UNIT-5

Database Security Issues

1. No Security Testing Before Deployment
2. Poor Encryption(SSL & TLS)
3. Stolen Database Backups(Employee stole)
4. Limitless Administration Access(Many can access)
5. Inadequate Key Management(password saving place)

Discretionary Access Control Based on Granting and

Revoking Privileges
The typical method of enforcing discretionary access
control in a database system is based on the granting and
revoking of privileges.
1)Types of Discretionary Privileges:
The DBMS must provide selective access to each relation
in the database based on specific accounts.
Operations may also be controlled; thus, having an
account does not necessarily need the account holder to
do all the functionality provided by the DBMS.
i)The account level: The DBA specifies the particular
privileges that each account holds independently of the
relations in the database.
ii)The relation (or table) level: The DBA can control the
privilege to access each individual relation or view in the
database.
iii)References privilege on R: This gives the account the
capability to refer a relation R, when specifying integrity
constraints. This privilege can also be restricted to specific
attributes of R.
2. Specifying Privileges through the Use of Views
The mechanism of views is an important discretionary
authorization mechanism.
For example, if the account owner A of a relation R wants
fields from account B, then it’s able to retrieve only some
fields of R, then A can create a view V of R that includes only
those attributes and then grant SELECT on V to B.
3. Revoking of Privileges
It is desirable to grant a privilege to a user temporarily.
For example, the owner of a relation may want to grant the
SELECT privilege to a user for a specific task and then revoke
that privilege once the task is completed.
4. Propagation of Privileges Using the GRANT OPTION (Wifi
password sharing)
Whenever the owner A of a relation R grants a privilege
on R to another account B, If the GRANT OPTION is given, this
means that B can also grant that privilege to other accounts.
Then that B can grants the privilege to account C. In this
way, privileges can propagate to other accounts without the
knowledge of the owner of R.
 If the owner account A now revokes the privilege
granted to B, all the privileges that B propagated based on
that privilege should automatically be revoked by the system.

5.An Example to Illustrate Granting and Revoking of

Privileges
GRANT:
DBA creates four accounts—A1, A2, A3, and A4—and
wants only A1 to be able to create base relations.
To do this, the DBA must issue the following GRANT
command in SQL:
GRANT CREATETAB TO A1;
The CREATETAB (create table) privilege gives account A1 the
capability to create new database tables. This is old SQL
version.
In new version:
CREATE SCHEMA BANK AUTHORIZATION A1;
User account A1 can now create tables under the schema
called BANK. Suppose that A1 creates the two base relations
EMPLOYEE and DEPARTMENT ,A1 is then the owner of these
two relations.
Next, suppose that account A1 wants to grant to account A2
the privilege to insert and delete tuples in both of these
relations.
GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;
Next, suppose that A1 wants to allow account A3 to retrieve
information from either of the two tables. SELECT is used to
retrieve the data.
GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH
GRANT OPTION;

REVOKE:
DBMS must now revoke the SELECT privilege on EMPLOYEE
from A3.
Next, suppose that A1 wants to give back to A3 a limited
capability to SELECT from the EMPLOYEE relation. The
limitation is to retrieve only the Name, Bdate, and Address
attributes and only for the tuples with Dno = 5.
CREATE VIEW A3EMPLOYEE AS
SELECT Name, Bdate, Address
FROM EMPLOYEE
WHERE Dno = 5;
After the view is created, A1 can grant SELECT on the view
A3EMPLOYEE to A3 as follows:
GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT
OPTION;
Finally, suppose that A1 wants to allow A4 to update only the
Salary attribute of EMPLOYEE; A1 can then issue the following
command:
GRANT UPDATE ON EMPLOYEE (Salary) TO A4;
SQL Injection
• SQL injection is a code injection technique that might
destroy your database.
• SQL injection is one of the most common web hacking
techniques.
• SQL injection is the placement of malicious code in SQL
statements, via web page input.
SQL in Web Pages
SQL injection usually occurs when you ask a user for
input, like their username/userid, and instead of a name/id,
the user gives you an SQL statement that you will
unknowingly run on your database.
Example
txtUserId=getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " +
txtUserId;
SQL Injection Based on 1=1 is Always True
Create an SQL statement to select a user, with a given
user id.
Select * from users where userid=105;
User can enter some "smart" input like this:
UserId: 105 OR 1=1
Then, the SQL statement will look like this:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
The above SQL is valid and will return ALL rows from the
"Users" table, since OR 1=1 is always TRUE.
Does the example above look dangerous? What if the "Users"
table contains names and passwords?
The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId
= 105 or 1=1;
A hacker might get access to all the user names and
passwords in a database, by simply inserting 105 OR 1=1 into
the input field.

SQL Injection Based on ""="" is Always True:

Normal Retrival Example
uName=getRequestString("username");
uPass=getRequestString("userpassword");
sql = 'SELECT * FROM Users WHERE Name ="' + uName + '"
AND Pass ="' + uPass + '"'

A hacker might get access to user names and passwords in a

database by simply inserting " OR ""=" into the user name or
password
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass
="" or ""=""
The SQL above is valid and will return all rows from the
"Users" table, since OR ""="" is always TRUE.
SQL Injection Based on Batched SQL Statements:
Most databases support batched SQL statement.
A batch of SQL statements is a group of two or more SQL
statements, separated by semicolons.
Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL statement will return all rows from the "Users" table,
then delete the "Suppliers" table.
Use SQL Parameters for Protection :
To protect a web site from SQL injection, you can use
SQL parameters.
SQL parameters are values that are added to an SQL
query at execution time.
ASP.NET Razor Example
txtUserId=getRequestString("UserId");
txtSQL="SELECT*FROM Users WHERE UserId=@0";
db.Execute(txtSQL,txtUserId);
Note that parameters are represented in the SQL statement
by a @ marker.
Statistical Database Security
The database which contains details of huge population
is called Statistical databases.
It may contain confidential or secret data of individuals
of country like (Aadhar numbers, PAN card numbers) and this
database should not be accessed by attackers.
But users are allowed to retrieve certain statistical
information of population like(Max,Min,Sum).
But users are not permitted to access individual data,
such as income of specific person, phone number, Debit card
numbers of specified person in database.
Statistical Queries:
The queries which allow only aggregate functions such
as COUNT, SUM, MIN, MAX, AVERAGE, and STANDARD
DEVIATION are called statistical queries.
Example –
Consider the following examples of statistical queries where
EMP_SALARY is confidential database
Query-1:
SELECT COUNT(*) FROM EMP_SALARY
WHERE Emp-department = '3';
Query-2:
SELECT AVG(income) FROM EMP_SALARY
WHERE Emp-id = '2';
The possibility of accessing individual information from
statistical queries is reduced by using the following measure:
Partitioning of Database – This means the records of
database must be not be stored as bulk in single record.

Flow Control:
1. Access Control – Protect unauthorized access.
2. Flow Control − Data flow from one site to another and
also within a site must be controlled.
3. Data Encryption- Data transmission in public must be in
encrypted.

Encryption and Public Key Infrastructures:

The most distinct feature of Public Key Infrastructure
(PKI) is that it uses a pair of keys to achieve the underlying
security service. The key pair comprises of private key and
public key.
Key Management
The security of any cryptosystem depends upon how
securely its keys are managed.
There are two specific requirements of key management for
public key cryptography:
Secrecy of private keys:
Throughout the key lifecycle, secret keys must remain
secret from all parties except those who are owner and are
authorized to use them.
Assurance of public keys:
The most crucial requirement of ‘assurance of public
key’ can be achieved through the public-key infrastructure
(PKI).
Public Key Infrastructure (PKI)
PKI provides assurance of public key. It provides the
identification of public keys and their distribution.
1. Public Key Certificate (‘digital certificate’).
2. Private Key tokens.
3. Certification Authority.
4. Registration Authority.
5. Certificate Management System.
Digital Certificate
A certificate can be considered as the ID card issued to
the person. People use ID cards such as a driver's license,
passport to prove their identity.
A digital certificate does the same basic thing in the
electronic world, but with one difference.
Digital Certificates are not only issued to people but they
can be issued to computers, software packages or anything
else that need to prove the identity in the electronic world.
Certificate Authority(CA) digitally signs this entire
information and includes digital signature in the certificate.
Certifying Authority (CA)
The CA issues certificate to a client and assist other users
to verify the certificate.
CA issues a digital certificate to site, users will not see
warning messages in their browser, such as "not sure" or
"your connection is not private"
Two primary types of CA: Public CAs and Private CA
Key Functions of CA
The key functions of a CA are as follows –
➢ Generating key pairs − The CA may generate a key pair
independently or jointly with the client.
➢ Issuing digital certificates − The CA issues a digital
certificate to client after client provides the credentials
to confirm his identity.
➢ Publishing Certificates − The CA need to publish
certificates so that users can find them.
➢ Verifying Certificates − The CA makes its public key
available in environment to assist verification of his
signature on clients’ digital certificate.
➢ Revocation of Certificates − CA revokes the certificate
issued due to some reason such as compromise of
private key by user or loss of trust in the client.
Classes of Certificates
1. Class 1 − These certificates can be easily acquired by
supplying an email address.
2. Class 2 − These certificates require additional personal
information to be supplied.
3. Class 3 − These certificates can only be purchased after
checks have been made about the requestor’s identity.
4. Class 4 − They may be used by governments and
financial organizations needing very high levels of trust.
Registration Authority (RA)
CA may use a third-party Registration Authority (RA) to
perform the necessary checks on the person or company
requesting the certificate to confirm their identity.
The RA do not actually sign the certificate that is issued.
Certificate Management System (CMS)
It is the management system through which certificates
are published, temporarily or permanently suspended,
renewed, or revoked.
Private Key Tokens
The secret private key can be stored on the key owner’s
computer. If an attacker gains access to the computer, he can
easily gain access to private key.
For this reason, a private key is stored on secure
removable storage token access to which is protected
through a password.
Secure storage format: .epf format, .p12 format.
What is an EPF and p12file?
Part file created by Edgecam Student Edition, used to
train students for part design and manufacturing.
A p12 file contains a digital certificate that uses PKCS#12
(Public Key Cryptography Standard #12) encryption. It is used
as a portable format for transferring personal private keys
and other sensitive information.
Preserving Data Privacy
Anonymization
A process that modifies data before it's used for analytics,
making it impossible to de-identify. Anonymization is often
used in medical research to protect patient privacy.
Before anonymization: 5673
After anonymization: 56**
Homomorphic encryption
A technique that allows computations to be performed on
encrypted data without decrypting it. This ensures that
sensitive data remains secure while being processed.
Privacy-preserving authentication
A technique that provides dual-purpose protection for
security and privacy in wireless access networks.
Individuals can also protect their personal data online by:
• Creating strong passwords
• Avoiding oversharing on social media
• Confirming a website is secure
• Using free wi-fi with caution
Hence there is a need to educate the smart phone users
regarding privacy and privacy threats. Some of the key
privacy threats include
(1) Surveillance; (2) Disclosure; (3) Discrimination; (4)
Personal embracement and abuse.
Data distribution technique :
In this technique, the data is distributed across many sites.
Distribution of the data can be done in two ways:
1. Horizontal distribution of data
2. Vertical distribution of data
Horizontal distribution
When data is distributed across many sites with same
attributes then the distribution is said to be horizontal
distribution.
Example: Table1-100-200 records, Table2- 300-400
records
Vertical distribution
When Person specific information is distributed across
different sites under custodian of different organizations,
then the distribution is called vertical distribution.
For example, in crime investigations, the police officials
would like to know details of a particular criminal.All the
information may not be available at one site. Such a
distribution is called vertical distribution where each site
holds few set of attributes of a person.
Challenges to Maintaining Database Security
Seeing the vast increase in volume and speed of threats
to databases the maintaining of security become challenging,
research efforts need to be consider to the following issues
such as data quality, intellectual property rights, and
database survivability.
1. Data quality –Quality of data
2. Intellectual property rights– As the use of Internet and
intranet is increasing day by day, legal and informational
aspects of data are becoming major concerns for many
organizations. To address this concerns watermark technique
are used which will help to protect content from
unauthorized duplication.
3.Database survivability-
Survivability of a system is the capability of a system to
fulfill its mission in a timely manner in the presence of
attacks, failures, or accidents.
Confident: Take immediate action on attacker to protect
file
Damage:
Recover:
Oracle Label-Based Security
Oracle Label Security (OLS) provides row-level security
for your database tables. It protects data rows by labeling
individual rows. If a user tries to access a data row protected
by a policy, then he must have proper authorization as
determined by the OLS label.
The need for more sophisticated controls on access to
sensitive data is becoming increasingly important as
organizations address emerging security requirements
Maintaining separate databases for highly sensitive
customer data is costly and creates unnecessary
administrative overhead.
OLS is used to maintain that sensitive data in low cost.