Why is database security important?

• Databases often store data which is sensitive in nature

• Incorrect data or loss of data could negatively affect business
operations
• As we know, database system provide efficient access to large
volumes of data and are vital to operation of many organization.
• Because of complexity and criticality, database generate security
requirement that are beyond the capability of OS-based security
mechanisms.
• E.g. OS security mechanism typically control read/write access to entire
file, but not able to access the specific record.
• More detailed access control must be required i.e. on select, update etc.
commands
• Thus, security services and mechanisms designed specifically for, and
integrate with, database system.
• Need to understand security requirements for data in terms of
• Confidentiality, Integrity, Availability
Relational Databases
• Basic building block of relational database is a table.
• each column holds a particular type of data
• each row contains specific values against each column
• ideally has one column where all values are unique, forming an
identifier/key for that row
• Have multiple tables linked by identifiers
• SQL a query language to access data items meeting
specified criteria
A relational database example
Relational database terms
• Relation/table/file
• Tuple/row/record
• Attribute/column/field
• Primary key: uniquely identifies a row
• Foreign key: links one table to attributes in another
• View/virtual table: Result of a query that returns selected
rows and columns from one or more tables
• Views are often used for security purpose, because view can
provide restricted access to a relational database in term of only
selected rows and columns of tables
Relational Database Elements
 Structured Query Language
• Structure Query Language (SQL)
• originally developed by IBM in the mid-1970s
• standardized language to define, manipulate, and query data in a
relational database
• several similar versions of ANSI/ISO standard

CREATE TABLE department (
Did INTEGER PRIMARY KEY,
Dname CHAR (30),
Dacctno CHAR (6) )
CREATE VIEW newtable (Dname, Ename, Eid, Ephone)
AS SELECT D.Dname E.Ename, E.Eid, E.Ephone
FROM Department D Employee E
WHERE E.Did = D.Did

CREATE TABLE employee (

Ename CHAR (30),
Did INTEGER,
SalaryCode INTEGER,
Eid INTEGER PRIMARY KEY,
Ephone CHAR (10),
FOREIGN KEY (Did) REFERENCES department (Did) )
SQL injection attacks
• One of the most prevalent and dangerous network-based
security threats
• Sends malicious SQL commands to the database server
• Depending on the environment SQL injection can also be
exploited to:
• Modify or delete data
• Launch denial-of-service (DoS) attacks
A typical injection attack
Database Access Control
• Typically, DBMS provide access control for database.
• DBMS operates on assumption that computer system has authenticated
each user and comply all access control factors before interacting with DB.

• DBMS support a range of administrative policies:

• Centralized administration
• Small number of privileged users may grant and revoke access rights
• Ownership-based administration
• The owner (creator) of a table may grant and revoke access rights to
table
• Decentralized administration
• In addition, owner of table allow other users to grant/revoke access
rights to table.
• DBMS provides specific access rights to portions of the
database
• e.g. create, insert, delete, update, read, write
• to entire database, tables, selected rows or columns
• possibly dependent on contents of a table entry, i.e. employee salary
SQL based Access Controls
• If the user has access to the entire database or just portions of it
• Two commands:
• GRANT {privileges | role}
[ON table]
TO {user | role | PUBLIC}
[IDENTIFIED BY password]
[WITH GRANT OPTION]
// other user access
e.g. GRANT SELECT ON ANY TABLE TO john

• REVOKE {privileges | role}

[ON table]
FROM {user | role | PUBLIC}
e.g. REVOKE SELECT ON ANY TABLE FROM john

• WITH GRANT OPTION: whether grantee can grant

“GRANT” option to other users
• Typical access rights are:
Example
• Grant alter on only one column in table
• GRANT update (column_name) ON table_name TO user_name;
• GRANT update (emp_salary) on Employee to app_developer

• How to create a new user and grant permissions in

MySQL
• CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';

• GRANT ALL PRIVILEGES ON database.table TO 'user'@'localhost';

• GRANT ALL PRIVILEGES ON database.* TO 'user'@'localhost';

• Or
• GRANT ALL PRIVILEGES ON *.* TO 'user'@'localhost';
Cascading Authorizations
Users may grant other users rights they have to certain tables. The new
users may pass on the rights to other users and so on.
Role-Based Access Control
• Role-based access control work well for DBMS (natural fit)
• Database system often supports dozens of applications
• An individual user may use a variety of applications to perform a
variety of tasks, each of which requires its own set of privileges
• RBAC provides a means of easing the administrative burden and
improving security
• Categories of database users:
• Application owner
• An end user who owns database objects (tables, columns, rows) as part
of an application
• End user other than application owner
• An end user who operates on database objects via a particular
application but does not own any of the database objects
• Administrator
• User who has administrative responsibility for part or all of the
• database.
Role-Based Access Control
• We can make some general statements about RBAC
concerning these three types of users
• An application has associated with it a number of tasks

• Each task requiring specific access rights to portions of the

database

• For each task, one or more roles can be defined that specify the
needed access rights

• The application owner may assign roles to end users

• Administrators are responsible for more sensitive or general roles,
managing physical and logical database components

• E.g. RBAC facility provided by Microsoft SQL Server, fixed server

roles, fixed database role
Inference
• is the process of performing authorized queries and
deducing unauthorized information from the legitimate
responses received.
• Problem arises
• When a combination of data items can be used to infer data of a
higher sensitivity
Database Encryption
• Databases typical a valuable info resource for any org.
• protected by multiple layers of security: firewalls, authentication,
O/S access control systems, DB access control systems, and
database encryption
• Database encryption is often implemented.
• Encryption becomes the last line of defense in database security
• Two disadvantages
• Key management (auth. user may have access to decryption key)
• Inflexibility (perform searching)
• Encrypt can apply to
• Entire database - inflexible and inefficient (key management)
• Individual fields - simple but inflexible
• At records level (sel. rows) or attribute level (sel columns)
Database Encryption
 Database Encryption
• DBMS is complex collection of h/w and s/w.
• May required large storage capacity, processing and maintenance.
• One solution outsource the DBMS and database to service provider.

• A straightforward solution to the security problem in this context is to

encrypt the entire database and not provide the encryption/decryption
keys to the service provider.

• This solution by itself is inflexible

• User has little ability to access the individual data item instead
download the table, decrypt the table and work on it.

• Data owner: organization that produces the sensitive data

• User: that presents requests (queries) to the system.
• Client: Front-end that transforms user queries into queries on encrypted
data
• Server: that receives encrypted data from a data owner and makes them
available for distribution to clients.
Security Requirements
• Security requirements for databases and DBMSs:

• Physical database integrity requirements

• DB immune to physical problems (e.g., power failure, flood)
• Logical database integrity requirements
• DB structure preserved (e.g., update of a field doesn’t affect another)
• Element integrity requirements
• Accuracy of values of elements
• Auditability requirements
• Able to track who accessed (read, wrote) what
• Access control requirements
• Restricts DB access (read, write) to legitimate users
• User authentication requirements
• Only authorized users can access DB
• Availability requirements
• DB info available to all authorized users 24/7
Confidentiality / Integrity / Availability
• Requirements can be rephrased / summarized as follows:

• Data must be trusted

• DBMS designed to manage trust
• DBMS must reconstruct reality
• Data must be accurate
• Field checks
• Access control (CRUD)
• CRUD = Create, Read, Update, and Delete
• Change log
• Trade-offs
• Audit vs. performance
• Access vs. performance
• High availability
 Hardening Databases – General
Strategies and Tactics
• Principle of Least Privilege!
• Stay up-to-date on patches
• Remove/disable unneeded default accounts
• Firewalling/Access Control
• Running Database processes under dedicated non-privileged
account.
• Password Security
• Disable unneeded components
• Stored Procedures and Triggers
Summary
• Introduced databases and DBMS
• Relational databases
• Database access control issues
• SQL, role-based
• Inference
• Database encryption
Database Security Tool