Database Security

Goal of Database Security

The protection of data against threats such
as accidental or intentional loss, misuse or
destruction.

Who is responsible for the overall security of the

database system?
The database administrator (DBA)
Therefore, the DBA of an organization must
identify the most serious threats and enforce
security to take appropriate control actions to
minimize these threats.
To ensure a secure database , all parts of
the system must be secured including
database, the hardware, the operating
system, the network, the users and even
the building and housing the computer
systems.
Threats to Database Security

Loss of availability
Loss of data integrity
Loss of confidentiality or secrecy
Loss of privacy
Theft and fraud
Accidental losses
 Types of Database Security Issues

Legal and ethical issues

System-related issues

Organization-based issues

Policy-based issues
Authorization and Authentication

Authorization
 It is the process of a granting of right or
privilege to the user(s) to have a legal access
to a system or objects ( database table) of the
system.
 Authentication
 It is a mechanism that determines whether a
user is who he or she claim to be. (It checks
whether a user operating upon the database
is, in fact, allowed to do so)
 It verifies the identity of a person (user) or a
program connecting to a database.

Authorization and authentication controls

are built into the software.
 Two types of access control
(authorization control)

Discretionary access control

Mandatory access control

 Discretionary access control
(Security Scheme)
It is based on the concept of access rights
and mechanism for giving users such
privileges.
It grants the privileges to users on different
objects, including the capability to access
specific data files, records or fields in a
specified mode, such as read, insert,
delete or update or combination of these.
 Granting/ Revoking Privileges
Granting and revoking privileges to the
users is the responsibility of database
administrator (DBA) of the DBMS.

DBA classifies users and data in

accordance with the policy of the
organization.
DBA performs following actions:
Account creation

Privilege granting

Privilege revocation

Security level assignment

 Account Level Privilege
Assignment
DBA specifies the particular privileges that
each account holds independently of the
relations in the database.
 Account Level Privilege
Assignment
CREATE SCHEMA privilege
CREATE TABLE
CREATE VIEW
ALTER
DROP
MODIFY
SELECT
Relation or Table Level Privilege
Assignment
DBA controls the privilege to access each
individual relation or view in the database.
 SELECT on relation
 MODIFY on relation - to modify tuples of
relation
 REFERENCES on relation – to reference
relationship
 SQL Syntax for GRANT
command
GRANT { ALL | privilege list }
ON { table-name [ column-comma-list ]
| view-name [ ( column-comma-list ] }
TO
{ PUBLIC | user-list }
[WITH GRANT OPTION]

or
 SQL Syntax continue…
GRANT { ALL | privilege list [(COLUMN-
COMMA-LIST) ] }
ON { table-name | view-name }
TO
{ PUBLIC | user-list }
[WITH GRANT OPTION]
 Meaning of various clauses:
ALL  All the privileges for the object for
which the user issuing the GRANT has grant
authority, is granted.

Privilege-list  Only the listed privileges are

granted.

ON  It specifies the object on which the

privileges are granted. It can be a table or a
view.
 Meaning of various clauses:
continue….
Column-comma list  The privileges are
restricted to the specified columns. If this is
not specified, the grant is given for the entire
table/view.
TO  It is used to identify the users to
whom the privileges are granted.
PUBLIC  It means that the privileges are
granted to all known users of the system
who has valid USER ID and password.
 Meaning of various clauses:
continue….
User-list  The privileges will be granted to
the user(s) specified in the list.

WITH GRANT OPTION  It means that the

recipient has the authority to grant the
privileges that were granted to him to
another user.
 E.g. GRANT ALL ON emp TO satish
 SQL Syntax for REVOKE
command
REVOKE { ALL | privilege-list }
ON { table-name [ (column-comma-list) ]
| view-name [ (column-comma-list ) ] }
FROM
{ PUBLIC | user-list }

or
 SQL Syntax for REVOKE
command
REVOKE { ALL | privilege-list [ (column-
comma-list) ] }
ON { table-name | view-name }
FROM
{ PUBLIC | user-list }
 Meaning of various clauses:
ALL  All the privileges for the object
specified are revoked.

Privilege-list  Only the listed privileges are

revoked.

ON  It specifies the object from which the

privileges are removed. It can be a table or
a view.
 Meaning of various clauses:
continue….
Column-comma list  The privileges are
restricted to the specified columns. If this is
not specified, the revoke is given for the
entire table/view.
TO  It is used to identify the users from
whom the privileges are removed.

PUBLIC  It means that the privileges are

revoked from all known users of the system
 Meaning of various clauses:
continue….
User-list  The privileges will be taken
away from the user(s) specified in the list.

 E.g. REVOKE ALL ON emp FROM satish

 Audit Trails
 An audit trail is essentially a special file or
database in which the system automatically
keeps track of all operations performed by
users on the regular data.

 It is a log of all changes ( e.g. updates,

deletes, insert s) to the database along with
which user performed the changes and when
the change was performed.
 A typical audit trail entry might
contain the information as shown:
1. Request (source text)
2. Terminal from which the operation was
invoked.
3. User who evoked the operation.
4. Date and time of the operation.
5. Tuples, attributes affected
6. Old values
7. New values.
 Mandatory access control
 It is based on system-wide policies that cannot
be changed by individual users.
 It is used to enforce multi-level security by
classifying the data and users into various
security classes or levels and then implementing
the appropriate security policy of the
organization.
 With mandatory access control, security policy is
centrally controlled by a security policy
administrator; users do not have the ability to
override the policy
Oracle Label Security
 The Bel-LaPadula model
The commonly used mandatory access
control technique for multi-level security is
known as the Bel-LaPadula model.

The Bel-LaPadula model is described in

terms of
 subjects (e.g. users, accounts, programs,
 objects (e.g. relations , tuples, columns, views,
operations)
 The Bel-LaPadula model
The Bel-LaPadula model is described in
terms of
 subjects (e.g. users, accounts, programs,
 objects (e.g. relations , tuples, columns,
views, operations)
 Security classes (e.g. Top Secret(TS),
Secret(S), Confidential (C) and unclassified
(U).
 clearances.
 The Bel-LaPadula model
The security classes in a system are
organized according to a particular order,
with most secure class and a least secure
class.
 The Bel-LaPadula model
This model enforces two restrictions on data
access based on the subject/object
classifications:
 Simple security property :
In this case, the subject S is not allowed read acces to an
object O unless classification of subject S is greater than
or equal to classification of an object O.
i.e. class(S) >= class(O)
 Star security property:
In this case, a subject S is not allowed to write an object
O unless classification of subject S is less than or equal to
classification of an object O.
i.e. class(S) <= class(O)
 Firewall
A firewall is a system designed to prevent
unauthorized access to or from a private
network.
Firewall can be implemented in both
hardware and software, or a combination of
both.
They are used to prevent unauthorized
Internet users from accessing private
networks connected to the Internet,
especially Intranets.
 Firewall techniques:
Packet Filter : Packet filter looks at each
packet entering or leaving the network and
accepts or rejects it based on user-defined
rules.
Application Gateway : In an application
gateway, security mechanism is applied to
specific applications, such as File Transfer
Protocol and Telnet Servers.
 Firewall techniques:
Circuit –level gateway : In circuit-level
gateway, security mechanisms are applied
when a Transport Control Protocol(TCP)
or User Datagram Protocol (UDP)
connection is established.
Proxy Server: Proxy server intercepts all
messages entering and leaving the
network. The Proxy server in effect hides
the true network addresses.
 Statistical Database Security
Statistical Database Security system is used
to control the access to a statistical
database, which is used to provide
statistical information about individuals or
organizations, which is used to answer
statistical queries concerning sums,
averages, and numbers with certain
characteristics.
 Data Encryption
Data encryption is a method of coding of
data so that humans cannot read them.
In encryption method, data is encoded by a
special algorithm that renders the data
unreadable by any program or humans
without the decryption key.
Data encryption technique converts
readable text to unreadable text by use of
an algorithm.
 Encryption schemes used in
Database Security:
Simple substitution method

Polyalphabetic substitution method.