Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

01 database security ent-db


Published on

Just for my reviewer

Published in: Education
  • Be the first to comment

  • Be the first to like this

01 database security ent-db

  2. 2. Database the heart of each information system a persistent collection of related data, where data are facts that have an implicit meaning. built to store logically interrelated data representing some aspects of the real world, which must be collected, processed, and made accessible to a given user population.
  3. 3. Database Concepts • The database is constructed according to a data model which define the way in which data and interrelationships between them can be represented. Data Models • The collection of software programs that provide the functionalities for defining, maintaining, and accessing data stored in a database is called a database management system (DBMS). DBMS
  4. 4. Database abstraction levels Internal level • describing the physical storage of the database Conceptual (or logical level ) • providing the users with a high level description of the real world that the database represents External level • describing the views that different users or applications have on the stored data. The internal level maps the logical objects supported by the data model to the physical objects of the underlying operating system
  5. 5. Data Security • Concerned with improper disclosure of information. The terms secrecy or non- disclosure are synonyms for confidentiality. Confidentiality • Concerned with improper modification of information or processes. Integrity • Concerned with improper denial of access to information. The term denial of service is also used as a synonym for availability. Availability
  6. 6. Top Ten Database Security Threats
  7. 7. • When someone is granted database privileges that exceed the requirements of their job function, these privileges can be abused. Excessive and Unused Privileges • Users may abuse legitimate database privileges for unauthorized purposes. Privilege Abuse • Injection attacks usually involve inserting (or “injecting”) unauthorized or malicious statements into the input fields of web applications that gives an attacker unrestricted access to an entire database. Input Injection (Formerly SQL Injection)
  8. 8. • Cybercriminals, state-sponsored hackers, and spies use advanced attacks that blend multiple tactics—such as spear phishing emails and malware—to penetrate organizations and steal sensitive data. Malware • Automated recording of database transactions involving sensitive data should be part of any database deployment. Failure to collect detailed audit records of database activity represents a serious organizational risk on many levels. Weak Audit Trail • Backup storage media is often completely unprotected from attack. Storage Media Exposure
  9. 9. • It is common to find vulnerable and un-patched databases, or discover databases that still have default accounts and configuration parameters. Exploitation of Vulnerable, Misconfigured Databases • Many companies struggle to maintain an accurate inventory of their databases and the critical data objects contained within them. Unmanaged Sensitive Data • Denial of Service (DoS) is a general attack category in which access to network applications or data is denied to intended users. Denial of Service • Many organizations are ill-equipped to deal with a security breach due to the lack of expertise required to implement security controls, enforce policies, or conduct incident response processes. Limited Security Expertise and Education
  10. 10. Approaches to Data Security Prevention • Prevention ensures that security breaches cannot occur. The basic technique is that the system examines every action and checks its conformance with the security policy before allowing it to occur. • This technique is called access control. Detection • Detection ensures that sufficient history of the activity in the system is recorded in an audit trail, so that a security breach can be detected after the fact. • This technique is called auditing.
  12. 12. Access Control Policies Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC)
  13. 13. Discretionary Access Control • The word discretionary characterizes the fact that users can be given the ability of passing their privileges to others. • Discretionary access control policies are based on authorizations rules. • An authorization rule states that a subject has the privilege to exercise a given action on a given object. • The kind (and granularity) of subjects, objects, and actions that can be referenced in authorizations may be different in different systems.
  14. 14. Discretionary access control policies Subjects Subjects are the entities to which authorizations can be granted. Typically, subjects are users. Objects Objects are the entities to be protected. Typically, objects correspond to information container (tables or portion of it) or procedures. Actions Actions define the specific operations that subjects can execute on objects. Actions to be supported include the operations corresponding to the basic read, write, delete, create, and execute
  15. 15. Authorizations • Authorizations define which accesses are to be allowed. • The simplest form of authorization is a triple (subject, object, action) specifying that subject is authorized to exercise action on object. • Example • subject object access • Joe Black Employee-relation read
  16. 16. Granularity and Modes of Access Control The entire database. Some collection of relations. One relation. Some columns of one relation. Some rows of one relation.
  17. 17. DAC modes in SQL operations The ability to INSERT and DELETE is specified on a relation by relation basis. SELECT is also usually specified on a relation by relation basis. UPDATE can be restricted to certain columns of a relation.
  18. 18. Access Control Mechanisms Security through Views Grant and Revoke Stored Procedures Query modification
  20. 20. View Based Access Control • A base relation is a “real" relation in the database, that is actually stored in the Database. • A view is a “virtual" relation which is derived from base relations and other views. • For retrieval purposes users need not distinguish between views and base relations. • Views, therefore, provide a very powerful mechanism for specifying data-dependent authorization for data retrieval.
  21. 21. A user who has read access to TOY-DEPT is thereby limited to retrieving information about employees in the Toy Department.
  22. 22. Suppose that a new employee Brown is inserted in base relation EMPLOYEE, as shown in Table 3. The view TOY-DEPT will be automatically modified to include Brown, as shown in Table 4.
  23. 23. Views can also be used to provide access to statistical information. A view is simply another relation in the database, which happens to be automatically modified by the DBMS whenever its base relations are modified. Problem: Difficult to maintain updates.
  25. 25. Grant • Granting and revocation allow users to selectively and dynamically grant privileges to other users, and subsequently revoke them if so desired. • The GRANT command applies to base relations as well as views. • In SQL granting is accomplished by means of the GRANT statement which has the following general format.
  26. 26. Some examples of GRANT statements
  27. 27. Note that it is not possible to grant a user the grant option on a privilege, without allowing the grant option itself to be further granted.
  28. 28. Revoke • Revocation in SQL is accomplished by means of the REVOKE statement which has the following general format. • Examples:
  29. 29. STORED PROCEDURES Assign rights to execute compiled programs GRANT RUN ON <program> TO <user> Problem: Programs may access resources for which the user who runs the program does not have permission.
  30. 30. QUERY MODIFICATION • It is not supported in SQL • In this technique, a query submitted by a user is modified to include further restrictions as determined by the user's authorization.