Computer Security

Section 5: Database Security

5. Database Security
6.1. Introduction

6.2. Security Requirements

6.3. Reliability and Integrity

6.4. Sensitive Data

6.5. Inference (Inference Problems)

6.6. Multilevel Databases

5.1. Introduction – DB
 Terms you know from database:
a) Database

b) Database management system (front end)

c) Records

d) Fields (elements)

e) Schema (logical design)

f) Subschema (user view)

g) Entity

h) Attributes

i) Relation

j) Queries (results in subschema)

Management Challenges
 Traditional data file environment

 Creating database environment

 Challenges exisiting structure — requires restructure

 Large initial costs, delayed benefits

 File Organization
 BIT: Binary Digit (0,1; Y,N; On, Off)
 BYTE:
Combination of BITS representing a CHARACTER
 FIELD:
Collection of BYTES representing a DATUM or Fact
 RECORD:
Collection of FIELDS reflecting a TRANSACTION
 FILE:
Collection of similar RECORDS
 DATABASE:
 Organization’s Electronic Library of FILES

 Organized to serve business applications

File Organization
 ENTITY:
Person, place, thing, event about which data must be kept

 ATTRIBUTE:
Description of a particular ENTITY

 KEY FIELD:
Field used to retrieve, update, sort RECORD
Problems With Traditional File Environment

 Data redundancy
 Program / data dependency
 Lack of flexibility
 Poor security
Flat File
 Lack of data sharing & availability
Database Management System (DBMS)
 Software to create & maintain data

 Enables business apps to extract data

 Independent of specific computer programs

Components of DBMSs
 DATA DEFINITION LANGUAGE:
 Defines data elements in database
 DATA MANIPULATION LANGUAGE:
 Manipulates data for applications
 DATA DICTIONARY:
 Formal definitions of all variables in database
 Controls variety of database contents
 Data elements
Structured Query Language (SQL)
 Emerging standard
 Data manipulation language
 For relational databases
Elements Of SQL
 SELECT:
List of columns from tables desired

 FROM:
IDs tables from which columns will be selected

 WHERE:
Includes conditions for selecting specific rows, conditions for
joining multiple tables
 Example:
SELECT (name, phone)
FROM employees_table
WHERE employer = ‘MWU’ and city =
‘Kalamazoo’
 Database Administration
 A person or a group of people

 Defines / organizes database structure and content

 Develops security procedures

 Develops database documentation

 Maintains DBMS
 E.g., software patches and updates
5.2. Security Requirements
 Security requirements for databases and DBMSs:

a. Physical database integrity requirements

 The data of a database are immune to physical problems, such as
power failures, floods, and someone can reconstruct the database if
it is destroyed through a catastrophe .

b. Logical database integrity requirements

 The structure of the database is preserved.
 With logical integrity of a database, a modification to the value of
one field does not affect other fields,

c. Element integrity requirements

 Accuracy of values of elements
5.2. Security Requirements (1)
 Security requirements for databases and DBMSs:

a. Auditability requirements
 Able to track who & what has accessed (read, wrote) the elements
in the database

b. Access control requirements

 Restricts DB access (read, write) to legitinmate users

c. User authentication requirements

 Only authorized users can access DB

d. Availability requirements
 DB info available to all authorized users
Confidentiality / Integrity / Availability
 Requirements can be rephrased / sumarized as follows:
 Data must be trusted

 DBMS designed to manage trust

 DBMS must reconstruct reality

 Data must be accurate

 Field checks

 Access control (CRUD)

 CRUD = Create, Read, Update, and Delete

 Change log
 Trade-offs
 Audit vs. performance

 Access vs. performance

 Self-authentication
 High availability
5.3. Reliability and Integrity
 Reliable software runs long time without failures
 Reliable DBMS preserves:
DB Integrity / Element Integrity / Element Accuracy
Database integrity: the database as a whole is protected against
damage, as from the failure of a disk drive or the corruption of the master
database index.
 These concerns are addressed by operating system integrity controls
and recovery procedures.

Element integrity: the value of a specific data element is written or

changed only by authorized users.
 Proper access controls protect a database from corruption by
unauthorized users.
5.3. Reliability and Integrity
 Reliable software runs long time without failures
 Reliable DBMS preserves:
DB Integrity / Element Integrity / Element Accuracy
Element accuracy: only correct values are written into the elements of
a database.
 Checks on the values of elements can help prevent insertion of
improper values.
 constraint conditions can detect incorrect values .
5.3. Reliability and Integrity
 Basic protection features provided by OS underlying DBMS
a) File back ups
b) Access controls
c) Integrity checks
 DBMS needs more CIA controls
a) Two-phase commit protocols for updates
b) Redundancy/internal consistency controls
c) DB recovery
d) Concurrency/consistency control
e) Monitors to enforce DB constraints
 Range, state, transition constraints
5.4. Sensitive Data
 Sensitive data are data that should not be made public
 Several factors can make data sensitive
o Inherently sensitive. The value itself may be so revealing that
it is sensitive.
 Examples are the locations of defensive missiles or the median
income of barbers in a town with only one barber.
o From a sensitive source. The source of the data may indicate
a need for confidentiality.
 An example is information from an informer whose identity would
be compromised if the information were disclosed.
5.4. Sensitive Data (1)
 Sensitive data are data that should not be made public
 Several factors can make data sensitive
o Declared sensitive. The database administrator or the owner
of the data may have declared the data to be sensitive.
 Examples are classified military data or the name of the anonymous
donor of a piece of art.
o Part of a sensitive attribute or a sensitive record.
 In a database, entire attribute or record may be classified as

sensitive.
 Examples are the salary attribute of a personnel database or a record
describing a secret space mission.
5.4. Sensitive Data (2)
 Sensitive data are data that should not be made public
 Several factors can make data sensitive
o Sensitive in relation to previously disclosed information.
 Some data become sensitive in the presence of other data.
 For example, the longitude coordinate of a secret gold mine reveals
little, but the longitude coordinate in conjunction with the latitude
coordinate pinpoints the mine.
5.5. Inference (Inference Problems)
 Inference attack - inferring sensitive data from non-sensitive data
 Types of inference attacks:
1) Direct attack
 Infer senstive data from results of queries run by attacker
2) Indirect attack
 Infer sens. info from statistics (Sum, Count, Median) also
from info external to the attacked DB
 Tracker attacks (intersection of sets)
 Linear system vulnerability
 Use algebra of multiple equations to infer
 Inference Controls
1) Query controls — applied to queries
 Primarily against direct attacks
 Query analysis to prevent inferences
 Query inventory (history) per person

2) Data item controls —applied to individual DB items

 Useful for indirect attacks
 Two types:

a) Suppression — data not provided to querying user

b) Concealing — close answers, not exact given to

querying user
 5.6. Multilevel Databases
 Multilevel databases - store data with different sensitivity levels
(e.g.: public, confidential, secret, top_secret)

 Problems
 Polyinstantiation – multiple (“poly”) instantiations of a record,
each at a different security level
 Example:
 [John, Kalamazoo-MI] -- Public level
 [John, 19_Main_Ave-Kalamazoo-MI] -- Confidential level
 [John, 19_Main_Ave-Kalamazoo-MI, …, SSN=123-45-6789] --
Top_Secret level
Multilevel Security - Separation Mechanisms
1) Partitioning
 Redundancy

 Accuracy (multiple field update)

2) Encryption per level

 Cumbersome decrypting with queries

3) Integrity lock
 Data item

 Sensitivity level

 Checksum

 Cryptographic checksums- error-detecting code

4) Sensitivity lock
 Unique identifier

 Sensitivity level
 Revision Questions of DB

1) What is physical view & logical views of data?

2) Discuss conceptual database design and physical database

design?

3) What is E-R diagram?

4) What is normalization?