The document provides an overview of DB2 security features including authorization, authentication, LBAC, RCAC, backup and recovery, data encryption, trusted contexts, and InfoSphere data replication. It discusses authorization at the instance, database, and object levels and covers row and column access controls. The document also outlines different data encryption options in DB2, backup approaches, and trusted connections. It concludes with references for further information.
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
DB2 Security Model
1. IN THE NAME OF ALLAH
DB2 Security Model
Class Presentation of Database Security Course At Tarbiat Modares University
Presentators:
Narges Poorkamali
Yeganeh Ghayour Baghbani
Professor:
Dr. Sadegh Dorri Nogorani
Fall Semester: 1398-99
Presentation Date: 1398/10/18
1
3. Introducing IBM DB2
3
Why use DB2 Database?
Create by IBM company in 1993
The most powerful Database Engine
Relational Database
Data Warehouse
Free Version
Stuctured & UnStuctured
SQL & NO SQL
Data Mining
Disater Rcovery
Scalability
Security
In Memory
Replication
Encription
BLU Acceleration
5. IBM Data Server Manager
(DSM)
5
A web-based integrated database
management tool platform:
Database Administrator
Health and Performance
Monitoring
Performance Management
Database Client Management
6. During an SQL statement processing, the
permissions that the DB2 authorization model
considers are the union of the following
permissions:
The permissions granted to the primary
authorization ID associated with the SQL statement
The permissions granted to the secondary
authorization IDs (groups or roles) associated
with the SQL statement
The permissions granted to PUBLIC, including
roles that are granted to PUBLIC, directly or
indirectly through other roles
The permissions granted to the trusted context
role, if applicable.
6
Authorization
7. 7
DB2 manages
authorizations at three
different levels:
Instance
Database
Object
Because of the changes in
DB2 9.7, it is easiest to
represent the permissions in
multiple diagrams. First, the
Permissions at the instance
level for:
1) SYSADM(system administrator)
2) SYSCTRL(system controler)
3) SYSMAINT(system maintenance)
4) SYSMON(system monitoring)
Authorization
11. When to use LBAC for row level
authorization?
Government applications that
manage classified information
(intelligence, defense, etc.)
Non government applications
where:
Data classification is known
Data classification can be
represented by one or more LBAC
security label components
Authorization rules can be mapped
to the security label component
rules
If any of the above is not possible,
then views are a better alternative
for row level authorization.
11
LBAC
Label-Based Access Control
12. When to use LBAC for column
level authorization?
Control access to a sensitive
column (e.g., social security
number, credit card number, etc.)
Protect the data in the table from
access by table owner, or DBAs
Assign a security label to all
columns in the table
Assign that security label to a role
Assign that role to all users who
need access to the table
Only users members in that role
will be able to access data in that
table
12
LBAC
Label-Based Access Control
13. 13
Table controls to protect SQL access to individual row level & individual column level:
Establish a row policy for a table
Filter rows out of answer set
Policy can use session information, e.g. the SQL ID is in what group or user is using what role, to
control which row is returned in result set
Applicable to SELECT, INSERT, UPDATE, DELETE, & MERGE
Defined as a row permission
Establish a column policy for a table
Mask column values in answer set
Policy can use session information, e.g. the SQL ID is in what group or user is using what role, to
control what masked value is returned in result set
Applicable to the output of outermost subselect
Defined as column masks
Define table policies based on who or how table is being accessed
Managing row and column access controls
RCAC
Row and column access control
14. 14
RCAC
Row and column access control
Rules about row and column access:
Not enforced for RI, CHECK, or UNIQUE CONSTRAINT
Preserve data integrity
Require secure triggers
CREATE or ALTER TRIGGER with the SECURED option
Managed by SECADM or new privilege CREATE_SECURE_OBJECT
Rebind trigger packages implicitly after ALTER TRIGGER
Require secure UDFs
Referenced in the row permission and column mask definition
CREATE or ALTER TRIGGER with the SECURED option
Managed by SECADM or new privilege CREATE_SECURE_OBJECT
Populate access control information in EXPLAIN tables
Can activate access control on EXPLAIN tables
No support for MQT and set operations
15. Online Backup vs Offline backup
Target location specified when you invoke the backup utility. This location can be:
A directory in file system (for backups to disk or diskette)
A device (for backups to tape)
A Tivoli Storage Manager (TSM) server
Another vendor's server
Cloud
15
IBM Tivoli Storage Manager is an
enterprise-wide storage management
application. It provides automated
storage management services to
workstations, personal computers, and
file servers from various vendors, with
various operating systems.
Backup and Recovery
16. DB2 Native
Encryption
IBM InfoSphere
Gardium
Encrypted File
System(EFS)
SSL
Db2 native encryption
provides a built-in
encryption capability to
protect database backup
images and key database
files from inappropriate
access while they are at
rest on external storage
media.
IBM InfoSphere Guardium
Data Encryption is a
comprehensive software
data security solution that
when used in conjunction
with native Db2 security
provides effective
protection of the data and
the database application
against a broad array of
threats.
If you are running a Db2
system on the AIX operating
system, you have the option
to set up an encrypted
database by using AIX
encrypted file system (EFS).
For detailed information
about EFS, see your AIX
documentation.
The Db2 database system
supports SSL, which means
that a Db2 client
application that also
supports SSL can connect
to a Db2 database by using
a SSL socket. CLI, CLP, and
.Net Data Provider client
applications and
applications that use the
IBM Data Server Driver for
JDBC and SQLJ (type 4
connections) support SSL.
16
Data Encryption
17. HIGHLIGHTS:
Encrypt online data
Encrypt backups
Transparent to
application
Transparent to
schema
Secure and
transparent key
management
Exploits hardware
acceleration such as
the Intel AES-NI
FIPS 140-2 certified
encryption libraries
NIST compliant use of
cryptography
Easy to deployed in
cloud, software or
appliance
Runs wherever DB2
runs 17
Key Management:
Industry standard 2-
tier model
Actual data is
encrypted with a data
encryption key(DEK)
DEK is encrypted
with a Master Key
(MK)
DEK is managed
within the database
while the MK is
manage externally
The MK is managed
in a PKCS#12
compliant local GSKit
based keystore
Data Encryption
DB2 Native Encryption
18. A trusted context is a new object that is defined based upon a system
authorization ID, and one or more sets of connection trust attributes where
each set defines at least one connection trust attribute:
System authorization ID
Connection trust attributes
The trust relationship is based upon the following set of attributes:
1. System authorization ID: Represents the user that establishes a database
connection
2. IP address (or domain name): Represents the host from which a database
connection is established
3. Data stream encryption: Represents the encryption setting (if any) for the
data communication between the database server and the database client
Trusted connection allows the initiator of this trusted connection to
acquire additional capabilities that may not be available outside the scope of
the trusted connection. The additional capabilities vary depending on
whether the trusted connection is explicit or implicit.
The initiator of an explicit trusted connection has the ability to:
1. Switch the current user ID on the connection to a different user ID with
or without authentication
2. Acquire additional privileges via the role inheritance feature of trusted
contexts
18
Trusted Context and Connection
19. 19
Database replication solution from IBM
Multi platform: Window, Linux, Unix
Changes to database captured in realtime
Captures inserts updates and deletes
Centralized platform
Low impact capture and fast delivery of changes to database
Helps reduce processing overhead by sending only changes thereby
removing the need for additional steps to detect changes
Reduce network traffic by sending only changed or new data instead of
entire data
Has three component:
Change data capture(CDC)
SQL replication:
In SQL Replication, committed source changes are staged in
relational tables before being replicated to target systems.
Q replication:
In Q Replication, committed source changes are written in messages
that are transported through MQ queues to target systems.
InfoSphere Data Replication
Data Server Manager (DSM) is a tool that consolidates many of the monitoring, tuning, configuration and administration tools for DB2 and adds some nice new features as well. It allows you do to these tasks for all of your DB2 (LUW and Z) databases in one centralized tool.
Data Server Manager (DSM) is a tool that consolidates many of the monitoring, tuning, configuration and administration tools for DB2 and adds some nice new features as well. It allows you do to these tasks for all of your DB2 (LUW and Z) databases in one centralized tool.