMS  As part of System R RDBMS Based on concept of ‘Protection Objects’  Tables and views Access modes  SELECT  INSERT  DELETE  UPDATE Not all applicable for views
  28. 28. SYSTEM R AUTHORIZATION MODEL Userscan give access to other users through use of  GRANT and REVOKE Removing REVOKE is recursive System R has a closed world policy  If no authorization then access is denied  However authorization can be granted later Negative authorization  Denials are expressed  Denials take precedence
  29. 29. SQL FACILITIES SQL supports discretionary access control using view mechanism and authorization system e.g. CREATE VIEW S_NINE_TO_FIVE AS SELECT S.S#, S.SNAME, S.STATUS, S.CITY FROM S WHERE to_char(SYSDATE, HH24:MI:SS‘) >= ‘09:00:00’ AND to_char(SYSDATE, HH24:MI:SS‘) <= ‘17:00:00’; GRANT SELECT, UPDATE (STATUS) ON S_NINE_TO_FIVE TO Purchasing;  parameterised view Also referential and entity integrity
  30. 30. ORACLE SECURITY Oracle supports 2 types of privileges  System privileges  Rights to perform action on schema objects  e.g. create table spaces, create and delete users  Object priviliges  Rights to perform actions on database objects  e.g. create/delete tables, views, indexes, functions Priviliges can be granted to users or roles
  31. 31. ORACLE OBJECT PRIVILEGES Table Privileges  ALTER, DELETE, INDEX, INSERT, REFERENC ES, SELECT, UPDATE View Privileges  DELETE, INSERT, SELECT, UPDATE Privileges can be granted to users or roles, e.g. CREATE ROLE admin; GRANT INSERT ON my_table TO admin; GRANT admin TO fred;  To revoke/remove roles: REVOKE admin FROM barney; DROP ROLE admin;
  32. 32. ORACLE VIRTUAL PRIVATE DATABASES Fine-grained access control based on tuple-level access Uses dynamic query modification Users are given a specific policy  The policy returns a specific WHERE clause in the query depending on the policy  SELECT * FROM prop_for_rent  Becomes  SELECT * FROM prop_for_rent WHERE prop_type = ‘F’
  33. 33. DATA PROTECTION AND PRIVACY Privacy  concerns the right of an individual not to have personal information collected, stored and disclosed either willfully or indiscriminately Data Protection Act  the protection of personal data from unlawful acquisition, storage and disclosure, and the provision of the necessary safeguards to avoid the destruction or corruption of the legitimate data held New Freedom of Information Act
  34. 34. STATISTICAL DATABASESA database that permits queries that derive aggregated information (e.g. sums, averages)  but not queries that derive individual information Tracking  possible to make inferences from legal queries to deduce answers to illegal ones  SELECT COUNT(*) FROM STATS X WHERE X.SEX=‘M’ AND X.OCCUPATION = ‘Programmer’  SELECT SUM(X.SALARY) FROM STATS X WHERE X.SEX=‘M’ AND X.OCCUPATION = ‘Programmer’
  35. 35. SIMPLE EXAMPLE The following warehouse relation contains information about a number of drivers, and the points they have stored in races. The only queries allowed are those which utilise aggregate operators, e.g. using count to find out a driver’s total earnings in any one year.  However using this table, statistical tracking is possible.  Explain why? DriverId Race PointsScored PrizeMoney 1 Monaco 10 50000 1 Imola 4 25000 2 Monaco 6 30000 3 Monaco 8 40000 3 Silverstone 10 50000
  36. 36. STATISTICAL DATABASES Various strategies can be used to minimize problems  prevent queries from operating on only a few database entries  swap attribute values among tuples  randomly add in additional entries  use only a random sample  maintain history of query results and reject queries that use a high number of records identical to previous queries
  37. 37. WEB DATABASE SECURITY ISSUES Internet is an open network  traffic can easily be monitored, e.g. credit card numbers Challengeis to ensure that information conforms to:  privacy, integrity, authenticity, non- fabrication, non-repudiation Information also needs protected on web server Also need to protect from executable content
  38. 38. WEB DATABASE SECURITY SOLUTIONS Various methods can be used  proxy servers  improve performance and filter requests  firewalls  prevents unauthorised access to/from a private network  digital certificates  electronic message attachments to verify that user is authentic  Kerberos  centralised security server for all data and resources on network
  39. 39. WEB DATABASE SECURITY SOLUTIONS  Secure Sockets Layer and Secure HTTP ▪ SSL - secure connection between client and server ▪ S-HTTP - individual messages transmitted securely  Secure Electronic Transactions ▪ certificates which splits transactions so that only relevant information is provided to each user  Java - Java Virtual Machine (JVM) ▪ class loader - checks applications do not violate system integrity by checking class hierarchies ▪ bytecode verifier - verify that code will not crash or violate system integrity  ActiveX - ▪ uses digital signatures, user is responsible for security
  40. 40. SQL INJECTION ‘a technique used to take advantage of non- validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database’1  Can chain SQL commands  Embed SQL commands in a string  Ability to execute arbitrary SQL queries
  41. 41. SQL INJECTION: EXAMPLE 1 Form asking for username and password Original Query:  SQLQuery = “SELECT count(*) FROM users WHERE username = „” + $usename + “„ AND password = „” + $password + “„;” Specify usename and password = ‘ OR “ 1=1 ‘  SELECT count(*) FROM users WHERE username = ‘’ OR 1 = 1 AND password = ‘’ OR 1 = 1;
  42. 42. SQL INJECTION : EXAMPLE 2 SQLQuery = “SELECT * FROM staff WHERE staff_no = ” + $name + “;”  Enter staff_no: 100 OR 1 = 1 Will give the query:  SELECT * FROM staff WHERE staff_no = 100 OR 1 = 1; Even worse:  Enter staff_no: 100; DROP TABLE staff; SELECT * FROM sys.user_tables  Enter staff_no: 100 UNION SELECT SELECT Username, Password FROM Users
  43. 43. SQL INJECTION : REMEDIES Can include:  Strip quotation marks and other spurious characters from strings  Use stored procedures  Limit field lengths or even don’t allow text entries  Restrict UNION
  44. 44. THE END