0% found this document useful (0 votes)

65 views32 pages

Introduction To Database Security: Chapter Objectives

Uploaded by

Thứ Ba Tiếng Anh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

65 views32 pages

Introduction To Database Security: Chapter Objectives

Uploaded by

Thứ Ba Tiếng Anh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 32

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

8
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

Introduction to
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC

OT FOR SALE OR DISTRIBUTION
Database Security © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
TABLE OF CONTENTS CHAPTER OBJECTIVES

8.1 & Issues

© Jones in Database
Bartlett Security LLC
Learning, © JonesIn&thisBartlett
chapter you will learn the
Learning, LLC
following:
NOT8.2 Fundamentals
FOR SALE of Access Control
OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.3 Database Access Control ❯ The meaning of database
8.4 Using Views for Access Control security
8.5 Security Logs and Audit Trails ❯ How security protects privacy
8.6Learning,
Encryption
and confidentiality
Jones & Bartlett LLC © Jones & Bartlett Learning, LLC
❯ Examples of accidental or
OT FOR SALE OR8.7 DISTRIBUTION
SQL Data Control Language NOT FOR SALE OR DISTRIBUTION
deliberate threats to security
8.8 Security in Oracle
8.9 Statistical Database Security
❯ Some database security
measures
8.10 SQL Injection
❯ The meaning of user
8.11 © Jones
Database Security&and
Bartlett Learning,
LLC
the Internet © Jones & Bartlett
Learning,
authentication
8.12 NOT FOR
Chapter Summary SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
❯ The meaning of authorization
Exercises
❯ How access control can be
represented
© Jones & Bartlett Learning, LLC © Jones❯ &How the viewLearning,
Bartlett functions as aLLC
NOT FOR SALE OR DISTRIBUTION security device
NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 361 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
362 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

❯ The purpose ofNOT
the FOR
8.1 Issues in Database Security
SALE OR DISTRIBUTION
security log and audit trail
NOT FOR SALE OR DISTRIBU

❯ How and why data Database security involves protecting the database from unauthorized
access, modification, or destruction. Since the database represents an essential
encryption is performed
corporate resource, database security is an important subcomponent of
© Jones
❯ How & Bartlett
to protect Learning,
databases LLC © Jones & Bartlett Learning, LLC
against SQLSALE any organization’s overall information systems security plan. In addition
injectionOR DISTRIBUTION
NOT FOR NOT FOR SALE OR DISTRIBUTION
to the need to preserve and protect data for the smooth functioning of the
❯ How security is enforced
organization, database designers have a responsibility to protect the privacy
in some systems
of individuals about whom data is kept. Privacy is the right of individuals to
❯ How Internet security is
have some control over information about themselves. Many countries have
implemented
Jones & Bartlett Learning, LLC © Jones
laws designed to protect & every
privacy, and Bartlett Learning,
organization LLC
that collects and stores
OT FOR SALE OR DISTRIBUTION information about individuals NOT FOR SALE
is legally OR
obliged to DISTRIBUTION
adopt policies that conform
to local privacy legislation. The database design should reflect the organization’s
commitment to the protection of individual privacy rights by including only
those items that the organization has a right to know and keeping them secure.
The security of information typically follows the CIA model, where CIA
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
stands for confidentiality, integrity, and availability. Confidentiality requires
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
that only authorized users have access to information in order to preserve the
privacy of individuals, business intellectual property, and national security
efforts. With the growth of social media and online business due to the Internet,
maintaining confidentiality involves using appropriate encryption techniques
© Jones & Bartlett Learning, as well LLC © Jones
as user authorization, identification, & Bartlettprocedures.
and authentication Learning, LLC
NOT FOR SALE OR DISTRIBUTION Integrity requires that only authorizedNOT FOR
users be SALE
allowed OR data,
to modify DISTRIBUTION
thus
maintaining data consistency and trustworthiness. If data is incorrect, it is no
longer useful. Incorrect data can also be harmful to individuals (such as wrong
data on a credit report) and organizations (such as invalid financial reports).
Availability requires that information be accessible by authorized users when
Jones & Bartlett Learning, LLC © Jones
needed. Security attacks against an&organization
Bartlett can Learning, LLC
cause business services to
OT FOR SALE OR DISTRIBUTION become unavailable,NOT FOR SALE OR DISTRIBUTION
leading to violations of service level agreements that are
critical to business operations.
Some of the laws and standards requiring controls on access, disclosure,
and modification of sensitive data are:
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
❯ The Federal Information Security Management Act (FISMA).
NOT FOR SALE FISMA
OR DISTRIBUTION NOT
requires federal agencies in the United States FOR SALE
to develop and OR DISTRIBU
implement an agency-wide information security plan in support of
federal operations.
❯ The European General Data Protection Regulation (GDPR).
© Jones & Bartlett Learning, Th
LLC © Jonesregulations
e GDPR establishes data protection & Bartlett Learning,
for all foreign LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR
companies that process data of European Union residents. DISTRIBUTION

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 362 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.1 Issues in Database Security 363

❯ The © Jones
U.S. Health&Insurance
BartlettPortability
Learning, andLLCAccountability Act © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
(HIPAA). HIPAA defines requirements for health care organizations NOT FOR SALE OR DISTRIBU
for maintaining security and privacy of patient data.
❯ The U.S. Sarbanes-Oxley (SOX) Act. SOX defines strict regulations
for financial reporting activities of publically traded companies.
© Jones❯ &
ThBartlett Learning, LLC
e U.S. Gramm-Leach-Bliley Act (GLBA). GLBA establishes© Jones
pro- & Bartlett Learning, LLC
NOT FORvisions
SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
to ensure the protection of consumers’ financial information.
❯ The Worldwide Payment Card Industry Data Security Standard
(PCI DSS). PCI DSS defines a framework for secure processing of
consumer credit card information.
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
Violation of these practices and regulations can lead to fraud, financial
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
losses, and severe penalties.
Security threats are events or situations that could harm the system by
compromising privacy or confidentiality, or by damaging the database itself. A
vulnerability is a weakness in a system, such as inappropriate access control or
loopholes in© Jones
firewall & Bartlett
protection, Learning,
that allows a threat to LLC
occur. Security threats © Jones & Bartlett Learning,
NOT
can occur either FOR SALE
accidentally OR DISTRIBUTION
or deliberately . Putting a database security plan NOT FOR SALE OR DISTRIBU
in place should include a risk assessment process that identifies threats and
vulnerabilities and establishes appropriate controls in the context of the CIA
model.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT8.1.1 Accidental
FOR SALE Security Threats
OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
Some examples of accidental security violations are the following:

The user may unintentionally request an object or an operation for

❯
which he or she should not be authorized, and the request could
Jones & Bartlett Learning,
be grantedLLC © Jones &procedures
because of an oversight in authorization BartlettorLearning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
because of an error in the database management system or operating
system.
❯ A person may accidentally be sent a message that should be directed
to another user, resulting in unauthorized disclosure of database
© Jones & Bartlett Learning, LLC
contents. © Jones & Bartlett Learning,
❯ NOT FOR SALE
A communications OR DISTRIBUTION
system error might connect a user to a session NOT FOR SALE OR DISTRIBU
that belongs to another user with different access privileges.
The operating system might accidentally overwrite files and destroy
❯
part of the database, fetch the wrong files, and then inadvertently
© Jones &send
Bartlett
them toLearning,
the user, or itLLC © Jones
might fail to erase files that should be & Bartlett Learning, LLC
NOT FORdestroyed.
SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 363 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
364 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

8.1.2 Deliberate Security ThreatsNOT FOR SALE OR DISTRIBU
NOT FOR SALE OR DISTRIBUTION
Deliberate security violations occur when a user intentionally gains
unauthorized access and/or performs unauthorized operations on the
database. A disgruntled employee who is familiar with the organization’s
computer system poses a tremendous threat to security. Industrial spies
© Jones & Bartlett Learning,
seekingLLC © Jones
information for competitors also & Bartlett
threaten security. Learning,
Privileged users LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
such as DBAs who access end-user data that they should not be permitted
to see threaten security. There are many ways deliberate security breaches
can be accomplished, including:

❯ Wiretapping of communication lines to intercept messages to and

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
from the database
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
❯ Electronic eavesdropping, to pick up signals from workstations,
printers, or other devices within a building
Reading display screens and reading or copying printouts left
❯

© Jones & unsupervised

Bartlett Learning,by authorized
LLC users © Jones & Bartlett Learning,
Impersonating an
NOT FOR SALE OR DISTRIBUTION
❯ authorized user, or a user with greater access, by
NOT FOR SALE OR DISTRIBU
using his or her log-in and password
Writing systems programs with illegal code to bypass the database
❯
management system and its authorization mechanism, and to access
© Jones & Bartlett Learning, database
LLC data directly through the operating&system
© Jones Bartlett Learning,
LLC
NOT FOR SALE OR DISTRIBUTION
❯ NOT
Writing applications programs with FOR
code SALE OR
that performs DISTRIBUTION
unauthorized
operations
❯ Deriving information about hidden data by clever querying of the
database
Jones & Bartlett Learning, LLC ❯ © Jones
Modifying database & Bartlett
queries throughLearning, LLCto gain
SQL injection
OT FOR SALE OR DISTRIBUTION unauthorizedNOT
accessFOR
to data
SALEor toOR
maliciously modify or delete
DISTRIBUTION
data
❯ Removing physical storage devices from the computer facility
❯ Making physical copies of stored files without going through
© Jones & Bartlett
the Learning, LLC system, thereby bypassing
database management © Jones & Bartlett Learning,
its security
NOT FOR SALE mechanisms
OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
❯ Bribing, blackmailing, or otherwise influencing authorized users in
order to use them as agents in obtaining information or damaging
the database
© Jones & Bartlett Learning, LLC system privileges to grant
❯ Using © oneself
Jonesaccess
& Bartlett Learning,
to confidential user LLC
NOT FOR SALE OR DISTRIBUTION data NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 364 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.2 Fundamentals of Access Control 365

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

8.2 Fundamentals of
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

Access Control
In any organization, access control methods should be defined to restrict
© Jones & company
access to Bartlett Learning,
resources as well asLLC © control
employee and client data. Access Jones & Bartlett Learning, LLC
NOTisFOR SALE OR DISTRIBUTION NOT
a fundamental component in the support of confidentiality and integrity. FOR SALE OR DISTRIBUTION
Access control must be addressed in the context of physical security as well
as information system access control. To protect the information system, the
database administrator is responsible for the following major tasks:
Jones & Bartlett Learning, LLC
❯ Installing the ©and
database management system Jones & Bartlett
configuring it securelyLearning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
❯ Creating and securing user accounts and developing appropriate
access controls for users
❯ Developing and enforcing standards for applications programs that
access the database
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
❯ Encrypting
NOT sensitive data
FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
❯ Ensuring that network connections to the data are secure
❯ Establishing appropriate audit mechanisms for the database
❯ Protecting the database against intruders by identifying and guarding
© Jones & Bartlett
against Learning,
security threats and LLC
applying security controls and©security
Jones & Bartlett Learning, LLC
NOT FORupdates
SALEasOR DISTRIBUTION
needed NOT FOR SALE OR DISTRIBUTION

8.2.1 Physical Security

An access control plan should begin with physical security measures for
theLearning,
Jones & Bartlett building itself,
LLC with special precautions for the computer
© Jones facilities.Learning, LLC
& Bartlett
Designing a
OT FOR SALE OR DISTRIBUTION physically secure building is clearlyNOT FOR SALEofOR
outside the domain the DISTRIBUTION
database designer. However, the DBA or data administrator should be able
to suggest measures that would control access to database facilities. Often
these begin at the front door, where all employees must be identified visually
by guards or by using badges, handprints, sign-ins, or other mechanisms.
© Jones
Additional identifi cation& Bartlett
should Learning,
be required LLC
to enter the computer facilities. © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
Physical security measures should be extended to cover any location where NOT FOR SALE OR DISTRIBU
offline data, such as backups, are stored as well.

8.2.2 Information System Access Control

© Jones & Bartlett
Development Learning,
of information LLC
system access control is a process that©involves
Jones & Bartlett Learning, LLC
NOT authorization
FOR SALE OR cation
, identifi DISTRIBUTION
, authentication, and accountability. NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 365 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
366 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning,

Authorization LLC
requires defining who has access to ©
theJones & Bartlett
system and the Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE
specific data they are allowed to access. Most database management systems OR DISTRIBU
designed for multiple users have their own security subsystems. These
subsystems provide for user authorization, a method by which users are
assigned rights to use database objects. Most multiple-user systems have a
data control
© Jones & Bartlett Learning, LLC language, also called an © authorization
Jones & language
Bartlett, that is part
Learning, LLC
of
NOT FOR SALE OR DISTRIBUTIONthe data sublanguage. For example, SQL provides standard authorization
NOT FOR SALE OR DISTRIBUTION
commands to grant privileges to users, as discussed in Section 8.7. The
DBA uses the authorization language to specify users’ rights by means of
authorization rules, statements that specify which users have access to what
information, and what operations they are permitted to use on what data. The
Jones & Bartlett Learning, LLC authorization mechanism© Jones & Bartlett
is designed to protectLearning,
the database LLCby preventing
OT FOR SALE OR DISTRIBUTION individuals from unauthorized
NOT FOR SALE
reading, OR DISTRIBUTION
updating, or destruction of database
contents. These restrictions are added to the security mechanisms provided
by the operating system. However, in a surprisingly large number of cases,
database security subsystems are minimal or are not fully utilized. Recognizing
that data is aLearning,
© Jones & Bartlett valuable corporate
LLCresource, the designer should include available
© Jones & Bartlett Learning,
security mechanisms as an important factor in evaluating alternative database
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
management systems, and should develop effective security policies utilizing
whatever controls are available with the chosen system.
Identification refers to the way in which users are identified. A user
ID is a common form of identification. In addition to a computer system
© Jones & Bartlett Learning,
user ID,LLCusers may also have a specifi© JonesID,
c database & which
BartlettformsLearning,
the basis LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR
for defining access rules using the database SALEsublanguage.
authorization OR DISTRIBUTION
In
conjunction with physical security, users may have other forms of identity,
such as smart cards that are swiped through an electronic card reader to gain
access to parking lots, buildings, and rooms that house database facilities as
well as other general workspaces. Biometrics can provide a more secure form
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
of identification, especially in highly confidential applications. Biometrics
OT FOR SALE OR DISTRIBUTION can include fingerprints, NOT FOR SALE
handprints, OR DISTRIBUTION
face recognition, voice recognition, and
retina scans.
Authentication is the process of verifying the identity of a user—checking
to ensure that the actual user is who he or she claims to be. Authentication is
© Jones & Bartlett Learning,
initially implemented LLC
at the operating system level. When©the Jones & Bartlett
user signs on, Learning,
he or she
NOT FOR SALE ORenters a user ID, which is checked for validity. ThNOT
DISTRIBUTION e system
FORhas aSALE
user OR DISTRIBU
profile for that ID, giving information about the user. The profile normally
includes a password, which should be known only to the user. Passwords
should be kept secret and changed frequently. A simple security precaution
is for the system to require length and special character requirements for a
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
password and that passwords be changed frequently. The system should never
NOT FOR SALE OR DISTRIBUTION NOTprofi
display passwords at log-in, and the stored FOR SALE
les should be OR DISTRIBUTION
kept secure, in
encrypted form. Another security precaution is to lock a user out of an account

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 366 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.3 Database Access Control 367

after several© Jones

invalid log-in&attempts.
BartlettTheLearning,
lockout policyLLC
prevents hackers from © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
a brute-force attempt at guessing a user’s password. NOT FOR SALE OR DISTRIBU
Although passwords are the most widely used authentication method,
they are not very secure, since users sometimes write them down, choose
words that are easy to guess, or share them with others. In some organizations,
a multifactor
© Jones approach
& Bartlett to authentication
Learning, LLC is used, where users must©provide Jones & Bartlett Learning, LLC
two or more forms
NOT FOR SALE OR DISTRIBUTION of authentication. In the multifactor approach, NOTa user
FOR SALE OR DISTRIBUTION
might provide a user ID and password as well as a smartcard, badge, token, or
some form of biometrics. An authentication procedure might also consist of
answering a series of questions that would take longer and be more difficult to
reproduce than a single password. Although authentication may be done only
Jones & Bartlett Learning,
at the LLC level, it is desirable to require
operating system © Jones
it again & Bartlett
at the databaseLearning, LLC
OT FOR SALE ORlevel.DISTRIBUTION
At the very least, the user should be required NOT FOR SALE
to produce OR DISTRIBUTION
an additional
password to access the database.
The final component of information system access control is accountabil-
ity. Accountability refers to the need to capture and maintain log files that can
be used for © traceability
Joneswhen security incidents
& Bartlett Learning, occur.LLC
For example, operat- © Jones & Bartlett Learning,
ing systems maintain login information about users as well as the directories,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
files, and databases that they access. Log files are also maintained about net-
work traffic that can be used to trace remote access to a system. Database
systems maintain log files as part of the database recovery system, recording
user access information as well as the inserts, updates, and deletes that occur.
© Jones & can
Log files Bartlett
provide Learning, LLC about user access to specifi
important information © Jones
c data & Bartlett Learning, LLC
NOTitems
FORwhen SALE OR DISTRIBUTION
conducting forensic activity after a security breach. NOT FOR SALE OR DISTRIBUTION

8.3 Database Access Control

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
Database access control is the process of making sure that data or other
OT FOR SALE OR DISTRIBUTION NOT
resources are accessed only in authorized ways. FOR SALE
In planning access,OR
the DISTRIBUTION
DBA might use an access control matrix for the database, as shown in
FIGURE 8.1 . The column headings represent database objects, which
may be the names of tables, views, data items, objects, modules, or other
© Joneson&theBartlett
categories, depending Learning,
database model LLC system used.
and management © Jones & Bartlett Learning,
The row labels
NOT represent
FORindividuals,
SALE OR roles, groups of users, or applications.
DISTRIBUTION NOT FOR SALE OR DISTRIBU
The cell entries specify the type of access permitted. Values of entries will also
depend on the particular system used, but the choices usually include READ,
INSERT, UPDATE, DELETE, EXECUTE, CREATE, and others. Once the access
control matrix is complete, the DBA must use the appropriate authorization
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
language to implement it. The DBA, of course, is permitted to create and
NOT change
FOR theSALEstructure of the database, and to use the authorizationNOT
OR DISTRIBUTION FOR SALE OR DISTRIBUTION
language
to grant data access to others or to revoke access. Some systems allow the

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 367 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
368 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

FIGURE 8.1 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Access Control Matrix

OBJECT

Student
© Jones & Bartlett Learning, LLCWrapUp Faculty
©Enroll CREATE
Jones & Bartlett Learning, LLC
SUBJECT table StuView1 Procedure table table TABLE
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
User U101 READ, READ EXECUTE READ YES
UPDATE

User U102 READ NO

Jones & Bartlett Learning,
Advisor LLC READ
READ © Jones & Bartlett
READ, Learning,
INSERT, LLC
NO
OT FOR SALE Role
OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
UPDATE, DELETE

. . . . . . . . . . . . . . . . . . . . .

© Jones & Bartlett Learning,

DBA to delegate some of LLC
this power, granting users the © Jones
power & Bartlett Learning,
to authorize
NOT FOR SALE OR toDISTRIBUTION
other users NOThaving
perform operations on the database. However, FOR many
SALE OR DISTRIBU
such “authorizers” can be extremely dangerous. Since authorizers can create
other authorizers, the situation can get out of hand very quickly, making it
difficult for the DBA to revoke authorizations.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.4 Using Views for
Access Control
Jones & Bartlett Learning, LLC © Jones
The view is a widely used method &
for Bartlett Learning,
implementing LLC
access control in database
OT FOR SALE OR DISTRIBUTION applications. The view NOT FOR SALE
mechanism OR DISTRIBUTION
has a twofold purpose. It is a facility for
the user, simplifying and customizing the external model through which
the user deals with the database, freeing the user from the complexities of
the underlying model. It is also a security device, hiding structures and data
that the user should not see. In the relational and object-relational models,
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
a user’s external model can consist entirely of views, or some combination
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
of base tables and views. By specifying restrictions in the WHERE line of
the SELECT statement used to create views, the view can be made value-
dependent. FIGURE 8.2(A) gives an example of a view created from the
Student table by including only data about students whose major is CSC.
© Jones & Bartlett Learning, LLC
Value-independent views are created©byJones & columns
specifying Bartlett Learning,
of base tables LLC
NOT FOR SALE OR DISTRIBUTION NOT statement.
and omitting the WHERE line of the SELECT FOR SALE OR
FIGURE DISTRIBUTION
8.2(B) gives
an example of a view of the Student table showing only columns stuId,
lastName, firstName, and major.

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 368 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.5 Security Logs and Audit Trails 369

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

NOT FOR SALE OR DISTRIBUTION NOT FOR
FIGURE 8.2(A) SALE
OR DISTRIBU
CREATE VIEW CSCMAJ AS
Value-dependent View
SELECT stuId, lastName, firstName, credits
FROM Student
WHERE major = 'CSC';
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

FIGURE 8.2(B)
CREATE VIEW StuView1 AS
Value-independent
SELECT stuId, lastName, firstName, major View
Jones & Bartlett Learning,FROM
LLCStudent; © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

8.5 ©Security Logs

Jones & Bartlett and LLC
Learning, © Jones & Bartlett Learning,
Audit Trails
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

Another important security tool is the security log, which is a journal

that keeps a record of all attempted security violations. The violation can
be simply
© Jones recorded Learning,
& Bartlett in the log, orLLCit can trigger an immediate©message
Jones & Bartlett Learning, LLC
to the system operator or to the DBA. Knowing about the existence of
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
the log can be a deterrent in itself. If the DBA suspects that data is being
compromised without triggering security log entries, it is possible to set up
an audit trail. Such an auditing system records all access to the database,
keeping information about the user who requested the access, the operation
Jones & Bartlett Learning,
performed, LLC
the workstation © Jones
used, the exact time & Bartlett
of occurrence, the dataLearning, LLC
OT FOR SALE ORitem,DISTRIBUTION
its old value, and its new value, if any. Th e auditFOR
NOT trail can
SALEtherefore
OR DISTRIBUTION
uncover the sources of suspicious operations on the database, even if they
are performed by authorized users, such as disgruntled employees. Triggers
can also be used to set up an audit trail for a table, recording all changes,
the time they were made, and the identity of the user who made them. For
© Jones & Bartlett Learning, LLC
example, in Oracle, if we wish to monitor changes to grade in the Enroll
© Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
table, we could first set up a table to hold the audit records. The schema for NOT FOR SALE OR DISTRIBU
that table might be:

EnrollAudit(dateandTimeOfUpdate, userId, oldStuId,

oldClassNo, oldGrade, newGrade)
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT Th
FOR SALE
e trigger OR
should DISTRIBUTION
insert NOT
a record in the EnrollAudit table when FOR SALE OR DISTRIBUTION
a user
tries to update a grade in the Enroll table. The code to do this is shown
in FIGURE 8.3 . It uses SYSDATE and USER, which are referred to as

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 369 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
370 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

FIGURE 8.3 NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Audit Trail Using Trigger

CREATE OR REPLACE TRIGGER EnrollAuditTrail

BEFORE UPDATE OF grade ON Enroll
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
FOR EACH ROW
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
BEGIN
INSERT INTO EnrollAudit
VALUES(SYSDATE, USER, :OLD.stuId, :OLD.classNumber, :OLD.grade,
:NEW.grade);
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE END;
OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

pseudocolumns in Oracle. Both act as functions that return appropriate

values. SYSDATE returns the current date and time, while USER returns the
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
ID of the current user. Oracle itself has built-in auditing that can be used to
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
set up various types of audit trails as well as other security measures.

© Jones & Bartlett Learning, LLC 8.6 Encryption © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
To counter the possibility of havingNOT FOR SALE
files accessed directlyOR DISTRIBUTION
through the
operating system or having files stolen, data can be stored in the database
in encrypted form. Only the database management system can unscramble
the data, so that anyone who obtains data by any other means will receive
jumbled data. When authorized users access the information properly, the
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
DBMS retrieves the data and decodes it automatically. Encryption should
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
also be used whenever data is communicated to other sites, so that wire
tappers will also receive scrambled data. Encryption requires a cipher
system, which consists of the following components:

An encrypting algorithm, which takes the normal text (plaintext) as

❯
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
input, performs some operations on it, and produces the encrypted
NOT FOR SALE text
OR(ciphertext
DISTRIBUTION
) as output
NOT FOR SALE OR DISTRIBU
❯ An encryption key, which is part of the input for the encrypting
algorithm and is chosen from a very large set of possible keys
❯ A decrypting algorithm, which operates on the ciphertext as input
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
and produces the plaintext as output
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
❯ A decryption key, which is part of the input for the decrypting
algorithm and is chosen from a very large set of possible keys

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 370 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.6 Encryption 371

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

8.6.1 Symmetric Key Encryption
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Symmetric key encryption is a form of encryption where the decryption
key is the same as the encryption key, and the decrypting algorithm is
the inverse of the encrypting algorithm. One widely used symmetric key
encryption scheme was the Data Encryption Standard (DES), devised
© Jones
by IBM & for
Bartlett
the U.S.Learning, LLC
National Bureau of Standards and adopted©inJones
1977. & Bartlett Learning, LLC
NOTInFOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
the DES scheme, the algorithm itself is public, while the key is private.
FIGURE 8.4 gives an overview of the DES process. The DES algorithm
uses a 56-bit key on 64-bit blocks of plaintext, producing 64-bit blocks of
ciphertext. When data is encoded, it is split up into 64-bit blocks. Within
each
Jones & Bartlett block, characters
Learning, LLC are substituted and rearranged
© Jones according to theLearning, LLC
& Bartlett
value of the
OT FOR SALE OR DISTRIBUTION key. Th e decoding algorithm usesNOT FOR SALE back
the same key to put OR DISTRIBUTION
the original characters and to restore them to their original positions in
each block.

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
FIGURE 8.4
64-bit Block of
Overview of DES
Plaintext
Encryption

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION DES
NOT FOR SALE OR DISTRIBUTION
Encryption
Algorithm

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION 64-bit Block of
NOT FOR SALE OR DISTRIBUTION
Ciphertext

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

NOT FOR SALE ORDES DISTRIBUTION NOT FOR SALE OR DISTRIBU
Decryption
Algorithm

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION 64-bit Block of NOT FOR SALE OR DISTRIBUTION
Plaintext

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 371 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
372 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning,

Two major challengesLLC © Jones
with the DES system involve key & Bartlett
security and the Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE
ease of cracking the code. The key must be kept secure or the encryption is OR DISTRIBU
worthless, since anyone with the key has access to the data. Therefore, the
security depends on the secrecy of the key, but all authorized users must be
told the key. The more people who know the key, the more likely it is that the
key willLLC
© Jones & Bartlett Learning, be disclosed to unauthorized users. Also, it &
© Jones is necessary
BartletttoLearning,
distribute LLC
the
NOT FOR SALE OR DISTRIBUTIONkey to receivers of encrypted messages. If telecommunications
NOT FOR SALE OR DISTRIBUTION lines are
used, transmitting the key in plaintext would allow wire tappers easy access to
encrypted messages. Often, more secure lines are used for key distribution, or
the key is distributed by mail or messenger. DES is not a very secure scheme,
since it can be cracked in a reasonable amount of time due to the shortness of
Jones & Bartlett Learning, LLC the keys. As a result © Jones
of several & Bartlett
famous cases where Learning, LLC
DES keys were cracked, a
OT FOR SALE OR DISTRIBUTION more secure version,NOT called FOR SALE
Triple DES OR, DISTRIBUTION
or 3DES was recommended in 1999
by the U.S. National Institute of Standards and Technology, the successor to
the National Bureau of Standards. Triple DES is now widely used commercially
and is still permitted for some government agency use. The triple DES system
uses three keys
© Jones & Bartlett and essentially
Learning, LLC performs the DES encryption © three
Jonestimes,&once
Bartlett Learning,
with each key.
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
In 2001, an improved encryption scheme called the Advanced
Encryption Standard (AES) was developed. AES was the result of a five-year
worldwide competition, with the winning design coming from two Belgian
cryptographers, Daemen and Rijmen, who proposed a scheme they called
© Jones & Bartlett Learning,
RijndaelLLC. It was adopted as a standard © for
Jones & Bartlett
U.S. government Learning,
agency use in LLC
NOT FOR SALE OR DISTRIBUTION
2002, and it is widely used commercially. NOT FORa symmetric
It uses SALE OR DISTRIBUTION
scheme that
is more sophisticated than the DES scheme, and it supports three possible
key sizes of 128 bits, 192 bits, or 256 bits, depending on the level of security
needed. The data itself is broken into 128-bit blocks and is subjected to four
rounds of transformations, each with several steps whose exact nature is
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
determined by the key. Because of the larger key sizes, cracking the scheme is
OT FOR SALE OR DISTRIBUTION more challenging. NOT FOR SALE OR DISTRIBUTION

8.6.2 Public-Key Encryption

An alternative approach to encryption is public-key encryption, which is
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
also known as asymmetric encryption. Public-key encryption uses two
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
separate keys, where one key is a public key and the other key is a private
key. FIGURE 8.5 provides an overview of public-key encryption. For each
user, a pair of large prime numbers, (p, q), is chosen as the user’s private
key, and the product of the pair, p*q, becomes the user’s public key. Public
© Jones & Bartlett Learning,
keys areLLC © Jones
shared freely, so that anyone wishing & aBartlett
to send message toLearning,
a user can LLC
NOT FOR SALE OR DISTRIBUTION NOT key
find his or her public key easily. The public FOR SALE
is then used OR DISTRIBUTION
as input to an
encryption algorithm, which produces the ciphertext for that user. When the

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 372 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.7 SQL Data Control Language 373

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

NOT FOR SALE OR DISTRIBUTION NOT FOR
FIGURE 8.5 SALE
OR DISTRIBU
Plaintext
Overview of Public-Key
Encryption

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
Encryption
NOT FOR SALE OR DISTRIBUTION Algorithm NOT FOR SALE OR DISTRIBUTION
Using Public
Key p*q

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
Ciphertext

© Jones & Bartlett Learning,

Decryption LLC © Jones & Bartlett Learning,
Algorithm Using
NOT FOR SALE OR Private-key
DISTRIBUTION NOT FOR SALE OR DISTRIBU
Factors p and q

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION Plaintext NOT FOR SALE OR DISTRIBUTION

user receives an encrypted message, he or she must produce the prime factors
Jones & Bartlett Learning,
of the public key LLC © Jones
to decode it. Since there is no quick method&ofBartlett
finding theLearning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
prime factors of a large number, it is difficult for an intruder to find these
factors. However, an intruder who is determined to break the key can do
so, provided he or she is willing to commit substantial resources to the task.
This method is only as secure as the private key, so users must be given their
private keys ©in some
Jonessecure
& fashion
BartlettandLearning,
must protect the
LLC private keys against © Jones & Bartlett Learning,
disclosure. One well-known method of public-key encryption is RSA, named
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
for its developers, Rivest, Shamir, and Adleman.

8.7 SQL Data Control Language

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT SQL
FORhasSALE OR DISTRIBUTION
an authorization NOTthat
sublanguage, Data Control Language, FOR SALE OR DISTRIBUTION
includes statements to grant privileges to and revoke privileges from users.

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 373 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
374 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett

A privilegeLearning,
is an action, LLC © Jones
such as creating, executing, reading, & Bartlett
updating, or Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE
deleting, that a user is permitted to perform on database objects. In standard OR DISTRIBU
SQL, the creator of a schema is given all privileges on all the objects (tables,
views, roles, applications) in it, and can pass those privileges on to others.
Ordinarily, only the creator of the schema can modify the schema itself
(addingLLC
© Jones & Bartlett Learning, tables, columns, and so on). Th© eJones
statement&for grantingLearning,
Bartlett privileges LLC
has the
NOT FOR SALE OR DISTRIBUTION following form: NOT FOR SALE OR DISTRIBUTION
GRANT {ALL PRIVILEGES | privilege-list }
ON {object-name}
TO {PUBLIC |user-list|role-list } [WITH GRANT OPTION];
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION The possible privileges
NOTfor base
FOR tables are SELECT
SALE OR, DISTRIBUTION
DELETE, INSERT, UPDATE,
or REFERENCES(col-name). If a table is named in the ON clause, then ALL
PRIVILEGES includes all of these operations. If a view is named in the ON
clause, and the view was constructed in such a way that it is updatable, the
SELECT, DELETE, INSERT, and UPDATE privileges can be granted on that
© Jones & Bartlett Learning,
view. For views LLC
that are not © Jones
updatable, only the SELECT can & Th
be granted. Bartlett
e Learning,
NOT FOR SALE
UPDATEOR DISTRIBUTION
privilege NOTaFOR
can be made more restrictive by specifying columnSALE
list OR DISTRIBU
in parentheses after the word UPDATE, restricting the user to updating only
certain columns, as in:
GRANT UPDATE ON Student(major) TO U101;
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
The REFERENCES privilege is applied to columns that may be used as foreign
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
keys. This privilege allows the user to refer to those columns in creating
foreign key integrity constraints. For example, to allow a user who can
update the Enroll table to be able to reference stuId in the Student table
in order to match its values for the Enroll table, we might write:
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
GRANT REFERENCES (stuId) ON Student TO U101;
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
The user list in the TO clause can include a single user, several users, or all
users (the public). The optional WITH GRANT OPTION clause gives the newly
authorized user(s) permission to pass the same privileges to others. For
example, we could write:
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
NOT FOR SALE ORSELECT,
GRANT DISTRIBUTION
INSERT, UPDATE ON Student NOT FOR
TO U101, SALE OR DISTRIBU
U102, U103 WITH GRANT OPTION;

Users U101, U102, and U103 would then be permitted to write SQL SELECT,
INSERT, and UPDATE statements for the Student table, and to pass that
© Jones & Bartlett Learning, LLCon to other users. Because©ofJones
permission &ofBartlett
the ability users withLearning,
the grant LLC
NOT FOR SALE OR DISTRIBUTION NOT
option to authorize other users, the system FOR
must keepSALE
track of OR DISTRIBUTION
authorizations
using a grant diagram, also called an authorization graph. FIGURE 8.6
shows an authorization graph. Here, the DBA, who (we assume) is the creator

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 374 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.7 SQL Data Control Language 375

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,

FIGURE NOT
8.6 FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
An Authorization Graph

DBA
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

U1 U2 U3
Jones & Bartlett Learning, LLC Student
SELECT © Jones
SELECT & Bartlett Learning,
Student
SELECT
Student
LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

© Jones
U21 & Bartlett Learning,
U22 LLC U23 © Jones
U24 & Bartlett Learning,
SELECT SELECT SELECT SELECT
NOT FOR SALE OR
Student DISTRIBUTION
Student Student NOT FOR SALE OR DISTRIBU
Student

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION U31 NOT FOR SALE OR DISTRIBUTION
SELECT
Student

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE ORof the schema, gave a specific privilege (for example,
DISTRIBUTION NOTtoFOR
use SELECT
SALEonOR
the DISTRIBUTION
Student table) WITH GRANT OPTION to users U1, U2, and U3. We will
use a double arrowhead to mean granting with grant option, and a single
arrowhead to mean without it. A solid outline for a node will mean that the
node has received the grant option, and a dashed outline will mean it has not.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
U1 passed along the privilege to U21 and U22, both without the grant option.
NOT FOR SALE OR DISTRIBUTION
U2 also passed the privilege to U22, this time with the grant option, and U22
NOT FOR SALE OR DISTRIBU
passed the privilege to U31, without the grant option. U3 authorized U23 and
U24, both without the grant option. Note that if we give a different privilege
to one of these users, we will need a new node to represent the new privilege.
© Jones & Bartlett
Each node Learning,
on the graph represents LLC
a combination of a privilege and©a Jones
user. & Bartlett Learning, LLC
NOT FOR SQLSALE
DCL includes the capability to create user roles. A role can be
OR DISTRIBUTION NOTthought
FOR SALE OR DISTRIBUTION
of as a set of operations that should be performed by an individual or a group
of individuals as part of a job. For example, in a university, advisors may need

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 375 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
376 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett

to be able toLearning,
read student LLC
transcripts of selected students,©
soJones
there may&beBartlett
an Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE
Advisor role to permit that. Depending on the policies of the university, the OR DISTRIBU
Advisor role might also include the privilege of inserting enrollment records
for students at registration time. Students may be permitted to perform
SELECT but not UPDATE operations on their personal data, so there may be a
Student
© Jones & Bartlett Learning, LLCrole that permits such access.© Once the DBA
Jones has identified
& Bartlett a role, a
Learning, LLC
set of
NOT FOR SALE OR DISTRIBUTION privileges is granted for the role, and then user accounts can be
NOT FOR SALE OR DISTRIBUTION assigned
the role. Some user accounts may have several roles.
To create a role, we write a statement such as:
CREATE ROLE AdvisorRole;
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
CREATE ROLE FacultyRole;
OT FOR SALE OR DISTRIBUTION We then grant privileges
NOT toFOR SALE
the role just OR
as weDISTRIBUTION
would to individuals, by
writing statements such as:

GRANT SELECT ON Student TO AdvisorRole;

GRANT Learning,
© Jones & Bartlett SELECT, UPDATE
LLC ON Enroll TO AdvisorRole;
© Jones & Bartlett Learning,
GRANT SELECT ON
NOT FOR SALE OR DISTRIBUTION Enroll TO FacultyRole; NOT FOR SALE OR DISTRIBU
To assign a role to a user, we write a statement such as:
GRANT AdvisorRole TO U999;

© Jones & Bartlett Learning,

We canLLC © Jones
even assign a role to another role & for
by writing, Bartlett
example:Learning, LLC
NOT FOR SALE OR DISTRIBUTION
GRANT FacultyRole TO AdvisorRole;
NOT FOR SALE OR DISTRIBUTION

This provides a means of inheriting privileges through roles.

The SQL DCL statement to remove privileges has this form:

Jones & Bartlett Learning, LLC © Jones &|Bartlett

REVOKE {ALL PRIVILEGES Learning,
privilege-listLLC
}
OT FOR SALE OR DISTRIBUTION ON NOT
object-list FOR SALE OR DISTRIBUTION
FROM {PUBLIC | user-list | role-list };
[CASCADE | RESTRICT];

For example,
© Jones & Bartlett for U101, toLLC
Learning, whom we previously granted©SELECT
Jones, INSERT,
& Bartlett Learning,
and UPDATE on Student
NOT FOR SALE OR DISTRIBUTION with the grant option, we could remove some
NOT FOR SALE OR DISTRIBU
privileges by writing this:

REVOKE INSERT ON Student FROM U101;

This revokes U101’s ability both to insert Student records and to authorize
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
others to insert Student records. We can revoke just the grant option,
NOT FOR SALE OR DISTRIBUTION
without revoking the insert, by writingNOT
this: FOR SALE OR DISTRIBUTION

REVOKE GRANT OPTION FOR INSERT ON Student FROM U101;

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 376 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.8 Security in Oracle 377

© Jones
If an individual & Bartlett
has the grant option forLearning, LLCand the privilege
a certain privilege © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
or the grant option on it is later revoked, all users who have received the NOT FOR SALE OR DISTRIBU
privilege from that individual have their privilege revoked as well. In this
way, revocations cascade, or trigger other revocations. If a user obtained the
same privilege from two authorizers, one of whom has authorization revoked,
the user
© Jones &still retains the
Bartlett privilege from
Learning, LLCthe other authorizer. Thus, if©theJones
DBA & Bartlett Learning, LLC
revoked the authorization
NOT FOR SALE OR DISTRIBUTION of user U1 in Figure 8.6, U21 would lose all privileges,
NOT FOR SALE OR DISTRIBUTION
but U22 would retain whatever privileges were received from U2. Since U22
has the grant option, user U21 could regain privileges from U22. In this way,
unscrupulous users could conspire to retain privileges despite attempts by the
DBA to revoke them. For this reason, the DBA should be very careful about
Jones & Bartlett Learning,
passing the grantLLC
option to others. If the RESTRICT© Jones
option is&specifi
Bartlett
ed, theLearning, LLC
OT FOR SALE OR DISTRIBUTION
system checks to see if there are any cascading NOT FORand
revocations SALEreturnsORan DISTRIBUTION
error if they exist, without executing the revoke statement. CASCADE is the
default. When a privilege is revoked, the authorization graph is modified by
removing the node(s) that lose their privileges.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
8.8 Security in Oracle
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

Oracle provides robust security that goes far beyond the SQL authorization
language commands. There are many different ways to set up and manage
the security
© Jones of an Oracle
& Bartlett database installation
Learning, LLC besides the methods © discussed
Jones & Bartlett Learning, LLC
here.
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.8.1 Security Features
Security features include facilities for all the following activities:
❯ Management
Jones & Bartlett Learning, LLCof user accounts. User accounts
© Jones can be
&created,
BartlettuserLearning, LLC
rights
OT FOR SALE OR DISTRIBUTIONdefined, and password and profi le policies set up in several
NOT FOR SALE OR DISTRIBUTION
ways. Strong passwords can be enforced. User views, user privileges,
and roles can be used to limit user access to data.
❯ Authentication of users can be performed for the database from the
operating system level and from a network.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
❯ Application
NOT FOR security policies
SALE ORcan be set for all applications that
DISTRIBUTION NOT FOR SALE OR DISTRIBU
access the database.
❯ Privilege analysis allows the DBA to identify privileges that are being
used, track the source of the privileges, and identify privileges that
© Jones &areBartlett
not being Learning,
used. This information
LLC can be used to tighten©security.
Jones
& Bartlett Learning, LLC
NOT FOR❯ User
SALEsession
ORinformation for applications. Information such
DISTRIBUTION NOT as the
FOR SALE OR DISTRIBUTION
user name and location can be gathered automatically and used to
control the user’s access through an application.

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 377 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
378 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning,

❯ Virtual LLC (VPD) is an additional
Private Database © level
Jones & Bartlett Learning,
of security
NOT FOR SALE that
ORcan be used to control access on the row and column level. SALE OR DISTRIBU
DISTRIBUTION NOT FOR
Data redaction is a method of masking data at run time, when
❯
queries are executed. Some or all of the characters are hidden or
replaced in the results set. For example, only the last four digits of
© Jones & Bartlett Learning, aLLC © Jones
Social Security number or a credit & Bartlett
card number may be Learning,
displayed. LLC
NOT FOR SALE OR DISTRIBUTION NOT
Redaction is often done to comply withFOR SALE
regulations OR
such DISTRIBUTION
as PCI DSS
or SOX.
❯ Transparent sensitive data protection can be used as a method
of identifying and protecting all columns that hold sensitive data,
Jones & Bartlett Learning, LLC even across several
© Jonesdatabases. Once identifi
& Bartlett ed, the columns
Learning, LLC may be
OT FOR SALE OR DISTRIBUTION protected using VPD or data redaction.
NOT FOR SALE OR DISTRIBUTION
Network data encryption can be performed automatically or
❯
manually using the DBMS_CRYPTO PL/SQL package. Oracle Net
Services can be configured to provide data encryption and integrity
© Jones & on servers
Bartlett and clients.
Learning, LLC Thin Java Database Connectivity
© Jones(JDBC)& Bartlett
Learning,
clients can be configured for secure connections to databases.
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
❯ Strong authentication. Available industry-standard authentication
methods include centralized authentication and single sign-on,
Secure Sockets Layer (SSL), Remote Authentication Dial-In User
Service (RADIUS), and Kerberos.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.8.2 Administrative Accounts
On installation, Oracle provides several predefined administrative super
accounts, including SYS, SYSTEM, and DBSNMP, as well as some sample
Jones & Bartlett Learning, LLC schemas. DBSNMP is©used Jones & Bartlett Learning,
for administration LLC
tasks in Oracle Enterprise
OT FOR SALE OR DISTRIBUTION Manager, and the managementNOT FOR agent can manage
SALE and monitor the database
OR DISTRIBUTION
using the DBSNMP account. The SYS account stores data dictionary
information for base tables and views, and should be used only by the DBMS
itself, not by users. The SYSTEM account stores other tables and tools used
by Oracle and tables for administration. None of these accounts should be
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
used to create user tables, and access to them should be strictly controlled.
NOT FOR SALE OR DISTRIBUTION NOT
On installation, these three administrator accounts are open, andFOR SALE OR DISTRIBU
the system
prompts for passwords for all three of them, although default passwords
are provided. Since these passwords are widely known, it is strongly
recommended that new passwords be created to protect the database from
© Jones & Bartlett Learning,
attack. LLC © the
The accounts automatically have Jones & Bartlett
DBA role, Learning,
which permits a user LLC
to create roles and users; to grant privileges
NOT FOR SALE OR DISTRIBUTION NOT FOR to other users; OR
SALE and to create,
DISTRIBUTION
modify, and delete schemas and objects. Oracle suggests that administrative
tasks are best performed using more targeted accounts that are authorized

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 378 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.8 Security in Oracle 379

© Jones
for specific jobs, a concept&called
Bartlett Learning,
separation of dutiesLLC
. To this end, there are © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
six additional administrator accounts that should be opened and assigned NOT FOR SALE OR DISTRIBU
to administrators to be used for specific tasks. They are SYSDBA, SYSOPER,
SYSASM, SYSBACKUP, SYSDG, and SYSKM.
Privileges granted to database users can be object privileges or system
privileges
© Jones An object Learning,
& .Bartlett privilege is theLLC
right to perform an action using DML & Bartlett Learning, LLC
© Jones
commands on a table,
NOT FOR SALE OR DISTRIBUTION view, procedure, function, sequence, or package.
NOTThFOR e SALE OR DISTRIBUTION
creator of a schema automatically has all object privileges on all objects in the
schema and can grant the same object privileges to other users. For tables, the
privileges include SELECT, INSERT, UPDATE, DELETE, and REFERENCES, as
described in Section 8.7, but also ALTER (the right to use the ALTER TABLE
Jones & Bartlett Learning,
command) LLC (the right to use the CREATE
and INDEX © Jones & Bartlett
INDEX command). ForLearning, LLC
OT FOR SALE OR DISTRIBUTION
updatable views, privileges are SELECT, INSERT NOT FOR, and
, UPDATE SALE OR. DISTRIBUTION
DELETE
System privileges include the right to perform actions using DDL commands
on database data, schemas, tablespaces, or other Oracle resources, as well as
the right to create user accounts.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
8.8.3 Security
NOT FOR Tools
SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Some of the tools the DBA can use to secure the database installation are
Oracle Database Configuration Assistant, Oracle Enterprise Manager,
SQL*Plus, and Oracle Net Manager. Oracle Enterprise Manager is an online
tool found
© Jones on the Oracle
& Bartlett Database LLC
Learning, Home page. On a Windows installation,
© Jones & Bartlett Learning, LLC
SQL*Plus can be found
NOT FOR SALE OR DISTRIBUTION in the Application Tools subdirectory
NOT of the
FOR SALE OR DISTRIBUTION
Ora home directory, and the two other tools within the Configuration
and Migration Tools subdirectory.

Oracle Database Configuration Assistant has options to create,

❯

Jones & Bartlett configure, LLC

Learning, or delete databases and other operations,
© Jonesincluding settingLearning,
& Bartlett
LLC
an audit policy.
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
Oracle Enterprise Manager is a Web-based facility that offers
❯
options for granting and revoking privileges. The DBA has to log
in initially using a privileged account such as SYSTEM to the Oracle
Database home page to access the Enterprise Manager. To create user
© Jones & Bartlett Learning, LLC
accounts from there, the DBA can choose the Administration
© Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
icon, then Users, then Create. The DBA fills in the new user name NOT FOR SALE OR DISTRIBU
and password, enters a temporary password, and can choose to have
the password expire immediately. This will cause the new user to
be prompted for a new password the first time he or she uses the
© Jones &account.
Bartlett The Learning,
account statusLLC
should be set to Unlocked.© ThJones
e user & Bartlett Learning, LLC
NOT FORrole
SALEand privileges should be chosen from the list provided,
OR DISTRIBUTION NOTandFOR SALE OR DISTRIBUTION
the CREATE button should be clicked to finish the operation. It is
recommended that the first account created be one that will be used

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 379 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
380 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett

by aLearning, LLC and that this account©beJones
security administrator, given all&rights
Bartlett Learning,
NOT FOR SALE related
OR DISTRIBUTION NOT FOR SALE
to security, to separate those tasks from other administrative OR DISTRIBU
responsibilities. That account should then be used for managing
security.
SQL*Plus can also be used to create users and roles. After signing in
❯
© Jones & Bartlett Learning, toLLC © Jones
a privileged account such as SYSTEM & Bartlett
, or having Learning,
been authorized to LLC
NOT FOR SALE OR DISTRIBUTION create users, the DBA writes a NOT FOR
CREATE USERSALE ORwhich
command, DISTRIBUTION
has
this form:
CREATE USER username IDENTIFIED BY password;
For example:
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
CREATE USER U999 IDENTIFIED BY SESAME;
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
However, this command does not give any privileges to the user, so
U999 will not be able to establish a session unless the DBA also writes
the following:
GRANT
© Jones & Bartlett CREATE SESSION
Learning, LLC TO U999; © Jones & Bartlett Learning,
NOT FOR SALE ToOR DISTRIBUTION
require NOT
the user to change his or her password at theFOR SALE OR DISTRIBU
first actual
log-in, the DBA uses this command:
ALTER USER username
PASSWORD EXPIRE;
© Jones & Bartlett Learning, When
LLC the user tries to connect, © he
Jones & Bartlett Learning, LLC
or she will be given a message
NOT FOR SALE OR DISTRIBUTION saying the password has expiredNOT FOR SALE
and prompting ORone
for a new DISTRIBUTION
before
being connected. Once connected, the user can also change his or
her own password at any time by writing the following in SQL*Plus:
ALTER USER username
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
IDENTIFIED BY newpassword;
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
Although the user will be connected, he or she will not be able to
access any data, since the only privilege given is the one to create a
session. To actually use Oracle’s facilities, the user needs to be given
additional privileges, which can be either object privileges or system
© Jones & Bartlett Learning,
privileges LLC
as described earlier. © Jones & Bartlett
Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
The syntax for granting object privileges is the same as the standard
SQL DCL syntax shown in Section 8.7. For example, the DBA might
give U999 wide privileges on the Student table by writing as follows:
GRANT ALL PRIVILEGES ON Student TO U999 WITH GRANT OPTION;
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
If there is a stored procedure called WrapUp, the DBA can give U999
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
permission to run the procedure by writing this command:
GRANT EXECUTE ON WrapUp TO U999;

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 380 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.9 Statistical Database Security 381

There©are
Jones
236 diff&erent
Bartlett
system Learning, LLC A list of system
privileges possible. © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
privileges can be seen by writing the following SQL command: NOT FOR SALE OR DISTRIBU
SELECT name
FROM SYSTEM_PRIVILEGE_MAP;
System
© Jones & privileges
Bartlett can be given
Learning, LLCthrough SQL*Plus using ©
a GRANT
Jones & Bartlett Learning, LLC
NOT FORcommand
SALE OR of this form:
DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
GRANT systemprivilege
TO username
[WITH ADMIN OPTION];
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
For example, we could allow U999 to create tables by writing:
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
GRANT CREATE TABLE TO U999 WITH ADMIN OPTION;
Additionally, privileges that are object privileges on single tables can
be extended to become system privileges that extend to any table by
using the keyword ANY, as in:
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
GRANT SELECT
NOT FORANY TABLE
SALE ORTODISTRIBUTION
U999; NOT FOR SALE OR DISTRIBU
The WITH ADMIN OPTION clause allows the user to pass the privilege
on to others.

As in the SQL standard, Oracle allows privileges to be given to a role

© Jones &
as Bartlett Learning,
well as to individuals LLC of users. A role consists of©aJones
or groups group & Bartlett Learning, LLC
NOT FORofSALE ORAny
privileges. DISTRIBUTION
number of roles can be granted to a user. NOT FOR SALE OR DISTRIBUTION
Roles can
also be granted to other roles, allowing inheritance of privileges. Roles
can be created in SQL*Plus using the DCL commands discussed in
Section 8.7.
❯ Oracle Net Manager. During installation, Oracle creates an initial
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
network configuration, including a default listener. Changes can be
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
made to the configuration by using the Net Configuration Assistant,
which is found in the Configuration and Migration Tools
subdirectory of the Ora home directory. After configuration, the
Oracle Net Manager in the same subdirectory can be used to
manage© Jones & Bartlett
the networks. The DBALearning, LLC
can set profiles, choose encryption © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
for the server and client, provide an encryption seed, and choose one NOT FOR SALE OR DISTRIBU
or more of several encryption methods.

8.9 Statistical Database Security

© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Statistical databases are designed to provide data to support statistical
analysis on populations. The data itself may contain facts about individuals,

Jones & Bartlett Learning, LLC © NOT

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 381 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
382 CHAPTER 8 Introduction to Database Security

© Jones & Bartlett Learning,

but the data is not meantLLC © Jones
to be retrieved on an individual & Bartlett
basis. Users are Learning,
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE
granted permission to access statistical information such as totals, counts, OR DISTRIBU
or averages, but not information about individuals. For example, if a user is
permitted statistical access to an employee database, he or she is able to write
queries such as:
© Jones & Bartlett Learning, LLCSUM(Salary)
SELECT © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
FROM Employee NOT FOR SALE OR DISTRIBUTION
WHERE Dept = 10;

but not:
Jones & Bartlett Learning, LLC SELECT Salary© Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION FROM EmployeeNOT FOR SALE OR DISTRIBUTION
WHERE empId = 'E101';

Special precautions must be taken when users are permitted access to

statistical data, to ensure that they are not able to deduce data about
© Jones & Bartlett
individuals.Learning, LLCexample, if there are no restrictions
For the preceding © Jonesin&place Bartlett Learning,
NOT FOR SALE OR all
except that DISTRIBUTION NOT ,FOR
queries must involve COUNT, SUM, or AVERAGE a user SALE
who OR DISTRIBU
wishes to find the employee of E101 can do so by adding conditions to the
WHERE line to narrow the population down to that one individual, as in:

SELECT SUM(Salary)
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
FROM Employee
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
WHERE Dept = 10 AND jobTitle = 'Programmer' AND
dateHired > '01-Jan-2015';

The system can be modified to refuse to answer any query for which only one
Jones & Bartlett Learning, LLC record satisfies the predicate.
© JonesHowever, this restriction
& Bartlett Learning, is easily
LLC overcome,
since the user can ask for total salaries for the department and then ask for
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
the total salary without that of E101. Neither of these queries is limited to
one record, but the user can easily deduce the salary of employee E101 from
them. To prevent users from deducing information about individuals, the
system can restrict queries by requiring that the number of records satisfying
© Jones & Bartlett Learning,
the predicate LLC
must be above some threshold and that the© Jones
number & Bartlett Learning,
of records
satisfying a pair of queries simultaneously cannot exceed some limit. ItSALE
NOT FOR SALE OR DISTRIBUTION NOT FOR can OR DISTRIBU
also disallow sets of queries that repeatedly involve the same records.

NOT FOR SALE OR DISTRIBUTION
8.10 SQL Injection
© Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
Database applications must take security precautions to protect a database
against a form of attack known as SQL injection. The term injection refers

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 382 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.10 SQL Injection 383

© Jones
to the fact that user input&from
Bartlett Learning,
a client through LLC interface can
the application © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
be designed to take advantage of vulnerabilities associated with the dynamic NOT FOR SALE OR DISTRIBU
construction of SQL queries. Using SQL injection, an attacker can insert
(or inject) code into a query that can be used to retrieve information that
the attacker is not authorized to see, maliciously delete or modify data, or
insert data
© Jones that wouldLearning,
& Bartlett give an attacker
LLC unauthorized access to the ©
database.
Jones & Bartlett Learning, LLC
SQL injection was fi
NOT FOR SALE OR DISTRIBUTION rst discovered around 1998 and is now ranked
NOT FORas SALE OR DISTRIBUTION
a top software security concern by the Open Web Application Security
Project and by the Common Weakness Enumeration/SANS Top 25 Most
Dangerous Software Errors. SQL injection poses threats to confidentiality,
integrity, availability, authentication, and authorization.
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.10.1 Examples of SQL Injection
SQL injection takes advantage of the fact that SQL queries can be dynamically
constructed in application code. As an example, consider a Web form that
allows a student to enter &
© Jones hisBartlett
or her identifier and password
Learning, LLCinto the variables © Jones & Bartlett Learning,
userID and password. The website then uses this information to retrieve
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
the student’s confidential information from the Student table. Inside of
the application code, the query can be constructed dynamically through the
following statement:

studentInfoQuery LLC * FROM student WHERE
= "SELECT © Jones & Bartlett Learning, LLC
userID = '" + userID
NOT FOR SALE OR DISTRIBUTION + "' AND password = '" + FOR SALE OR DISTRIBUTION
NOT
password + "';"

The + character represents the string concatenation operator. If userID

contains the value John and password contains the value x1y2z3, then
Jones & Bartlett Learning, LLCwould contain the following
studentInfoQuery © Jones & Bartlett Learning,
SELECT statement: LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
SELECT *
FROM student
WHERE userID = 'John' AND password = 'x1y2z3';

The studentInfoQuery would then be submitted to the database for
NOT FOR SALE OR DISTRIBUTION
retrieval of the information. This query only works as intended if the
NOT FOR SALE OR DISTRIBU
input value for userID and/or password does not contain a single quote
character. For example, if the user enters x1y'z3 by mistake, the query
becomes:
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
SELECT *
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
FROM student
WHERE userID = 'John' AND password = 'x1y'z3';

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 383 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
384 CHAPTER 8 Introduction to Database Security

The extraneous LLCin the password will cause
single quote © SQL
Jones & Bartlett Learning,
to generate
an error message since 'x1y'z3'; is invalid syntax in the SQL parser.SALE
NOT FOR SALE OR DISTRIBUTION NOT FOR An OR DISTRIBU
attacker will sometimes use this technique to initially discover that a database
is vulnerable to an SQL injection attack, where the syntax error message
gives an attacker a clue that the query is being dynamically constructed
withoutLLC
© Jones & Bartlett Learning, any input validation. A subsequent
© Jones malicious query can
& Bartlett then be
Learning, LLC
constructed
NOT FOR SALE OR DISTRIBUTION that will give the attacker access to John’s information
NOT FOR SALE OR DISTRIBUTION as well as
the information of all other students.
As an example, suppose an attacker does not know any valid user IDs or
passwords and that the attacker enters the value X as the userID and Y' or
'a'='a as the password. The query then becomes:
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION SELECT * NOT FOR SALE OR DISTRIBUTION
FROM student
WHERE userID = 'X' AND password = 'Y' OR 'a'='a';

Even with an incorrect userID and password, this query will always
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
evaluate to true because the or condition will always be satisfied.
NOT FOR SALE OR DISTRIBUTION
Furthermore, NOTbelow,
the query will essentially evaluate as the query FORwhich
SALE OR DISTRIBU
returns information about all students:

SELECT *
FROM
© Jones & Bartlett Learning, student
LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
WHERE 'a'='a'; NOT FOR SALE OR DISTRIBUTION
Since some database products allow the execution of multiple SQL
statements separated by semicolons within a single query string, attackers
can also take advantage of this vulnerability together with single quotes in
Jones & Bartlett Learning, LLC input values to enter©additional
Jones malicious
& Bartlett Learning,
statements. LLCthis type
To illustrate
OT FOR SALE OR DISTRIBUTION of attack, assume theNOT
attacker
FORentersSALE
the value
OR X asDISTRIBUTION
the userID and the value
Y' or 'a'='a'; DELETE * FROM student; -- as the password. In
this case, the query becomes:

SELECT *
© Jones & Bartlett Learning, LLC
FROM student © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
WHERE userID = 'X' AND password = 'Y' ORNOT FOR SALE OR DISTRIBU
'a'='a';
DELETE * FROM student;
--';

The query © Jonesand & Bartlett
then deleteLearning,
all of the LLC
NOT FOR SALE OR DISTRIBUTION NOT
information in the Student table. Notice thatFOR SALE
the “-- ORcharacters
” comment DISTRIBUTION
are used at the end of the password string so that any extraneous characters
will be commented out of the query execution to avoid a syntax error.

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 384 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.11 Database Security and the Internet 385

8.10.2 NOT
Mitigation of SQL Injection
FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
As illustrated in the previous subsection, SQL injection can be used to cause
serious harm to a database application. In addition to the examples described
earlier that violate confidentiality and integrity, other SQL statements can
be injected into a query that give an attacker access to the database, such
© Jones & Bartlett
as creating Learning,
a new unauthorized userLLC
ID and password with special©security
Jones & Bartlett Learning, LLC
NOTprivileges.
FOR SALE OR DISTRIBUTION NOT
In some cases, it is even possible to invoke certain operating FOR SALE OR DISTRIBUTION
system commands from an SQL query.
Fortunately, there are several actions that can be taken to mitigate SQL
injection attacks. The most basic vulnerability lies in the dynamic construction
of the
Jones & Bartlett SQL query LLC
Learning, as a string. This approach to building
© Jonesa query&inBartlett
applicationLearning, LLC
code is not
OT FOR SALE OR DISTRIBUTION considered a safe programming practice and should
NOT FOR SALE be avoided.
OR DISTRIBUTION
An alternative approach is to use parameterized statements, as in prepared
statements of the JDBC API. Using parameterized queries forces the values of
variables that are used to construct a query to conform to a specific type value
instead of an arbitrary string that can contain malicious SQL statements.
© Jones &queries
JBDC and parameterized Bartlett Learning,
are covered LLCin Chapter 5. The
in more detail © Jones & Bartlett Learning,
use of storedNOT FORasSALE
procedures OR
described DISTRIBUTION
in Chapter 5 can also be used to avoid NOT FOR SALE OR DISTRIBU
SQL injection attacks as long as SQL queries are not dynamically constructed
in the stored procedure.
Another mitigation technique is to always validate user input to make
sure the
© Jones & input conforms
Bartlett to valid types
Learning, LLC and patterns before the input
© isJones
used & Bartlett Learning, LLC
to construct an SQL
NOT FOR SALE OR DISTRIBUTION query. Database permissions should also be limited
NOT FOR to SALE OR DISTRIBUTION
a need to know basis to protect against SQL injection attacks. Some database
products, such as Oracle, help to mitigate SQL injection by not allowing query
strings that contain multiple SQL statements separated by semicolons.

Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
8.11 Database Security and
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

the Internet
Unless security software is used, all messages sent over the Internet are
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
transmitted in plaintext and can be detected by intruders using packet
NOT FOR SALE OR DISTRIBUTION
sniffing software. Both senders and receivers need to be confident that
NOT FOR SALE OR DISTRIBU
their communications are kept private. Obviously, customers who wish to
purchase products need to have assurance that their credit card information
is secure when they send it over the Internet. Companies that allow Web
© Jones & Bartlett
connections to theirLearning, LLCfor access to their database
internal networks ©need
Jones
to & Bartlett Learning, LLC
NOT be
FOR SALE
able to protectOR DISTRIBUTION
it from NOT
attack. Receivers of messages need to have waysFOR
to SALE OR DISTRIBUTION
be sure that those messages are genuine and trustworthy and have not been
tampered with. Senders of messages should not be able to repudiate them,

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 385 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
386 CHAPTER 8 Introduction to Database Security

denying that LLCWeb users who download©
they sent them. Jonescontent
executable & Bartlett Learning,
such as Java applets, ActiveX, or VBScript need to have ways to assureSALE
NOT FOR SALE OR DISTRIBUTION NOT FOR that OR DISTRIBU
the code will not corrupt their databases or otherwise harm their systems.
Several techniques are used to address these issues.

8.11.1
© Jones & Bartlett Learning, LLCProxy Servers © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR
A proxy server is a computer or program SALE
that acts as an OR DISTRIBUTION
intermediary
between a client and another server, handling messages in both directions.
When the client requests a service such as a connection or Web page, the
proxy evaluates it and determines whether it can fulfill the request itself. If
not, it filters the request, perhaps altering it, and requests the service from
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
the server or other resource. It may cache (store a copy of) the server’s
OT FOR SALE OR DISTRIBUTION response so that a subsequent
NOT FOR SALE OR DISTRIBUTION
request can be fulfilled from the stored content
without using the server again. The proxy server can be used for several
purposes, including to maintain security by hiding the actual IP address of
the server, to improve performance by caching, to prevent access to sites that
© Jones & Bartlett Learning,
an organization wishes to LLC © Jones
block from its members, to protect the server&from
Bartlett Learning,
NOT FOR SALE
malware, OR andDISTRIBUTION NOTforFOR
to protect data by scanning outbound messages SALE OR DISTRIBU
data leaks.

8.11.2 Firewalls
A firewall is a hardware and/or software barrier that is used to protect an
organization’s
© Jones & Bartlett Learning, LLC internal network (intranet) from unauthorized
© Jones & Bartlettaccess. Various
Learning, LLC
techniques are used to ensure that messages entering or leaving the intranet
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
comply with the organization’s standards. For example, a proxy server can
be used to hide the actual network address. Another technique is a packet
filter, which examines each packet of information before it enters or leaves
the intranet, making sure it complies with a set of rules. Various gateway
Jones & Bartlett Learning, LLC techniques can apply©security
Jones & Bartlett
mechanisms Learning,
to applications LLC
or connections.
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.11.3 Digital Signatures
Digital signatures use a double form of public-key encryption to create secure
two-way communications that cannot be repudiated. A digital signature allows
a user to verify the authenticity of the person they are communicating with,
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
and provides a means to prove that a message must have come from that person
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
and that it has not been tampered with in transmission. One method of using
digital signatures is for the sender to encode a message first with his or her own
private key, and then with the public key of the receiver. The receiver decrypts
the message first using his or her private key, and then uses the sender’s public
© Jones & Bartlett Learning,
key. TheLLC
double encryption ensures that© Jones
both & authentic,
parties are Bartlettsince
Learning,
neither LLC
NOT FOR SALE OR DISTRIBUTION
one could have encoded or decoded theNOT messageFOR SALE
without ORprivate
his or her DISTRIBUTION
key.
It also ensures that the message is intact, since tampering would invalidate the
signature, making it impossible to decode the message.

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 386 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.11 Database Security and the Internet 387

8.11.4 NOT
Certification Authorities
FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Customers who wish to purchase goods from an e-commerce website need to
feel confident that the site they are communicating with is genuine and that
their ordering information is transmitted privately. A widely used method
of verifying that a site is genuine is by means of certification authorities
© Jones
such as&Verisign.
Bartlett ThLearning,
e process usesLLCpublic-key encryption. The site © begins
Jones & Bartlett Learning, LLC
NOTtheFOR SALE OR DISTRIBUTION
certification process by generating a public key and a private key andNOT FOR SALE OR DISTRIBUTION
sending a request to Verisign, along with the site’s public key. Verisign issues
an encrypted certificate to the site, which stores it for future use. When a
customer wishes to place an order using a secure connection to the site, his
or Learning,
Jones & Bartlett her browser asksLLC the site for its Verisign certifi
© cate,
Joneswhich &itBartlett
receives inLearning, LLC
encrypted
OT FOR SALE OR DISTRIBUTIONform. Th e browser decrypts the certifi
NOT FOR SALEpublic
cate using Verisign’s OR DISTRIBUTION
key, and verifies that this is indeed a Verisign certificate and that the site’s
URL is the correct one. The certificate also contains the site’s public key. The
browser creates a session key—which it encrypts using the site’s public key
from the certificate—and sends the session key to the site. Since the session
© Jones
key is encrypted with the &site’s
Bartlett
public Learning, LLC site can decrypt
key, only the actual © Jones & Bartlett Learning,
it using its NOT
privateFOR SALE
key. Since bothORthe DISTRIBUTION
browser and the site are the sole NOT FOR SALE OR DISTRIBU
holders of the session key, they can now exchange messages encrypted with
the session key, using a simpler protocol such as 3DES or AES. The process
described here is the one used in the Secure Sockets Layer (SSL) protocol
and is &
© Jones typically
BartlettusedLearning,
for messages toLLCand from a customer during©anJones order & Bartlett Learning, LLC
process. An additional
NOT FOR SALE OR DISTRIBUTION measure of security is usually used for transmission
NOT FOR SALE OR DISTRIBUTION
of credit card numbers. While the user’s browser sends the seller site most
of the order information encoded with its public key, when the customer is
ready to transmit credit card information at the end of the order process,
that information, along with the amount to be charged, is sent directly to the
Jones & Bartlett
cardLearning,
company siteLLC for authorization and approval. © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION
The SET (Secure Electronic Transactions) protocol,NOT FOR whichSALE
was usedOR
for DISTRIBUTION
this process, has been superseded by newer protocols such as Visa’s Verified by
Visa, which provides both authentication and approval of the purchase. It uses
an XML-based protocol called 3-D Secure.
Kerberos is an authentication protocol for networks that allows mutual
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
authentication, in which both client and server can verify identity. A trusted
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
Kerberos server is used as a certification authority. It has a key distribution
center that stores the secret keys of each client and server on the network, and
it uses these as input to generate time-stamped tickets when the client requests
service. A ticket is then used to demonstrate to the server that the client is
© Jones & Bartlett
approved for service.Learning,
Messages can LLC © Jones
be encrypted using either symmetric key & Bartlett Learning, LLC
NOT orFOR SALE
public-key OR DISTRIBUTION
protocols. NOT FOR SALE OR DISTRIBUTION
Both the protocol and the free software implementing
it were developed at the Massachusetts Institute of Technology. It is used by
both Oracle and Caché, as well as many other vendors.

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 387 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
388 CHAPTER 8 Introduction to Database Security

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

Database security means protecting the database from unauthorized access,

© Jones & Bartlett Learning, LLC or destruction. Privacy is©the
modification, Jones
right of & Bartlett
individuals Learning,
to have some LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
control over information about themselves, and is protected by law in many
countries. Confidentiality refers to the need to keep certain information
from being known. Both privacy and confidentiality can be protected by
database security. Security violations can be accidental or deliberate, and
Jones & Bartlett Learning, LLC security breaches can be accomplished
© Jones & Bartlettin a Learning,
variety of ways.LLC A security
OT FOR SALE OR DISTRIBUTION control plan should begin with physical security
NOT FOR SALE OR DISTRIBUTION measures for the building
and especially for the computer facilities. Security control of workstations
involves user authentication, verifying the identity of users. The operating
system normally has some means of establishing a user’s identity, using
user profiles, user IDs, passwords, authentication procedures, badges, keys,
© Jones & Bartlett
or physicalLearning, LLC
characteristics © Jones can
of the user. Additional authentication & Bartlett
be Learning,
NOT FOR SALE
requiredOR DISTRIBUTION
to access the database. NOT FOR SALE OR DISTRIBU
Most database management systems designed for multiple users have a
security subsystem. These subsystems provide for authorization, by which
users are assigned rights to use database objects. Most have an authorization
language
© Jones & Bartlett Learning, LLCthat allows the DBA to write© authorization
Jones & rules specifying
Bartlett which
Learning, LLC
users
NOT FOR SALE OR DISTRIBUTION have what type of access to database objects. Access control
NOT FOR SALE OR DISTRIBUTION covers the
mechanisms for implementing authorizations. An access control matrix can
be used to identify what types of operations different users are permitted
to perform on various database objects. The DBA can sometimes delegate
authorization powers to others.
Jones & Bartlett Learning, LLC Views can be used© Jones
as a simple& method
Bartlett Learning, access
for implementing LLC control.
OT FOR SALE OR DISTRIBUTION A security log is a journalNOTforFOR SALE
storing recordsOR DISTRIBUTION
of attempted security violations.
An audit trail records all access to the database, keeping information about
the requester, the operation performed, the workstation used, and the time,
data items, and values involved. Triggers can be used to set up an audit trail.
Encryption uses a cipher system that consists of an encrypting algorithm
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
that converts plaintext into ciphertext, an encryption key, a decrypting
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
algorithm that reproduces plaintext from ciphertext, and a decryption
key. Widely used schemes for encryption are the Triple Data Encryption
Standard (3DES), the Advanced Encryption Standard (AES), and public-
key encryption. DES/AES uses a standard algorithm, which is often hardware
© Jones & Bartlett Learning, LLC Public-key encryption uses
implemented. © Jones
a product&of Bartlett
primes as aLearning,
public key LLC
NOT FOR SALE OR DISTRIBUTION
and the prime factors of the product asNOT FOR
a private key. SALE OR DISTRIBUTION
SQL has a Data Control Language, an authorization language to
provide security. The GRANT statement is used for authorization, and the

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 388 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.12 Chapter Summary 389

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
REVOKE statement is used to retract authorization. Privileges can be given to
© Digital_Art/Shutterstock

individuals or to a role, and then the role is given to individuals.

In Oracle, there are many ways to secure the database and assign
privileges. Initially, super administrative accounts are open, and they can
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
be used to create other accounts, roles, and users. Privileges include object
NOTprivileges
FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
and system privileges. They can be granted using the DCL language
in SQL*Plus or through the Oracle Enterprise Manager. Sensitive data can be
identified with transparent sensitive data protection and secured with Virtual
Private Database or data redaction. Network data can also be secured with
Jones & Bartlett Learning,
Network LLC
Data Manager. © Jones & Bartlett Learning, LLC
Statistical databases must take special precautions
OT FOR SALE OR DISTRIBUTION NOT FOR to make sure OR
SALE that DISTRIBUTION
queries are not used to deduce confidential information. SQL injection
also poses a significant threat to database applications by taking advantage
of vulnerabilities associated with the dynamic construction of queries with
user input that has not been validated. Database developers can avoid SQL
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
injection attacks by following more secure software development techniques
NOT FOR SALE OR DISTRIBUTION
for the dynamic construction of queries.
NOT FOR SALE OR DISTRIBU
When the database is accessible through the Internet, special security
techniques are needed. These include firewalls, certification authorities such
as Verisign that issue digital certificates using SSL or S-HTTP, Kerberos
© Jones & Bartlett
or similar Learning,
protocols for LLC stronger protocols for©financial
user authentication, Jones & Bartlett Learning, LLC
information, and digital
NOT FOR SALE OR DISTRIBUTION signatures. NOT FOR SALE OR DISTRIBUTION

Jones & Bartlett Learning, LLC

Exercises © Jones & Bartlett Learning, LLC
OT FOR SALE OR8.1 DISTRIBUTION
For each of the following, write SQL statements
NOT FOR to SALE
create views
OR DISTRIBUTION
where needed and to grant the indicated privileges for the University
database with this schema:
Student(stuId, lastName, firstName, major, credits)
Faculty(facId, name, department, rank)
© Jones & Bartlett
Class(classNumber, facId,Learning,
schedule, LLC
room) © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
Enroll(stuId, classNumber, grade) NOT FOR SALE OR DISTRIBU
a. Give permission to read the tables Student and Class to
user 201.
b. Create a view of Enroll that does not include the grade
© Jones & Bartlett
attribute,Learning,
and give userLLC © update
201 permission to read and Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
the view. NOT FOR SALE OR DISTRIBUTION

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 389 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
390 CHAPTER 8 Introduction to Database Security

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
c. Create a role that includes reading Student, Class, and the

© Digital_Art/Shutterstock
view created in (b). Give that role to all clerks in the dean’s office,
which includes users 202, 203, 204, and 205.
d. Give permission to user 206, an assistant dean, to read and
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
modify (insert, delete, update) the Faculty and Class tables.
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
This user can authorize others to read and modify Class but not
Faculty.
e. User 206 authorizes user 300 to read Class. Write the command
to do this.
Jones & Bartlett Learning, LLC f. Create an©authorization
Jones & Bartlett Learning,
graph showing LLC given
all the privileges
OT FOR SALE OR DISTRIBUTION NOT
so far. You FORa SALE
will need separateOR nodeDISTRIBUTION
for each combination of
privilege and user.
g. Revoke the authorization privilege that the assistant dean was
given in (d), but keep his or her own reading and modification
privileges. How would you show this change on the authorization
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning,
graph?
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
h. Give permission to the Registrar, user 500, to read and modify
Student, Class, and Enroll, and to grant those rights to
others.
i. For all academic advisors, give permission to read all Class
© Jones & Bartlett Learning, LLC © Jones
records. For the advisor in the & Bartlett
Math department, Learning, LLC
give permission
NOT FOR SALE OR DISTRIBUTION to read the Student records NOTof students
FOR SALE majoring ORin Math and
DISTRIBUTION
to modify Enroll records for these students.
8.2 Assume you have a statistical database with the following schema.
The only legal queries are those involving COUNT, SUM, and AVERAGE.
newFaculty(facId, lastName, firstName, department,
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
salary, rank, dateHired)
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
a. Write a legal SQL query to find the salary of the only faculty
member who is an instructor in the Art department.
b. Assume the system will refuse to answer queries for which only
one record satisfies the predicate as in (a). Write a legal set of
© Jones & Bartlett queries
Learning, LLC the user to deduce the©salary
that allows Jones & Bartlett
of the Art Learning,
NOT FOR SALE ORinstructor.
DISTRIBUTION NOT FOR SALE OR DISTRIBU
c. Assume that there are 10 faculty members in the Art department.
The system refuses to answer queries where the number of
records satisfying the query is less than six. It will also refuse to
© Jones & Bartlett Learning, LLCanswer pairs of queries where the number
© Jones of recordsLearning,
& Bartlett satisfying LLC
NOT FOR SALE OR DISTRIBUTION them simultaneously exceeds three. Would these
NOT FOR SALE OR DISTRIBUTION restrictions
make your query for (a) or (b) illegal? If so, is there another legal

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 390 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
8.12 Chapter Summary 391

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
set of queries that will allow you to deduce the salary of the Art
© Digital_Art/Shutterstock

instructor?
8.3 a. Using the University schema shown in Exercise 8.1, write an SQL
statement to create a value-dependent view of Student that
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
includes only seniors.
NOT FORb.SALE OR DISTRIBUTION
Write an SQL statement for a value-independent view of
NOT FOR SALE OR DISTRIBUTION
Faculty. Do not include the whole table.
c. Write a statement to authorize user 125 to read both views.
8.4 Write a trigger to create an audit trail that will track all updates to the
Jones & Bartlett Learning,
salary fieldLLC
of the newFaculty table shown © Jones
in Exercise&8.2.
Bartlett Learning, LLC
OT FOR SALE OR
8.5 DISTRIBUTION NOT
Log on to an e-commerce website, such as FOR
that of SALE
a large OR DISTRIBUTION
bookseller.
Locate and read the information provided about security of online
transactions. Determine whether SSL or some other secure protocol is
used. If possible, display and print the information about the Verisign
certificate for the site.
© Jones You may find
& Bartlett this in the options
Learning, LLC in your browser. © Jones & Bartlett Learning,
8.6 NOT
Examine theFOR SALE
security ORinDISTRIBUTION
features Microsoft Access by reading the NOT FOR SALE OR DISTRIBU
online Help on the topic. Then do the following:
a. Print the list of trusted publishers, locations, and documents for
your computer.
© Jones &b.Bartlett Learning,
Open an Access databaseLLC
you created and encrypt the © Jones & Bartlett Learning, LLC
database
with a password.
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
c. Sign your database and package it for distribution.
8.7
SQL injection is often used to exploit a database. It refers to the process
of using SQL injection to read sensitive data, modify a database, or
execute administrative operations on a database. In preparation
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
for an SQL injection exploitation, attackers often use SQL injection
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
to discover information about the database. Investigate how SQL
injection can be used to discover information about a database. In
particular, how can SQL injection be used to discover information
such as field names, table names, or even email addresses?
8.8 © Jones
Building & Bartlett
on Exercise 8.7, assumeLearning,
you haveLLC discovered that the © Jones & Bartlett Learning,
NOT FOR SALE OR DISTRIBUTION
Student table contains the fields studentID, email, userID, NOT FOR SALE OR DISTRIBU
password, firstName, and lastName. Using the SELECT
statement from Section 8.10.1, which selects students based on their
userID and password:
© Jones &a.Bartlett
Show howLearning,
SQL injectionLLC © Jones
can be used to insert a new student into & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION
the Student NOT
table. What values have to be input for the FOR SALE OR DISTRIBUTION
userID
and password to get the INSERT statement to execute?

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 391 11/06/15 5:23 pm
Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
392 CHAPTER 8 Introduction to Database Security

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU
b. What are some reasons why the SQL injection attack to insert a

© Digital_Art/Shutterstock
new user might fail?
c. If you know a student’s email address, show how SQL injection
can be used to change the email address to your email address.
© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
d. Assuming you are successful at changing the student’s email
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION
address, how can you then get access to the student’s password?
HINT: On most Web pages, how do you get your own password
when you don’t remember it?

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBU

© Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC
NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

OT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION

9781284079050_CH08_PASS03.indd 392 11/06/15 5:23 pm

Unit - 05 - Security Assignment
100% (2)
Unit - 05 - Security Assignment
96 pages
Database Security PDF
50% (2)
Database Security PDF
23 pages
Database Security
No ratings yet
Database Security
75 pages
Lecture 4 - Database Security
No ratings yet
Lecture 4 - Database Security
18 pages
Untitled
No ratings yet
Untitled
262 pages
Chapter 12. Database Security: Objectives
No ratings yet
Chapter 12. Database Security: Objectives
13 pages
80+ Best Free Hacking Tutorials - Resources To Become Pro Hacker - Tech News - Latest Technology News
100% (2)
80+ Best Free Hacking Tutorials - Resources To Become Pro Hacker - Tech News - Latest Technology News
9 pages
CHP 12
No ratings yet
CHP 12
25 pages
of Chapter 2.2 - Database Security
No ratings yet
of Chapter 2.2 - Database Security
30 pages
Course1 DBSecurity Intro
No ratings yet
Course1 DBSecurity Intro
45 pages
Unit 4 - L1
No ratings yet
Unit 4 - L1
26 pages
Databasesecurity 210519091013
No ratings yet
Databasesecurity 210519091013
21 pages
CH 01
No ratings yet
CH 01
62 pages
ADB Chapter One
No ratings yet
ADB Chapter One
48 pages
2 - T1 - Data Security Intro and DB Access Controls
No ratings yet
2 - T1 - Data Security Intro and DB Access Controls
47 pages
DBMS Unit-8
No ratings yet
DBMS Unit-8
28 pages
Database Security Lecture1
No ratings yet
Database Security Lecture1
9 pages
Database Administration
No ratings yet
Database Administration
6 pages
Living in IT Era Module 4 THE NETIQUETTE AND THE COMPUTER ETHICS
No ratings yet
Living in IT Era Module 4 THE NETIQUETTE AND THE COMPUTER ETHICS
46 pages
Data Security GK Gupta
No ratings yet
Data Security GK Gupta
26 pages
Unit 2 Cyber Security
No ratings yet
Unit 2 Cyber Security
11 pages
Lec 9 Database Security & Administration
No ratings yet
Lec 9 Database Security & Administration
42 pages
PPT ch18
No ratings yet
PPT ch18
65 pages
2012 Report To Congress
No ratings yet
2012 Report To Congress
509 pages
Best Practices For AWS Security
No ratings yet
Best Practices For AWS Security
7 pages
Trend Micro Endpoint Cheat Sheet
No ratings yet
Trend Micro Endpoint Cheat Sheet
2 pages
The 2019 Cyber Security: Essential Threat List
No ratings yet
The 2019 Cyber Security: Essential Threat List
14 pages
Chapter 9 - Database Security - Up
No ratings yet
Chapter 9 - Database Security - Up
32 pages
DBA Database Security
No ratings yet
DBA Database Security
8 pages
Database Security 584
No ratings yet
Database Security 584
7 pages
Unit 6 - Database Security
No ratings yet
Unit 6 - Database Security
26 pages
Database Security Issues
No ratings yet
Database Security Issues
7 pages
Database Security
No ratings yet
Database Security
8 pages
Advsnced Database
No ratings yet
Advsnced Database
11 pages
Assignment E-Commerce
No ratings yet
Assignment E-Commerce
6 pages
Atabase Ecurity: Ravindranath Kanaujia Amit Tukshetti Vikas Gupta & Deepak Prakash
No ratings yet
Atabase Ecurity: Ravindranath Kanaujia Amit Tukshetti Vikas Gupta & Deepak Prakash
14 pages
AI Hacking of Human Brains - Nanotech, AI Merging With Quantum Computing and The Warnings of Extinction
No ratings yet
AI Hacking of Human Brains - Nanotech, AI Merging With Quantum Computing and The Warnings of Extinction
7 pages
11 Database Security
No ratings yet
11 Database Security
44 pages
Lecture
No ratings yet
Lecture
24 pages
DBMS Module5
No ratings yet
DBMS Module5
35 pages
Database Security
No ratings yet
Database Security
4 pages
CH-6 Security
No ratings yet
CH-6 Security
42 pages
Quiz 4
No ratings yet
Quiz 4
5 pages
A Presentation By: Amir Khanzada Roll No: 2k11/SWE/24
No ratings yet
A Presentation By: Amir Khanzada Roll No: 2k11/SWE/24
24 pages
Chapter 6 Database Security and Authorization
No ratings yet
Chapter 6 Database Security and Authorization
6 pages
(TIPS) Menghilangkan Blacklist IP Address Di Spamhaus
No ratings yet
(TIPS) Menghilangkan Blacklist IP Address Di Spamhaus
8 pages
DBST Unit I
No ratings yet
DBST Unit I
8 pages
Introduction To Database Security
No ratings yet
Introduction To Database Security
5 pages
Lecture # 5
No ratings yet
Lecture # 5
5 pages
Database Security Assignment
100% (2)
Database Security Assignment
7 pages
Database Security
No ratings yet
Database Security
34 pages
Information Technology ACT-2000: BHAVIK AGGARWAL (22421206) PARISHA GOYAL (22421076) MBA-1 (B)
No ratings yet
Information Technology ACT-2000: BHAVIK AGGARWAL (22421206) PARISHA GOYAL (22421076) MBA-1 (B)
28 pages
Real World Cyber Crime Cases
No ratings yet
Real World Cyber Crime Cases
9 pages
192505
No ratings yet
192505
32 pages
DBMS For BsCs
No ratings yet
DBMS For BsCs
23 pages
Database - Security (1) Assignment
No ratings yet
Database - Security (1) Assignment
23 pages
Databasesynopsis
No ratings yet
Databasesynopsis
15 pages
Chapter 4 - Database Security
No ratings yet
Chapter 4 - Database Security
26 pages
Aadhaar
No ratings yet
Aadhaar
1 page
D12 (14 Files Merged)
No ratings yet
D12 (14 Files Merged)
165 pages
Cyb - Database Management
No ratings yet
Cyb - Database Management
21 pages
Notes Chapter 2.2 Lecture 2.2.2 (Database Security Threats)
No ratings yet
Notes Chapter 2.2 Lecture 2.2.2 (Database Security Threats)
5 pages
Zimbra For Security and Privacy
No ratings yet
Zimbra For Security and Privacy
2 pages
Chapter 3 Computer Security
No ratings yet
Chapter 3 Computer Security
17 pages
Understanding Database Security
No ratings yet
Understanding Database Security
8 pages
8 Database Security
No ratings yet
8 Database Security
4 pages
Chapter 3 Sim
No ratings yet
Chapter 3 Sim
11 pages
Chapter 2
No ratings yet
Chapter 2
41 pages
Database Security Project
No ratings yet
Database Security Project
18 pages
Database Security
No ratings yet
Database Security
26 pages
ERP and Security Challenges
No ratings yet
ERP and Security Challenges
8 pages
OWASP Top 10-2021 - Insecure Design
No ratings yet
OWASP Top 10-2021 - Insecure Design
14 pages
File5983othdoc0 1284352860890
No ratings yet
File5983othdoc0 1284352860890
21 pages
Database Security
No ratings yet
Database Security
26 pages
An Enhanced Wpa2psk For Preventing Authentication Cracking
No ratings yet
An Enhanced Wpa2psk For Preventing Authentication Cracking
8 pages
CIS Controls v8 Mapping To ASD Essential Eight - 2-2023
No ratings yet
CIS Controls v8 Mapping To ASD Essential Eight - 2-2023
82 pages
Dokumen - Pub Romanization in The Time of Augustus 9780300129908
No ratings yet
Dokumen - Pub Romanization in The Time of Augustus 9780300129908
356 pages
Database Security What Students Need To Know
No ratings yet
Database Security What Students Need To Know
17 pages
FIAS
No ratings yet
FIAS
31 pages
Domain - Networking & Security Fundamentals
No ratings yet
Domain - Networking & Security Fundamentals
39 pages
Module 11 IPS Technologies
No ratings yet
Module 11 IPS Technologies
18 pages
Design Project 1
No ratings yet
Design Project 1
9 pages
Unit 3 (CSS Notes)
No ratings yet
Unit 3 (CSS Notes)
10 pages
Joko Widiarto
No ratings yet
Joko Widiarto
6 pages
Report EDITED Jurassic Park
No ratings yet
Report EDITED Jurassic Park
6 pages