Databases and distributed systems security

Mercy Nungari

GS180289BSIT

CAT 1 AND 2

1.a

System Threats

They include:

 Patches and updates

Failure to update systems, particularly when a patch is issued, is a serious database security risk.
Whenever public notice is given about a new patch, hackers are made aware of a weakness and
look for systems that have not yet been updated. Therefore, staying on top of software updates is
vital.

 Injections

This is a very common database security vulnerability attack, which exploits a web software
weakness to enable various activities such as account impersonation; manipulating user actions;
and accessing the database.

 Malware

Malware can infect various devices, and lead to legitimate users enabling the theft of data as the
malicious code embedded in their device uses their access abilities to penetrate an organization.

 Neglected Databases

One of the top database security threats is the lack of protection for backup storage media.
Forgotten databases, or new ones that the security team does not know about, can be a serious
database security and integrity threat.
Credential Threats

Employing substandard password management and authentication methods can allow identity
theft, brute force attacks, and social engineering schemes such as phishing.

Privilege Threats

Another database security risk can occur when an administrator provides a user with rights
beyond what they actually need, or when a user abuses their access rights. In either case,
databases can be improperly accessed through unintended consequences of legitimate privileges.
Similarly, by exploiting low-level access permissions, a skilled attacker can gain entry to high-
level privileges.
1.b

I.

Capabilities

 The data in a database can be accessed from anywhere using a mobile database. It
provides wireless database access.
 The database systems are synchronized using mobile databases and multiple users can
access the data with seamless delivery process.
 Mobile databases require very little support and maintenance.
 The mobile database can be synchronized with multiple devices such as mobiles,
computer devices, laptops etc.

Limitations

 The mobile data is less secure than data that is stored in a conventional stationary
database. This presents a security hazard.
 The mobile unit that houses a mobile database may frequently lose power because of
limited battery. This should not lead to loss of data in database.
 II.
 Data caching-this is whereby data availability to user queries is with limited bandwith.
Solution
Semantic data caching-this is whereby the client maintains a semantic description of
the data in its cache instead of maintaining a list of tables and tuples.The server
processes simple predicates on the database and the results are cached at the client.

 Data broadcast-this is whereby a set of most frequently accessed data is made available
by continuously broadcating it on some fixed radio frequency.The contents of the
broadcast reflects the data demand of the mobile units.
Solution
This can be achieved through data access historsswhich can be fed into the data
broadcasting system.For efficient access ,the broadcast file use index or some other
method.

 Data classification
This deals with how the mobile database system looks at the data in the database.For
example in Location Dependent Data (LDD),the value of the location determines the
correct value of the data eg.City tax and City area.
Solution
Location binding and location mapping-they can be achieved through database schema or
location mapping table.
2.a

Some critical security capabilities are bundled with relational database platforms: identity
management, access control and network communication encryption are common examples. But
that leaves off many critical services, such as the monitoring of user activity, SQL injection
protection and vulnerability assessments. In other cases, what's provided is simply not suitable.
For instance, database-generated audit trails often lack the information needed for compliance
reports, and built-in encryption is often too slow and too difficult to integrate.

In addition, the database security gap widens when RDBMS customer requirements are taken
into account, as organizations often need protection for more than a single type of database.
Single platform products don't play well when an enterprise has sensitive information in many
types of databases. In fact, most firms run Oracle next to Postgres and MySQL, or DB2, Sybase
and SQL Server -- with each platform serving their own particular and critical business functions.

2.b

i. Database activity monitoring-The most significant database security component is

activity monitoring, or what are commonly called database activity monitoring (DAM)
platforms. They capture all SQL activity to the database -- including administrative
actions -- and analyze the statements for behavioral, contextual or security misuse.The
reason most organizations roll out DAM into their security arsenal is not just for the
ability to detect threats, but because it is the best way to collect an accurate trail of events
for regulatory reporting and to provide data and data filtering options not available with
built-in database audit logs. Put it this way: DAM is to databases as security information
and event management and log management are to general IT security and reporting.
ii. Database Firewalls-Firewalls prevent intruders from accessing an organization’s IT
network via the internet; they’re a crucial prerequisite for cyber security concerns. Web
applications that interact with databases can be protected by application access
management software. This database security measure is similar to access control lists
and determines who can access web applications and how they can do so. There are also
firewalls for individual web applications that deliver the same benefits as traditional
firewalls.
iii. Database assessment-Database security assessment is fundamentally a process that
measures database risk at a point in time. The first element of risk is measured by
evaluating a database’s susceptibility to a series of known vulnerabilities and attack
scenarios. Many assessment processes attempt to identify vulnerabilities by mimicking
the activities of an attacker. For example, an assessment may try to exploit a known
buffer overflow vulnerability or use brute force to obtain valid access credentials.
iv. Encryption-Encryption is one of the most effective database security practices because
it’s implemented where the data are in the database. However, organizations can encrypt
data in motion as well as at rest, so that it’s protected as it flows between IT systems in an
organization. Encrypted data is transfigured so it appears as gibberish unless it’s
decrypted with the proper keys. Therefore, even if someone is able to access encrypted
data, it will be meaningless to them. Database encryption is also key for maintaining data
privacy, and can be effective for IoT security.
v. Tokenization-Tokenization is the process of taking a single piece of sensitive data, like a
credit card number, and replacing it with a token, or substitute, that is not sensitive.
Because sensitive information is not held on internal servers, the data is protected from
security breaches. Often, the token won’t have the same number of characters as the
original piece of data, so there’s not a way to tell what type of number the original was
just by looking at the token. It makes it difficult for hackers to place a value on the
information they’re looking for, so they’re less likely to go after it. Even if someone does
intercept a token during transit, there’s no way to decrypt it.
vi. Data Masking-It is the process of replacing confidential data by using functional fictitious
data such as characters or other data. Main purpose of data masking is to protect sensitive,
private information in situations where the enterprise shares data with third parties.
3.a

Database security encompasses a range of security controls designed to protect the Database
Management System (DBMS). The types of database security measures your business should use
include protecting the underlying infrastructure that houses the database such as the network and
servers), securely configuring the DBMS, and the access to the data itself.

The various measures include:

 System hardening and monitoring

The underlying architecture provides additional access to the DBMS. It is vital that all
systems are patched consistently, hardened using known security configuration standards,
and monitored for access, including insider threats.
 DBMS configuration
It is critical that the DBMS be properly configured and hardened to take advantage of
security features and limit privileged access that may cause a misconfiguration of
expected security settings. Monitoring the DBMS configuration and ensuring proper
change control processes helps ensure that the configuration stays consistent.
 Authentication
Database security measures include authentication, the process of verifying if a user’s
credentials match those stored in your database, and permitting only authenticated users
access to your data, networks, and database platform.
 Backups
A data backup, as part of your database security protocol, makes a copy of your data and
stores it on a separate system. This backup allows you to recover lost data that may result
from hardware failures, data corruption, theft, hacking, or natural disasters.
 Database auditing
Monitoring (or auditing) actions as part of a database security protocol delivers
centralized oversight of your database. Auditing helps to detect, deter, and reduce the
overall impact of unauthorized access to your DBMS.
b.

Data accessibility refers to a user's ability to access or retrieve data stored within a database or
other repository. Users who have data access can store, retrieve, move or manipulate stored data,
which can be stored on a wide range of hard drives and external devices.This can be a database
security issue as it means that the database is vulnerable to attacks and exposure of sentitive data.

c.

 Excessive Database Privileges-Breach against integrity

Database users may have different privileges. However, users may abuse them and here are the
major types of privilege abuses: excessive privilege abuse, legitimate privileges abuse and
unused privilege abuse. Excessive privileges always create unnecessary risks.

 SQL Injections-breach against confidentiality

This is a type of attack when a malicious code is embedded in frontend (web) applications and
then passed to the backend database. As the result of SQL injections cybercriminals get
unlimited access to any data being stored in a database.

 Database Backups Exposure-breach against integrity

It’s a good practice to make backups of proprietary databases at defined periods of time.
However, surprisingly database back-up files are often left completely unprotected from attack.
As a result, there are numerous security breaches happening through database backup leaks.

 Denial of service attack-breach against availability

This type of attacks slows down a database server and can even make it unavailable to all users.
Despite the fact that a DoS attack doesn’t disclose the contents of a database, it may cost the
victims a lot of time and money. Moreover, what’s the use of a database if you can’t use or
access it.
  Lack of Security Expertise and Education-breach against integrity

Databases get breached and leaked due to insufficient level of IT security expertise and
education of non-technical employees who may break basic database security rules and put
databases at risk. IT security personnel may also lack the expertise required to implement
security controls, enforce policies, or conduct incident response processes.

d.

i. Cryptography-Cryptography includes a set of techniques for scrambling or disguising

data so that it is available only to someone who can restore the data to its original form.
In current computer systems, cryptography provides a strong, economical basis for
keeping data secret and for verifying data integrity.
ii. Hashing-Hashing is using a special cryptographic function to transform one set of data
into another of fixed length by using a mathematical process. In the context of security, it
is virtually impossible to reconstruct the input data from the output, even if the hash
function is known. With passwords, anytime you create an account that requires a
password, the password is run through a hash function and then stored in the digest. On
the next login attempt, the password that is input will run through the hash again and the
digest will be compared to the previous one to verify an exact match.
iii. Steganography-Steganography is the process of hiding a message, audio, image, or video
by embedding it into another image, audio, message, or video. It is employed to protect
secret data from malicious attacks.
iv. Access control-Access controls authenticate legitimate users and applications, limiting
what they can access in your database. Access includes designing and granting
appropriate user attributes and roles and limiting administrative privileges.
4.a

Database security metric is a standard of measurement that enables quantification of the degree
of safety of a database. It measures how likely a database system is to suffer damage from attack.

b.

A database metrics helps:

 To evaluate performance and protection of the database-for example performance metrics

are used to measure the behavior, activities, and performance of a database.This should
be in the form of data that measures required data within a range, allowing a basis to be
formed supporting the achievement of overall business goals.
 Monitor database security in a proactive measure-this is to prevent any security issues
that may occur in the future.This thus prevents loss of data and saves on resources which
would have been used if an attack was to occur.
 Contribute to the improvement of the existing database security practices-Metrics help
people in improving practices such as password authentication practices.They also help
educate on types of threats and staff needed for security.
 Help management monitor database security -The most significant database security
component is activity monitoring, or what are commonly called database activity
monitoring (DAM) platforms. because it is the best way to collect an accurate trail of
events for regulatory reporting and to provide data and data filtering options not available
with built-in database audit logs.
 Justify database related security budgets-database security is a critical issue for every
organization, and just how much companies spend on database security is becoming an
increasingly important topic. Without good metrics, security organizations cannot justify
their database security budgets.Metrics help educate on budget needs to decrease risk
based on management's threat tolerance.
c.

For a database metric to be effective and efficient the organization has to be able to:

 Fully comprehend the metrics-Defining a metric is similar to telling a joke – if you have
to spend too much time explaining it then it will not work. Employees need to understand
the metric, how they can influence it and what is expected of them.
 Gain management ,support and approval-The successful implementation of any new
metric requires the approval and interest of senior managers. They have to lead the
culture change from the top. Using a new set of metrics to measure performance is a
change that may well attract resistance from across the company, so high-level
endorsement and open communication is needed to get everyone on board.
 Understand the exact information required of all the metrics-It’s not unusual for
companies to set a metric, only to discover that either their processes or tools (or both)
cannot generate the data they need. It could mean some investment is required, but be
clear about how much the business will benefit from having the metric before spending
money. Metrics need to be reliable and give out the same answer no matter who
calculates it.
 Measure and share the results-It may seem a little obvious, but a large number of
companies go to the trouble of designing metrics and buying expensive tools, and then do
not actually do very much with the results. Usually it is because too many metrics have
been set. So keep it manageable – it is better to have five meaningful metrics that the
organization will use than 50 that it won’t.Use metrics to learn from others. Never
hesitate to contact another person in the company and ask how they are progressing.
 Conduct a regular review and update the metrics-When implementing metrics, don’t
forget that the organization will need to revise its metrics from time to time. The process
is needed because businesses evolve and changes will surface as time goes by. Make sure
the metrics still measure what they intended to measure. After all, if the metrics are out of
date, then what is the purpose of retaining them?
5.a

A security framework isa designed based on the core facets of database security mechanisms
(CIA) to help address the issues of confidentiality, integrity and authenticity as well as
availability of data.

 Confidentiality: means that the prevention of unauthorised disclosure of information.

That is the wrong people will not be able to get any sensitive information, and making
sure the authorized or right people can easily get it. Simply means prevention of
unauthorised disclosure of information .
 Integrity: This involves maintaining the data accuracy, consistency, and trustworthiness
throughout its life cycle. Therefore the steps must be taken to make sure that data is not
be altered or changed in transit by unauthorized parties. Likewise as results of non human
cause such as server crash, means of detection need to be in place to detect any alteration
or changes that occur, and a copy of backup must always be available for the effected
data to be restored in it correct state. Simply means prevention of unauthorised
modification of information.
 Availability: meaning that the ability of the system to make it assets accessible to only
authorized users and in a timely manner as determined by the systems requirements.
Simply means prevention of unauthorised withholding of information or resources

b.

As the need for securing databases has also increased, database security frameworks help in
achieving the primary objectives of database security through Confidentiality, Integrity and
Availabiliy. The primary objectives of database security are to prevent unauthorized access to
data, prevent unauthorized tampering or modification of data, and to also ensure that, these data
remains available whenever needed.
c.

i.

COBIT is the framework for the governance of enterprise IT. COBIT (Control Objectives for
Information and Related Technology) helps organisations meet business challenges in the areas
of regulatory compliance, risk management and aligning IT strategy with organisational goals.

COBIT 5 is based on five principles that are essential for the effective management and
governance of enterprise IT:

Principle 1: Meeting stakeholder needs

Principle 2: Covering the enterprise end to end
Principle 3: Applying a single integrated framework
Principle 4: Enabling a holistic approach
Principle 5: Separating governance from management

These five principles enable an organisation to build a holistic framework for the governance and
management of IT that is built on seven ‘enablers’:

 People, policies and frameworks

 Processes
 Organisational structures
 Culture, ethics and behavior
 Information
 Services, infrastructure and applications
 People, skills and competencies

Together, the principles and enablers allow an organisation to align its IT investments with its
objectives to realise the value of those investments.
 ii. Project Quant is supposed to be a database security framework. At this stage it seems to
be a decent outline of security in general, although there doesn't appear to be much in
place that is particular to database security as a specialty.
Project Quant – an open model/method development project being done in conjunction
with Rich Mogull of Securosis with the goal of developing a cost model for patch
management response that accurately reflects the financial and resource costs associated
with the process of evaluating and deploying software updates (patch management).

The Quant project aims to:

 Help establish objective metrics for security

 Providing tools that are useful to customers

What is needed is a model that captures these and many other aspects of patch management
policies and operational realities that is also flexible enough to model small businesses as well as
very large corporations. Project Quant is an effort to get the ball rolling in that effort.
6.a

i. A computer security model is a scheme for specifying and enforcing security policies. A
security model may be founded upon a formal model of access rights, a model of
computation, a model of distributed computing, or no particular theoretical grounding at
all. A computer security model is implemented through a computer security policy.

ii. The primary purpose of a security model is to provide the necessary level of
understanding for a successful implementation of key security requirements.

b.

Access control is a security model that regulates who or what can view or use resources in a
computing environment. It is a fundamental concept in security that minimizes risk to the
business or organization.The purpose of access control must always be clear. It can be achieved
through the following :

Authentication

The client has to establish the identity of the server and the server has to establish the identity of
the client. This is done often by means of shared secrets (either a password/user-id combination,
or shared biographic and/or biometric data). It can also be achieved by a system of higher
authority which has previously established authentication. In client-server systems where data
(not necessarily the database) is distributed, the authentication may be acceptable from a peer
system.
Authorisation

Authorisation relates to the permissions granted to an authorised user to carry out particular
transactions, and hence to change the state of the database (writeitem transactions) and/or receive
data from the database (read-item transactions). The result of authorisation, which needs to be on
a transactional basis, is a vector: Authorisation (item, auth-id, operation). A vector is a sequence
of data values at a known location in the system.How this is put into effect is down to the DBMS
functionality. At a logical level, the system structure needs an authorisation server, which needs
to co-operate with an auditing server. There is an issue of server-to-server security and a problem
with amplification as the authorisation is transmitted from system to system. Amplification here
means that the security issues become larger as a larger number of DBMS servers are involved in
the transaction.

Access philosophies and management

Discretionary control is where specific privileges are assigned on the basis of specific assets,
which authorised users are allowed to use in a particular way.The security DBMS has to
construct an access matrix including objects like relations, records, views and operations for each
user - each entry separating create, read, insert and update privileges. This matrix becomes very
intricate as authorisations will vary from object to object.

Mandatory control is authorisation by level or role. A typical mandatory scheme is the four-level
government classification of open, secret, most secret and top secret. The related concept is to
apply security controls not to individuals but to roles - so the pay clerk has privileges because of
the job role and not because of personal factors.
c.

i. Security Model Based on Database Roles

This model depend on the application to authentication the application users by maintain
all end users in a table with their encryption password. In this model, each end user is
assigned a database role, which has specific database privilege for accessing application
table. The user can access whatever privileges are assigned to the role. In this model,
proxy user is needed to activate assigned roles. All roles are assigned to the proxy user.
There are application_ users and application_ user roles.
APPLICATION_USERS: This is used to store and maintain all end users of the
application with their encrypted passwords.
APLLICATION_USERS_ROLES: Contains all roles defined by application and for
each role that privilege is assigned; privilege can be read, write, read/write.

Example
Implementing in Oracle :
Creating a proxy user called APP_PROXY that will be assigned to all application role
and will work on behalf of the application user APP_USER to gain access to all tables
owned by the application owner called APP_OWNER.
ii. Security Model Based on Application Roles
The concept of an application role security model are similar to the concept of database
role security model in that they are both methods for organizing and administrating
privileges. Application roles are typically mapped specifically to real business roles.

It has application_ users and application_ roles.

APPLICATION_USERS: This is used to store and maintain all end users of the
application with their encrypted passwords.

APPLICATION_ROLES :All roles defined by the application and for each role a
privilege are assigned. The privilege can be read, write, or read/write.
The security model that is based on application roles depends on the application to
authenticate the application users. Authentication is accomplished by maintaining all end
users in a table with their encrypted password.In this model, each end user is assigned an
application role, and the application role is provided with application privileges to
read/write specific modules of the application.
Privileges are limited to any combination of the following:
read add , delete ,update ,admin.
This model isolates the application security from the database, which make
implementation of database independent. Only one role is assigned to an application user.
Maintenance of the application security does not require specific database privilege. This
lowers the risk of database violation.

Example
This model does not allow the flexibility required to make changes necessary for security.
For example a user called Scott who has a clerk role, and the clerk has privileges to read,
add, and modify. This means that Scott can perform these operations on all modules of
the application.
 7.
a.
Database security architecture can be defined as the overall design of the acceptable
database security mechanism by use of a database security strategy to ensure a secure
database management system(DBMS).
b.
i. Trusted subject architecture-it assumes a trusted Database Management system
(DBMS) and a trusted Operating system.It is used in many DBMS's such as sybase
and informix.

The trusted subject architecture

High user Low user

Untrusted front Untrusted front

end end

Trusted DBMS

Trusted OS

Database
 ii. Woods hole architectures-It assumes the Operating system is trusted but the DBMS is
untrusted.

The woods hole architecture

High user Low user

Untrusted front Untrusted front

end end

Trusted front end

Untrusted DBMS

Database
 iii. It has three variants:
Intergrity lock architecture, kernelized architecture and replicated architecture

Integrity lock architecture

High user Low user

Untrusted front end Untrusted front end

Trusted filter

Cryptographic unit

Append stamp Check stamp

query store response

Untrusted DBMS

Database
Kernelized architecture

High user Low user

Trusted front end Trusted front end

High DBMS Low DBMS

Trusted OS

Database
Replicated architecture

High user Low user

Trusted front end

Trusted front end

High DBMS Low DBMS

Database high and Database low data

low data