UNIT-2

CHAPTER 2.2

LECTURE-2.2(Database Security Threats)

Threats

Any situation or event, whether intentionally or incidentally, can cause damage, which can
reflect an adverse effect on the database structure and, consequently, the organization. A
threat may occur by a situation or event involving a person or the action or situations that are
probably to bring harm to an organization and its database.

The degree that an organization undergoes as a result of a threat's following which depends
upon some aspects, such as the existence of countermeasures and contingency plans. Let us
take an example where you have a hardware failure that occurs corrupting secondary storage;
all processing activity must cease until the problem is resolved.

Threats to Databases

Threats to databases can result in the loss or degradation of some or all of the following
commonly accepted security goals: integrity, availability, and confidentiality.

 Loss of integrity. Database integrity refers to the requirement that information be

protected from improper modification. Modification of data includes creation, insertion,
updating, changing the status of data, and deletion.

Integrity is lost if unauthorized changes are made to the data by either intentional or
accidental acts. If the loss of system or data integrity is not corrected, continued use of the
contaminated system or corrupted data could result in inaccuracy, fraud, or erroneous
decisions.

 Loss of availability. Database availability refers to making objects available to a

human user or a program to which they have a legitimate right.
 Loss of confidentiality. Database confidentiality refers to the protection of data from
unauthorized disclosure. The impact of unauthorized disclosure of confidential
information can range from violation of the Data Privacy Act to the jeopardization of
national security. Unauthorized, unanticipated, or unintentional disclosure could result
in loss of public confidence, embarrassment, or legal action against the organization.
 Integrity: Database integrity refers that information be protected from improper
modification. Modification includes creation, insertion, modification, changing the
status of data, and deletion. Integrity is lost if unauthorized changes are made
intentionally or through accidental acts. For example, Students cannot be allowed to
modify their grades.
 Availability: Authorized user or program should not be denied access. For example,
an instructor who wishes to change a student grade should be allowed to do so.
 Secrecy: Data should not be disclosed to unauthorized users. For example, a student
should not be allowed to see and change other student grades.
 Denial of service attack: This attack makes a database server greatly slower or even
not available to user at all. DoS attack does not result in the disclosure or loss of the
database information; it can cost the victims much time and money.
 Sniff attack: To accommodate the e-commerce and advantage of distributed systems,
database is designed in a client-server mode. Attackers can use sniffer software to
monitor data streams, and acquire some confidential information. For example, the
credit card number of a customer.
 Spoofing attack: Attackers forge a legal web application to access the database, and
then retrieve data from the database and use it for bad transactions. The most common
spoofing attacks are TCP used to get the IP addresses and DNS spoofing used to get
the mapping between IP address and DNS name.
 Trojan Horse: it is a malicious program that embeds into the system. It can modify the
database and reside in operating system.
 Excessive privileges. When workers are granted default database privileges that
exceed the requirements of their job functions, these privileges can be abused, Gerhart
said. “For example, a bank employee whose job requires the ability to change only
account holder contact information may take advantage of excessive database
privileges and increase the account balance of a colleague’s savings account.”
Further, some companies fail to update access privileges for employees who change
roles within an organization or leave altogether.
 Legitimate privilege abuse. Users may abuse legitimate database privileges for
unauthorized purposes, Gerhart said.
 Database injection attacks. The two major types of database injection attacks are SQL
injections that target traditional database systems and NoSQL injections that target
“big data” platforms. “A crucial point to realize here is that, although it is technically
 true that big data solutions are impervious to SQL injection attacks because they don’t
actually use any SQL-based technology, they are, in fact, still susceptible to the same
fundamental class of attack,” Gerhart said. “In both types, a successful input injection
attack can give an attacker unrestricted access to an entire database.”
 Malware. A perennial threat, malware is used to steal sensitive data via legitimate
users using infected devices.
 Storage media exposure. Backup storage media is often completely unprotected from
attack, Gerhart said. “As a result, numerous security breaches have involved the theft
of database backup disks and tapes. Furthermore, failure to audit and monitor the
activities of administrators who have low-level access to sensitive information can put
your data at risk. Taking the appropriate measures to protect backup copies of
sensitive data and monitor your most highly privileged users is not only a data
security best practice, but also mandated by many regulations,” he said.
 Exploitation of vulnerable databases. It generally takes organizations months to patch
databases, during which time they remain vulnerable. Attackers know how to exploit
unpatched databases or databases that still have default accounts and configuration
parameters. “Unfortunately, organizations often struggle to stay on top of maintaining
database configurations even when patches are available. Typical issues include high
workloads and mounting backlogs for the associated database administrators, complex
and time-consuming requirements for testing patches, and the challenge of finding a
maintenance window to take down and work on what is often classified as a business-
critical system,” Gerhart said.
 Unmanaged sensitive data. Many companies struggle to maintain an accurate
inventory of their databases and the critical data objects contained within them.
“Forgotten databases may contain sensitive information, and new databases can
emerge without visibility to the security team. Sensitive data in these databases will
be exposed to threats if the required controls and permissions are not implemented,”
he said.
 The human factor. The root cause for 30 percent of data breach incidents is human
negligence, according to the Ponemon Institute Cost of Data Breach Study. “Often
this is due to the lack of expertise required to implement security controls, enforce
policies or conduct incident response processes,” Gerhart said.
To protect databases against these types of threats, it is common to implement four kinds of
control measures: access control, inference control, flow control, and encryption.

In a multiuser database system, the DBMS must provide techniques to enable certain users or
user groups to access selected portions of a database without gaining access to the rest of the
database. This is particularly important when a large integrated database is to be used by
many different users within the same organization.

For example, sensitive information such as employee salaries or performance reviews should
be kept confidential from most of the database system’s users. A DBMS typically includes a
database security and authorization subsystem that is responsible for ensuring the security
of portions of a database against unauthorized access. It is now customary to refer to two
types of database security mechanisms:

 Discretionary security mechanisms. These are used to grant privileges to users,

including the capability to access specific data files, records, or fields in a specified
mode (such as read, insert, delete, or update).
 Mandatory security mechanisms. These are used to enforce multilevel security by
classifying the data and users into various security classes (or levels) and then
implementing the appropriate security policy of the organization. For example, a
typical security policy is to permit users at a certain classification (or clearance) level
to see only the data items classified at the user’s own (or lower) classification level.
An extension of this is role-based security, which enforces policies and privileges
based on the concept of organizational roles.

Other References

 Top Database Security Threats and How to Mitigate Them (shrm.org)

 Database Security Threats And Countermeasures Computer Science Essay

(ukessays.com)

 Database Security (oracle.com)

Suggested Book References

 Ramez Elmasri and Shamkant B. Navathe,“Fundamentals of Database System”, The

Benjamin / Cummings Publishing Co.
 Korth and Silberschatz Abraham, “Database SystemConcepts”, McGraw Hall.

 Pratt,”DBMS”, Cengage Learning.