Security Technical Implementation Guide, States That Database Security Should Provide
Security Technical Implementation Guide, States That Database Security Should Provide
Database technologies are a core component of many computing systems. They allow data to be
retained and shared electronically and the amount of data contained in these systems continues to
grow at an exponential rate. So does the need to insure the integrity of the data and secure the
data from unintended access.
Given the increasing number of beaches to database systems, there is a corresponding need to
increase awareness of how to properly protect and monitor database systems.
1
GOALS OF DATABASE SECURITY
1) Database integrity ensures that data entered into the database is accurate, valid, and
consistent. Any applicable integrity constraints and data validation rules must be satisfied
before permitting a change to the database.
Entity integrity, allowing no two rows to have the same identity within a table.
Domain integrity, restricting data to predefined data types, e.g.: dates.
Referential integrity, requiring the existence of a related row in another table, e.g. a
customer for a given customer ID.
2) Data Availability ensures that the data is available to the authorized users and
application programs only.
2
COUNTERMEASURES FOR DATABASE SECURITY
The following are the computer based controls for database security:
Authorization
Views
Backup and Recovery
Integrity
Encryption
RAID Technology
AUTHORIZATION
The primary method used to protect data is limiting access to the data. This can be done through
authentication, authorization, and access control. These three mechanisms are distinctly different
but usually used in combination with a focus on access control for granularity in assigning rights
to specific objects and users. For instance, most database systems use some form of
authentication, such as username and password, to restrict access to the system. Further, most
users are authorized or assigned defined privileges to specific resources. Access control further
refines the process by assigning rights and privileges to specific data objects and data sets.
Within a database, these objects usually include tables, views, rows, and columns.
The process of authorization involves authenticating the user requesting access to objects. The
granting of a privilege that enables a user to have a legitimate access to a system. They are
sometimes referred as access controls.
Limiting access to database objects can be demonstrated through the Grant/Revoke access
control mechanism.
Access control is a core concept in security. Access control limits actions on objects to specific
users. In database security, objects pertain to data objects such as tables and columns as well as
SQL objects such as views and stored procedures. Data actions include read (select), insert,
update, and delete or execute for stored procedures.
3
GRANT privilege_name
ON object_name
TO role_name;
Privilege_name identifies the rights to be granted. These include such rights as selecting data,
modifying data, or manipulating the database structure. ON identifies the database objects and
TO identifies the roles to which those privileges are applied. For instance, if Dr. Smith was
assigned the role of Faculty and Faculty were given read rights to the Student table, the RBAC
rule would be:
GRANT Select
ON Student_Table
TO Faculty;
The challenge is the management of users and their associated roles (Jaquith, 2007). Entitlement
management includes not only identifying appropriate roles and their respective rights but
continuous management of granted entitlements. The general security rule is to assign the most
restrictive set of privileges required to complete authorized tasks.
AUTHENTICATION
It is the act of establishing or confirming something (or someone) as authentic, that is, that
claims made by or about the subject are true. This might involve confirming the identity of a
person, tracing the origins of an artifact, ensuring that a product is what its packaging and
labeling claims to be, or assuring that a computer program is a trusted one.
It is mechanism that determines whether a user is who he/she claim to be. A system
administrator is responsible for allowing users to have access to the system by creating
individual user accounts.
Closed Systems
Some DBMS requires authorization for authorized DBMS users to access specific objects.
Open Systems
It allows users to have complete access to all objects within the database.
A DBMS may permit both individual user identifiers and group identifiers to be created.
Certain privileges may be associated with specific identifiers, which indicate what kind of
privilege is allowed with certain with certain database objects.
Each privileges has a binary value associated with it. The binary values are summed and the total
value indicates what privileges are allowed for a specific user or group with a particular object.
4
The following tables show an example:
VIEWS
5
A view is a virtual relation that does not actually exist in the database, but is produced upon
request by a particular user, at the time of request.
It is the dynamic result of one or more relational operations operating on the base relations to
produce another relation.
Controlling access to database tables or columns is frequently required and can be enacted by
simply granting privileges to one of these objects. Restricting access to data contained in
individual records (rows) requires additional steps. For instance, a student should only be able to
view or modify the row or rows of data that correspond specifically to him or her. However,
implementation of row level security cannot be done in the same manner as access control is
applied to database objects such as tables. This is because the selection of a row is based on the
evaluation of specific data values. Therefore, a common way to implement row level security is
through the use of SQL Views. A View can be constructed that executes a select statement which
returns specified rows of data evaluated against a specific value, such as the current user. For
instance, the following SQL view would return only the row of data in which the value of the
AttributeName column matched the user’s id:
Example:
Row level security, although difficult to implement, is an important database security concept. It allows
for the restriction of access to data in tables in which data related to many different users is stored.
The view mechanism provides a powerful and flexible security mechanism by hiding parts of the
database from certain users.
The user is not aware of the existence of any attributes or rows that are missing from the view.
6
A backup or the process of backing up refers to making copies of data so that these additional
copies may be used to restore the original after a data loss event. It is the process of periodically
taking a copy of the database and log file on to offline storage media.
Since a backup system contains at least one copy of all data worth saving, the data storage
requirements are considerable. Organizing this storage space and managing the backup process is
a complicated undertaking. A data repository model can be used to provide structure to the
storage. In the modern era of computing there are many different types of data storage devices
that are useful for making backups. There are also many different ways in which these devices
can be arranged to provide geographic redundancy, data security, and portability.
DBMS should provide backup facilities to assist with the recovery of a database failure.
ENCRYPTION
Each user generates a pair of keys: a public key and a private key for encryption and
decryption of messages.
Public key and private key are interchangeable: a message encrypted using one key can
be decrypted by the other key.
The public key of the pair is made public for others to use, whereas the private key is
kept by the owner.
Since the keys are generated by using exponentiation and modulo functions, it is hard to
crack them.
If a sender wishes to send a private message to a receiver, the sender encrypts the
message using the receiver’s public key.
When the receiver receives the message, he or she decrypts it using the receiver’s private
key. No other recipient can decrypt the message because only the receiver knows his or
her private key.
Digital Signatures:
7
Like a handwritten signature, a digital signature is a means of associating a mark unique
to a person with a body of text.
The message sender generates the digital signature by hashing the message.
The sender encrypts the digital signature using his/her private key first, and then encrypts
it using the public key of the receiver.
The receiver decrypts the digital signature using his/her private key first, and then
decrypts it using the public key of the sender.
To validate the message itself, the receiver hashes the message and compare the hash
value with the decrypted digital signature.
A buyer encrypts the non-credit card information using the public key of the seller,
and encrypts the credit card information using the public key of the credit card
company. Then, both are sent to the seller.
The seller decrypts the non-credit card information using his/her private key, and
forwards the credit card information (which he/she cannot decrypt) to the credit card
company.
The credit card company decrypts the card information using its private key. If the
credit card company approves the card information, the transaction goes through.
There will be degradation in performance because of the time taken to decode it.
RAID
Redundant Array of Independent Disks
8
It is a technology that provides increased storage functions and reliability through redundancy.
This is achieved by combining multiple disk drive components into a logical unit, where data is
distributed across the drives in one of several ways called "RAID levels".
Through the use of redundancy, most RAID levels provide protection for the data stored on the
array. This means that the data on the array can withstand even the complete failure of one hard
disk (or sometimes more) without any data loss, and without requiring any data to be restored
from backup. This security feature is a key benefit of RAID and probably the aspect that drives
the creation of more RAID arrays than any other.
RAID works on having a large disk array comprising an arrangement of several independent
disks that are organized to improve reliability and at the same time increase performance.
RAID Levels:
RAID 0:
An idealized implementation of RAID 0 would split I/O operations into equal-sized blocks and
spread them evenly across two disks. RAID 0 implementations with more than two disks are also
possible, though the group reliability decreases with member size.
RAID 1:
In this (mirroring without parity or striping), data is written identically to multiple disks (a
"mirrored set"). Although many implementations create sets of 2 disks, sets may contain 3 or
more disks. Array provides fault tolerance from disk errors or failures and continues to operate as
long as at least one drive in the mirrored set is functioning.
In RAID 2 (bit-level striping with dedicated Hamming-code parity), all disk spindle rotation is
synchronized, and data is striped such that each sequential bit is on a different disk. Hamming-
code parity is calculated across corresponding bits on disks and stored on one or more parity
disks. Extremely high data transfer rates are possible.
In RAID 3 (byte-level striping with dedicated parity), all disk spindle rotation is synchronized,
and data is striped such that each sequential byte is on a different disk. Parity is calculated across
corresponding bytes on disks and stored on a dedicated parity disk. Very high data transfer rates
are possible.
RAID 4 (block-level striping with dedicated parity) is identical to RAID 5 (see below), but
confines all parity data to a single disk, which can create a performance bottleneck. In this setup,
files can be distributed between multiple disks. Each disk operates independently which allows
I/O requests to be performed in parallel, though data transfer speeds can suffer due to the type of
parity. The error detection is achieved through dedicated parity and is stored in a separate, single
disk unit.
RAID 5 (block-level striping with distributed parity) distributes parity along with the data and
requires all drives but one to be present to operate; drive failure requires replacement, but the
array is not destroyed by a single drive failure. Upon drive failure, any subsequent reads can be
calculated from the distributed parity such that the drive failure is masked from the end user. The
array will have data loss in the event of a second drive failure and is vulnerable until the data that
9
was on the failed drive is rebuilt onto a replacement drive. A single drive failure in the set will
result in reduced performance of the entire set until the failed drive has been replaced and rebuilt.
RAID 6 (block-level striping with double distributed parity) provides fault tolerance from two
drive failures; array continues to operate with up to two failed drives. This makes larger RAID
groups more practical, especially for high-availability systems. This becomes increasingly
important as large-capacity drives lengthen the time needed to recover from the failure of a
single drive. Single-parity RAID levels are as vulnerable to data loss as a RAID 0 array until the
failed drive is replaced and its data rebuilt; the larger the drive, the longer the rebuild will take.
Double parity gives time to rebuild the array without the data being at risk if a single additional
drive fails before the rebuild is complete.
CONCLUSION
10
The need to secure computer systems is well understood and securing data must be part of an
overall computer security plan. Growing amounts of sensitive data are being retained in
databases and more of these databases are being made accessible via the Internet. As more data
is made available electronically, it can be assumed that threats and vulnerabilities to the integrity
of that data will increase as well. Database security is becoming an increasingly important topic
and there is a need to develop core understandings in this area. The primary objectives of
database security are to prevent unauthorized access to data, prevent unauthorized tampering or
modification of data, and to insure that data remains available when needed.
REFERENCES
11
1) Database security—concepts, approaches, and challenges. IEEE Transactions on
Dependable and Secure Computing.
2) http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
3) http://www.pcguide.com
4) http://www.wikipedia.com
12