Security Issues Surrounding Data Manipulation in a Relational Database
1. 1
Security Issues Surrounding Data
Manipulation in a Relational Database
David Murphy
5th
November 2015
Abstract - It is no secret that we are quite dependent on big
data. Over two-thirds of organisations owe their success to
technology, and information ease of access. It still remains
that database security is an important issue considering the
alarming number of incidents involving unauthorised data
exposure, especially with the volume of sensitive data that
is becoming increasingly available. With that being said, it
is becoming hard to feel safe with the confidentiality of
database managements system handling heterogeneous
data. Numerous security mechanisms have been
implemented to protect against unwarranted data
exposure and modification. Even so, there have still been
cases of data exposure. This paper will investigate the
security issues involved in database management systems.
Keywords - RDBMS, access control policies, data
exposure, SQL. Database management system,
manipulation, access control policies, privileges, security
threats, authorization, injection, vulnerabilities.
1. INTRODUCTION
With the conspicuous exponential growth of
heterogeneous data and the significant role it plays in
the technological world we live in, it’s easy to notice
the value of database management systems. There have
been several real-world cases of database breaching, in
particular with some of the biggest multi-national
companies and conglomerates. It is because of this
very reason that the security of information (data) will
always be under some degree of risk. Unauthorised
persons will seek out an opportunity to expose and alter
database content for numerous reasons, many of which
are illegal. In 2011 alone, 5 worldwide organisations
databases were compromised including
RSA security, ESTsoft and Sony’s Playstation Network
(PSN) where millions of records had been exposed and
sold that included sensitive information like credit card
details. Naturally, this has caused a sense of discomfort
as people begin to believe that their data is not secure.
The remainder of this paper is as follows: Section 2
will introduce the relational database management
system and the access control policies that have
established as a medium of security for the database.
Sections 3 and 4 will discuss the issues involving data
manipulation in relational databases.
2. RELATIONAL DATABASE MANAGEMENT
SYTEMS
A relational database management system (RDBMS) is
a tool that allows a user to create, modify, and
administer a relational database that contains ever-
growing volumes of information. A secure database
will comprise of three principal requirements,
Confidentiality, Integrity, and Availability (CIA): -
Confidentiality refers to the level of data exposure i.e.
only those with appropriate authorisation can access the
data. Those who do not have authorisation do not have
access to the data. Integrity refers to the trustworthiness
of information i.e. assurance that the information was
not modified by an unauthorised source. Availability
refers to the availability of data i.e. the prevention of
attack techniques that make data inaccessible such as
Denial Of Service (DoS) attacks [1].
Access control policies were implemented to enforce the
security of database information. When a subject (user)
2. 2
attempts to access information of a DBMS, the access
control mechanism compares the subject’s access
privileges to a predetermined set of authorisation rules
in terms of data confidentiality. These “rules” detail a
list of access policies surrounding the object (database).
For example, which roles have sufficient authorisation.
There are three main access control policies that are
implemented on relational databases.
2.1 Mandatory Access Control
Mandatory Access Control (MAC) is a built-in
mechanism that constrains a user’s ability to access
or modify data, and cannot be revised by system users.
It requires all subject’s to abide by rules that were
established by the Database Administrator (DBA). It is
enforced by comparing attributes of a subject (user) and
an object (information) to control access to the object. It
restricts access to objects based on the sensitivity of the
information[2].
The enforcement of two principles :- No Read-Up + No
Write down, protects sensitive information from being
accessed or altered by subjects with deficient privileges.
The Department of Defence (DoD) have adapted the
mandatory access control mechanism[3].
2.2 Discretionary Access Control
The Discretionary Access Control (DAC) policy
includes mechanisms for granting (and revoking) access
permissions to subjects (users) based on the subjects
identity and authorizations. These authorizations or
guidelines specify access modes, for each subject and
each object in the system [2]. Once this mechanism
implemented, the ability to grant/revoke subject
privileges lies with the DBA. This policy is called
“Authorisation Administration”. There are two types of
such administration: - Centralized administration,
whereby some privileged subjects can grant or revoke
authorizations, and Ownership administration, where
only the database creator can grant or revoke subjects
some or all privileges on objects to users.
2.2.1 System R Authorisation Model
One model that adapted the discretionary access control
policy is the System R authorisation model. Here,
objects are tables of n rows and n columns of formatted
information. The access modes that subjects can
exercise on tables correspond to operations that can be
executed on tables in a process called data manipulation
[4].
2.3 Role-Based Access Control
The Role-Based Access Control (RBAC) policy was
established to directly represent access control
mechanisms for organisations. RBAC policies govern a
user’s “role” in an organisation, whereby a role
encapsulates access privileges detailing a set of
authorised functions available to the user. If the user
belongs to a role that does not have sufficient access
privileges, then they are denied access. If the user
wishes to gain access to the information, they have to be
granted privileges by a user that has the ability to
perform the operation, such as the database
administrator. Of course, the DBA can also revoke
privileges from users.
2.3.1 NIST Reference Model
The National Institute of Standards and Technology
(NIST) RBAC reference model takes the access decision
for an individual user based on the roles the user has in
the organisation. The access rights are grouped by role
name, and the access to a resource is granted or revoked
according to the users authorisation status [2]. The
NIST reference model is illustrated in Figure 1 below
3. 3
Fig. 1: The NIST RBAC reference model
3. DATA MANIPULATION IN A RDBMS
Data manipulation is the process of modifying data
stored in a database i.e. creating new data or modifying
pre-existing data. Data manipulation language (DML)
exists in relational database management systems in the
form of Structured Query Language (SQL). As
mentioned in the discretionary access control
policy, SQL gives the user privileges to perform
operations on database content. They can access the
data for reading operations and writing operations,
depending on what privileges they are granted. The
primary threat to SQL as a data manipulation language
is SQL injection, where an unauthorised user executes
illicit queries on a database to gain information needed
to access the database content. However, SQL injection
is not the only threat regarding data manipulation.
There is forms of privilege abuse issues, as well as
authentication validation vulnerabilities, that I will
discuss in the next section.
4. SECURITY ISSUES SURROUNDING DATA
MANIPULATION IN A RELATIONAL DBMS
The main issues surrounding security in a relational
database system are its vulnerabilities to attack. Taking
into account the occurrences of database breaches in the
last 5 years alone, there has evident flaws being
exploited in database security.
TalkTalk, one of the biggest telecommunications
companies in the UK, had it’s database content exposed
by an unauthorised hacker group. The hacker’s had
gained access unlawfully to millions of customer
records including sensitive information e.g. credit card
details. It is believed that the company’s database had a
weak authentication policy, as changed passwords were
stored in plaintext rather than encrypted with a “salt".
The unauthorised users invoked SQL injection to access
the data [5].
4.1 SQL Injection
One of the biggest security issues is an attack called
SQL injection (SQLIA). Here, a perpetrator typically
“injects” unauthorised database statements into a
vulnerable SQL data channel. Typically targeted data
channels include stored procedures and Web application
input parameters. These injected statements are then
passed to the database where they are executed [6]. This
form of attack attempts to enable the unauthorised user
to access the database information. There are five
methods of SQIA that are available to an attacker.
Damaging with additional injected query is a simple
injection attack method. This involves interaction with
the authentication service on the database’s web
application. By submitting illegal SQL statements, an
attacker gathers sufficient information about the
database management system to gain access to the
information. This is called database fingerprinting. In
order to avoid this type of incident, web applications
should enforce user input validation to eliminate the
injection of harmful SQL queries [7]. Another type of
attack is injection with the UNION SQL query. Here,
the attacker gets data from a table, which is different
from one that was intended by developer. There are
other techniques available to protect against SQLIA.
The introduction of an Intrusion Prevention System
(IPS) could discover vulnerable stored procedures, or
the injection of unlawful SQL queries. Working with
query-level access control violation can help identify an
attack [6].
4. 4
4.2 Privilege Abuse
Another issue with security in relation database
management systems is privilege abuse. When users
(subjects) have sufficient access privileges to manipulate
a database outside of their job requirements, these
privileges can be exploited for improper use. This issue
is evident more so in relational DBMS that incorporates
a discretionary access control policy or a role-based
access control policy. Take, for example, an
organisation where a low-level employee has been
granted the same database access privileges as a
manager. This employee has the ability to harmfully
manipulate the information where they should not. This
is an example of legitimate privilege abuse. In order to
avoid the occurrence of this issue, an acceptable
standard of privilege delegation should be implemented.
Only those with appropriate permissions can assign
users to roles, where privileges are granted/revoked
depending on the nature of the role. There should also
be an access control policy that applies to all contextual
information about database access by enforcing policy
for user applications, time of day, etc. [6].
4.3 Denial Of Service
Of course there is also the potential occurrence of a
Denial of Service (DoS) attack where the attackers will
make all database information inaccessible for
authorised users. DoS is the process of “flooding” a
database system with a volume of requests that the
server cannot handle, causing the database server to
crash. Methods of avoiding DoS attacks involve
dynamic profiling and connection controls, which can be
used to identify illegal SQL queries. Any query that
does not match previously established user or
application patterns are immediately identified and
rejected [6].
4.4 Weak Authentication
According to Basharat, Azam, and Muzaffar, A weak
authentication strategy renders the databases more
vulnerable to attackers. The identity of database users
are stolen or the login credentials are obtained through
some source which then helps in modification of data or
obtaining sensitive information and if authentication is
not properly implemented and is weak, it helps the
attacker to steal data[8]. The most effective way to
combat this potential threat is to sanitise user input on
web applications. By doing so, any attacker that
attempts to insert illicit SQL statements into the web
application will be detected and rejected.
5. CONCLUSION
It is conspicuous that the need for database security
increases proportional to the exponential growth of big
data in the technological world we inherit today. From
2013 to 2020, the digital universe will grow by a factor
of 10 – from 4.4 trillion gigabytes to 44 trillion. It more
than doubles every two years[9]. In this paper, I have
identified and discussed the issues involved with data
manipulating operations performed on relational
database management systems that enforce different
access control policies as a means of database
confidentiality, integrity, and availability. I have also
outlined the various techniques available to avoid the
occurrence of these potential issues.
6. REFLECTION
Having completed this research paper, I have learned a
substancial amount about database security and the
implementation of different access policies that constitute a
protected database mangement system. I have also learned
about the various threats to database security, and techniques
available to defend against such threats. Taking into
consideration the different real-world examples of database
secuirty breaches I have mentioned in this paper, my point has
been further expressed. Of course I would not have been able
to complete this paper to an acceptable standard without the
aim of good resources that I have cited throughtout.
5. 5
REFERENCES
[1] -
University of Miami, Miller School of Medicine.
2006. confidentiality, integrity, availability (CIA). [ONLINE]
Available
at: http://privacy.med.miami.edu/glossary/xd_confidentiality_int
egrity_availability.htm. [Accessed 04 November 15].
[2] -
Patil, Meshram, A.P, B.B.M, 2012. Database Access Control
Policies. / International Journal of Engineering Research and
Applications (IJERA), [Online]. 2/3, 3151-3153. Available
at:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.416.
4856&rep=rep1&type=pdf [Accessed 03 November 2015].
[3] -
National Institute of Standards and Technology.
1983. DEPARTMENT OF DEFENSE TRUSTED COMPUTER
SYSTEM EVALUATION CRITERIA. [ONLINE] Available
at:http://csrc.nist.gov/publications/history/dod85.pdf. [Accessed
04 November 15].
[4] -
Bertino, Sandhu, E.B, R.S, 2005. Database Security—Concepts,
Approaches, and Challenges. IEEE TRANSACTIONS ON
DEPENDABLE AND SECURE COMPUTING, [Online]. 2,1, 5.
Available at:http://www.profsandhu.com/journals/ieee-depend-
dbsec-05.pdf [Accessed 03 November 2015].
[5] -
Engadget/Matt Brian. 2015. TalkTalk hack: what you need to
know. [ONLINE] Available
at:http://www.engadget.com/2015/10/23/talktalk-hack-
explainer/. [Accessed 05 November 15].
[6] -
Shulman, A.S, 2006. Top Ten Database Security Threats . How
to Mitigate the Most Significant Database Vulnerabilities ,
[Online]. 1/1, 6. Available
at: http://www.schell.com/Top_Ten_Database_Threats.pdf[Acce
ssed 03 November 2015].
[7] -
Kulkarni, Urolagin, S.K, S.U, 2012. Review of Attacks on
Databases and Database Security Techniques.International
Journal of Emerging Technology and Advanced Engineering,
[Online]. 2/11, 255. Available
at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.414
.1729&rep=rep1&type=pdf [Accessed 04 November 2015].
[8]-
Basharat, Azam, Wahab Muzaffar , I.B, F.A, A.W.M., 2012.
Database Security and Encryption: A Survey Study. International
Journal of Computer Applications (0975 – 888), [Online]. 47/12,
30. Available
at:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.258.
8172&rep=rep1&type=pdf [Accessed 05 November 2015].
[9]-
EMC. 2014. Data Growth, Business Opportunities, and the IT
Imperatives. [ONLINE] Available
at:http://www.emc.com/leadership/digital-
universe/2014iview/executive-summary.htm. [Accessed 05
November 15].