QUESTION THREE

a) Describe the meaning of the following terms used in database security:

i. Database Ischemia [2 Marks]
Database Ischemia refers to a situation where a database experiences a significant reduction in its
performance or availability due to insufficient resources or excessive resource consumption by
certain operations or users. This term is analogous to the medical condition of ischemia, where
blood flow (and thus oxygen) is restricted to tissues, leading to impaired function.
In the context of databases:
• Resource Starvation: The database may suffer from a lack of CPU, memory, disk I/O, or
network bandwidth, leading to slow query responses or timeouts.
• Impact on Performance: Operations that require significant resources, such as complex
queries or bulk data loads, can monopolize resources and starve other processes.
• Result: The overall system becomes sluggish or unresponsive, affecting the availability and
reliability of the database for legitimate users and applications.

ii. Data Masking [2 Marks]

Data Masking is a technique used to protect sensitive information by replacing it with realistic but
fictitious data. The purpose is to maintain the confidentiality of sensitive data while preserving the
format and integrity of the original data structure.
Key aspects of data masking:
• Irreversible Transformation: The original sensitive data is transformed in a way that
makes it impossible to retrieve the original values from the masked data.
• Preservation of Data Structure: The masked data retains the same format, type, and
characteristics as the original data, allowing it to be used for testing, development, or
analytics without exposing sensitive information.
• Use Cases: Data masking is commonly used in non-production environments (e.g.,
development, testing, training) where real data is not required but realistic data is necessary
for functionality.
Examples of data masking techniques:
• Substitution: Replacing sensitive data with realistic values from a predefined list.
• Shuffling: Rearranging the order of data elements within a column.
• Encryption: Encrypting sensitive data and storing the encrypted values.

b) Explain why it is important for a database administrator to know the scheme of the
database before applying any security control mechanism. [4 Marks]
Understanding the database schema is crucial for implementing effective security controls because
it provides a comprehensive view of the database's structure, including tables, views, relationships,
data types, and constraints. Here are the reasons why a database administrator (DBA) needs to
know the schema before applying security measures:
 1. Identifying Sensitive Data:
• The schema reveals the location and types of sensitive data (e.g., personally
identifiable information, financial data, health records).
• Knowing where sensitive data resides allows the DBA to apply appropriate security
controls, such as encryption, access controls, and data masking.
2. Defining Access Controls:
• The schema shows the relationships between tables and the dependencies between
data elements.
• This information helps the DBA define granular access controls, ensuring that users
have access only to the data they need for their specific tasks (principle of least
privilege).
3. Implementing Data Validation and Constraints:
• Understanding the data types and constraints defined in the schema allows the DBA
to implement appropriate data validation and input sanitization measures.
• This helps prevent SQL injection attacks and other forms of data tampering.
4. Optimizing Security Policies:
• The schema provides insights into the data flow and usage patterns within the
database.
• This information helps the DBA optimize security policies, such as auditing, logging,
and intrusion detection, to focus on high-risk areas and critical data assets.
5. Ensuring Compliance:
• Many regulatory frameworks (e.g., GDPR, HIPAA) require specific security controls
for different types of data.
• Knowing the schema allows the DBA to align security measures with compliance
requirements, ensuring that the database meets legal and regulatory obligations.
6. Managing Change:
• The schema is not static; it evolves over time as the database grows and changes.
• Understanding the schema allows the DBA to anticipate the impact of changes on
security controls and adjust them accordingly.

QUESTION FOUR
As a database administrator at the era of cyberspace, describe at least ten best practices of
securing the database system in the organization. [8 Marks]
Securing a database system in the era of cyberspace requires a comprehensive and multi-layered
approach. Here are ten best practices for database security:
1. Implement Strong Authentication Mechanisms:
• Use strong, unique passwords and enforce password policies (e.g., complexity,
expiration, account lockout).
• Implement multi-factor authentication (MFA) to add an extra layer of security.
2. Principle of Least Privilege:
 • Grant users the minimum level of access necessary to perform their duties.
• Regularly review and update user permissions to ensure they align with current job
roles and responsibilities.
3. Encrypt Data at Rest and in Transit:
• Use encryption to protect sensitive data stored in the database (data at rest).
• Encrypt data transmitted between the database and applications (data in transit) using
SSL/TLS protocols.
4. Regularly Update and Patch the Database:
• Keep the database software up-to-date with the latest security patches and updates.
• Regularly review vendor security advisories and apply patches promptly to address
vulnerabilities.
5. Implement Database Activity Monitoring (DAM):
• Use DAM tools to monitor and log all database activities, including user access,
queries, and changes.
• Analyze logs for suspicious activities and set up alerts for potential security
incidents.
6. Use Web Application Firewalls (WAF):
• Deploy WAFs to protect the database from web-based attacks, such as SQL injection
and cross-site scripting (XSS).
• WAFs can filter and block malicious traffic before it reaches the database.
7. Implement Data Masking and Redaction:
• Use data masking techniques to protect sensitive data in non-production
environments (e.g., development, testing, training).
• Implement dynamic data masking to redact sensitive information in real-time for
users who do not need to see it.
8. Regularly Backup and Test Disaster Recovery Plans:
• Perform regular backups of the database and store backups in a secure, offsite
location.
• Test disaster recovery plans to ensure that the database can be restored quickly and
effectively in the event of a breach or disaster.
9. Conduct Regular Security Audits and Vulnerability Assessments:
• Perform periodic security audits to assess the effectiveness of security controls and
identify vulnerabilities.
• Use automated tools to scan the database for vulnerabilities and misconfigurations.
10.Educate and Train Users and Administrators:
• Provide security awareness training to users and administrators to educate them
about security risks and best practices.
• Foster a culture of security within the organization to ensure that everyone
understands their role in protecting the database.
11.Implement Intrusion Detection and Prevention Systems (IDPS):
• Deploy IDPS to monitor network traffic and detect and block suspicious activities.
 • Use anomaly detection to identify unusual patterns of behavior that may indicate a
security breach.
12.Secure Configuration Management:
• Implement secure configuration management practices to ensure that the database is
configured according to security best practices.
• Regularly review and update configuration settings to address new threats and
vulnerabilities.

QUESTION ONE (30 MARKS)

a) Briefly describe the following concepts as applied in database security:
i. Subject (2 marks): A subject is an active entity, such as a user, process, or application, that
requests access to database resources (objects). Subjects are the entities that perform actions on the
database, and their access is controlled based on their privileges and permissions.
ii. Object (2 marks): An object is a passive entity, such as a table, view, stored procedure, or
database itself, that contains or receives information. Objects are the resources within the database
that subjects interact with and access.
iii. Access Right (Privileges) (2 marks): Access rights (privileges) are permissions granted to
subjects that define the types of operations they are allowed to perform on objects. These rights
determine what actions a subject can take, such as reading, inserting, updating, deleting, or
executing data within the database.

b) Differentiate between account level and relation level privileges that may be configured on
a database to protect its confidentiality. (4 marks)
• Account Level Privileges:
• Definition: Permissions granted to user accounts that apply across the entire
database or specific schemas.
• Scope: These privileges are not tied to specific database objects but rather to the
account itself.
• Examples: Creating, dropping, or altering tables; managing user accounts; executing
administrative functions.
• Use Case: Granting a DBA the ability to manage the database structure and user
accounts.
• Relation Level Privileges:
• Definition: Permissions granted to user accounts that apply to specific database
objects, such as tables, views, or stored procedures.
• Scope: These privileges are tied to individual objects and define what actions can be
performed on them.
 • Examples: SELECT, INSERT, UPDATE, DELETE, EXECUTE on specific tables or
views.
• Use Case: Granting a user the ability to read and modify data in a specific table.
Summary:
• Account level privileges are broader and apply to the entire database or specific schemas,
while relation level privileges are more granular and apply to individual database objects.

c) While giving examples, give key differences between discretionary access control and
mandatory access control. (4 marks)
• Discretionary Access Control (DAC):
• Definition: Access control where the owner of an object (e.g., a user or
administrator) has the discretion to grant or revoke access rights to other subjects.
• Flexibility: Owners can modify access rights based on their judgment.
• Example: A user creates a table and grants SELECT and INSERT privileges to
specific colleagues.
• Risk: Higher risk of unauthorized access due to the flexibility in granting
permissions.
• Mandatory Access Control (MAC):
• Definition: Access control where access rights are predefined by a central authority
(e.g., the operating system or security policy) and cannot be changed by the object
owner or subject.
• Rigidity: Access rights are strictly enforced based on security labels and policies.
• Example: A military system where access to classified information is determined by
security clearance levels.
• Advantage: Higher security assurance due to strict enforcement of access policies.
Summary:
• DAC is flexible and allows owners to control access, while MAC is rigid and enforces
access based on predefined policies.

d) Data is a valuable resource that must be strictly protected. Describe two threats to data
stored in a database and give one mechanism employed by DBMS to protect data from each
threat. (4 marks)
1. Threat: Unauthorized Access
• Description: Unauthorized users or processes attempt to access sensitive data
without proper permissions.
• Mechanism: Access Controls:
• DBMS employs access controls, such as user authentication and authorization
mechanisms, to restrict access to authorized users only.
• Example: Role-based access control (RBAC) ensures that users can only
access data relevant to their job roles.
 2. Threat: Data Breach (Data Theft)
• Description: Sensitive data is stolen or exfiltrated by malicious actors.
• Mechanism: Encryption:
• DBMS uses encryption to protect data at rest and in transit.
• Example: Transparent Data Encryption (TDE) encrypts data stored in the
database, making it unreadable to unauthorized users.

e) Write an SQL statement that gives user U1U1 SELECT privileges on the branch table and
allows U1U1 to grant this privilege to others. (4 marks)
GRANT SELECT ON branch TO U1U1 WITH GRANT OPTION;

Explanation:
• GRANT SELECT: Grants the SELECT privilege, allowing the user to read data from the
table.
• ON branch: Specifies the table on which the privilege is granted.
• TO U1U1: Specifies the user receiving the privilege.
• WITH GRANT OPTION: Allows the user to grant the same privilege to other users.

f) Differentiate between:
i. Read and insert authorization (4 marks):
• Read Authorization:
• Definition: Permission to view data stored in the database.
• Operations: SELECT queries, viewing table contents.
• Example: A user can execute SELECT statements to retrieve data from a table.
• Insert Authorization:
• Definition: Permission to add new records to a table.
• Operations: INSERT statements, adding new rows to a table.
• Example: A user can execute INSERT statements to add new records to a table.
Summary:
• Read authorization allows viewing data, while insert authorization allows adding new data.

ii. Update and delete authorization (4 marks):

• Update Authorization:
• Definition: Permission to modify existing records in a table.
• Operations: UPDATE statements, modifying data in existing rows.
• Example: A user can execute UPDATE statements to change data in a table.
• Delete Authorization:
• Definition: Permission to remove records from a table.
 • Operations: DELETE statements, removing rows from a table.
• Example: A user can execute DELETE statements to remove records from a table.
Summary:
• Update authorization allows modifying data, while delete authorization allows removing
data.

QUESTION TWO (20 MARKS)

a) SQL injection is a common attack targeting databases on web applications:
i. Briefly describe a typical SQL injection attack. (6 marks)
A SQL injection attack is a type of cyberattack where an attacker exploits vulnerabilities in a web
application's input fields to execute malicious SQL code on the underlying database. The attacker
injects malicious SQL statements into user input fields, such as search boxes, login forms, or form
fields, to manipulate the database queries.
Typical Scenario:
1. Vulnerable Application: The web application constructs SQL queries using user-supplied
input without proper validation or sanitization.
2. Attack Vector: The attacker enters malicious input, such as SQL code fragments, into input
fields.
3. Injection: The malicious input is concatenated with the original SQL query, altering its
structure and intent.
4. Execution: The modified SQL query is executed on the database, potentially granting the
attacker unauthorized access, extracting sensitive data, or modifying data.
Example:
• Original Query: SELECT * FROM users WHERE username = 'input' AND
password = 'input';
• Malicious Input: admin' --
• Resulting Query: SELECT * FROM users WHERE username = 'admin' --'
AND password = 'input';
• Effect: The -- denotes a comment in SQL, effectively ignoring the password check and
granting access to the user with username 'admin'.

ii. Give two ways to prevent SQL injection attacks. (4 marks)

1. Input Validation and Sanitization:
• Description: Validate and sanitize all user inputs to ensure they conform to expected
formats and do not contain malicious code.
• Implementation: Use regular expressions, type checking, and allowlists to permit
only safe input.
 • Example: Restrict input to alphanumeric characters and reject special characters or
SQL keywords.
2. Parameterized Queries (Prepared Statements):
• Description: Use parameterized queries or prepared statements to separate SQL code
from data.
• Implementation: Define SQL queries with placeholders for parameters and supply
the parameters separately.
• Example:
SELECT * FROM users WHERE username = ? AND password = ?;

• The database driver handles the insertion of parameters, preventing malicious

input from altering the SQL structure.

b) Access control regulates direct access to objects:

i. Describe two access control components of database security. (4 marks)
1. Authentication:
• Description: The process of verifying the identity of a user or process attempting to
access the database.
• Implementation: Typically involves username and password verification, but can
also include multi-factor authentication (MFA).
• Purpose: Ensures that only legitimate users can access the database.
2. Authorization:
• Description: The process of granting or denying access rights to authenticated users.
• Implementation: Defines what actions a user can perform on specific database
objects (e.g., tables, views, stored procedures).
• Purpose: Ensures that users have access only to the data and resources they need for
their job roles.

ii. Compare authorization in the application layer vs. database layer. (6 marks)
• Authorization in the Application Layer:
• Description: Access control is managed by the application itself, which enforces its
own security policies.
• Implementation: The application handles user authentication and authorization,
often using application-specific roles and permissions.
• Advantages:
• Granularity: The application can enforce fine-grained access controls based
on business logic.
• Flexibility: Easier to implement application-specific security policies.
• Disadvantages:
• Complexity: Managing security policies across multiple applications can be
challenging.
 • Vulnerability: Vulnerabilities in the application can be exploited to bypass
authorization controls.
• Authorization in the Database Layer:
• Description: Access control is managed by the database management system
(DBMS), which enforces security policies at the database level.
• Implementation: The DBMS handles user authentication and authorization, using
database roles and privileges.
• Advantages:
• Centralization: Security policies are managed centrally, making it easier to
enforce consistent controls.
• Security: The DBMS provides robust security mechanisms that are difficult
to bypass.
• Disadvantages:
• Limited Granularity: The DBMS may not offer the same level of
granularity as the application layer.
• Complexity: Managing complex security policies at the database level can be
challenging.
Summary:
• Authorization in the application layer offers greater flexibility and granularity but requires
careful management to avoid vulnerabilities.
• Authorization in the database layer provides centralized control and robust security but may
lack the flexibility of the application layer.

QUESTION THREE (20 MARKS)

a) Describe control measures for the following levels of database security:
i. Physical Level (2 marks):
• Control Measures:
• Access Controls: Restrict physical access to the database servers and data centers
using locks, access cards, and biometric authentication.
• Environmental Controls: Implement measures to protect against environmental
threats, such as fire, floods, and power outages.
• Monitoring: Use surveillance cameras and intrusion detection systems to monitor
physical access.
ii. Operating System Level (2 marks):
• Control Measures:
• User Authentication: Implement strong user authentication mechanisms, such as
passwords, smart cards, or biometrics.
• Access Controls: Enforce strict access controls, using file system permissions and
security policies to restrict access to the database files.
• Security Patches: Regularly apply security patches and updates to the operating
system to address vulnerabilities.
iii. Database Level (2 marks):
• Control Measures:
• User Authentication and Authorization: Implement robust user authentication and
authorization mechanisms, using roles, privileges, and access controls to restrict
access to database objects.
• Encryption: Encrypt sensitive data stored in the database, using encryption
algorithms such as AES or RSA.
• Auditing and Logging: Implement auditing and logging mechanisms to monitor and
record database activities, such as user access, queries, and changes.

b) In relation to the Bell-LaPadula model, describe the following properties: (4 marks)

• Simple Security Property (SS Property):
• Description: A subject cannot read data at a higher security level than its own.
• Purpose: Prevents unauthorized disclosure of information (no read up).
• Example: A user with a "Confidential" clearance cannot read data classified as
"Secret".
• Star Property (Star Property):
• Description: A subject cannot write data to a lower security level than its own.
• Purpose: Prevents unauthorized disclosure of information (no write down).
• Example: A user with a "Secret" clearance cannot write data to a "Confidential"
level.

c) Write SQL statements to demonstrate:

i. REVOKE command (5 marks):
REVOKE SELECT ON branch FROM U1U1;

• Explanation:
• REVOKE SELECT: Revokes the SELECT privilege.
• ON branch: Specifies the table from which the privilege is revoked.
• FROM U1U1: Specifies the user from whom the privilege is revoked.

ii. GRANT command (5 marks):

GRANT INSERT, UPDATE ON branch TO U2U2;

• Explanation:
• GRANT INSERT, UPDATE: Grants the INSERT and UPDATE privileges.
• ON branch: Specifies the table on which the privileges are granted.
• TO U2U2: Specifies the user receiving the privileges.
QUESTION FOUR (20 MARKS)
a) Describe the following vulnerabilities, their effects on databases, and mitigation strategies:
i. Privilege Abuse (2 marks):
• Description: Users or processes misuse their authorized privileges to perform unauthorized
actions.
• Effects: Unauthorized access, data breaches, data tampering, or disruption of services.
• Mitigation: Implement the principle of least privilege, regularly review and audit user
privileges, and monitor for suspicious activities.

ii. SQL Injection (2 marks):

• Description: Attackers exploit vulnerabilities in web applications to inject malicious SQL
code into database queries.
• Effects: Unauthorized access, data theft, data modification, or denial of service.
• Mitigation: Use parameterized queries, input validation, and stored procedures to prevent
malicious input from altering SQL queries.

iii. Misconfigured Database (2 marks):

• Description: The database is not configured according to security best practices, leaving it
vulnerable to attacks.
• Effects: Unauthorized access, data breaches, or data loss.
• Mitigation: Implement secure configuration management, regularly review and update
configuration settings, and follow security guidelines from the DBMS vendor.

iv. Programmers (2 marks):

• Description: Programmers introduce vulnerabilities into the application code, such as buffer
overflows or insecure coding practices.
• Effects: Unauthorized access, data breaches, or data tampering.
• Mitigation: Implement secure coding practices, conduct code reviews, and perform security
testing, such as penetration testing and vulnerability scanning.

b) Briefly describe how man-in-the-middle attacks/impersonation can be prevented in a

database. (4 marks)
Man-in-the-middle (MitM) attacks involve an attacker intercepting and altering communications
between two parties. To prevent MitM attacks in a database:
1. Encryption:
• Use encryption protocols, such as SSL/TLS, to secure data transmitted between the
database and clients.
 • Ensure that all communications are encrypted to prevent eavesdropping and
tampering.
2. Mutual Authentication:
• Implement mutual authentication, where both the client and the server authenticate
each other.
• This prevents attackers from impersonating either party.
3. Digital Certificates:
• Use digital certificates to verify the identity of the database server and clients.
• This ensures that communications are between legitimate parties.
4. Secure Key Management:
• Implement secure key management practices to protect encryption keys and
certificates.
• This prevents attackers from compromising the encryption mechanisms.

c) Differentiate between application-level and database-level audit trails. (4 marks)

• Application-Level Audit Trails:
• Description: Audit trails that record activities performed by the application, such as
user actions, transactions, and access patterns.
• Focus: Captures application-specific events and user interactions.
• Implementation: Typically implemented within the application code or using
application-specific tools.
• Example: Logging user logins, form submissions, and application errors.
• Database-Level Audit Trails:
• Description: Audit trails that record activities performed at the database level, such
as SQL queries, data modifications, and user access.
• Focus: Captures low-level database events and operations.
• Implementation: Implemented using database auditing features, such as triggers,
audit logs, or built-in auditing tools.
• Example: Logging SQL queries, data changes, and user access attempts.
Summary:
• Application-level audit trails focus on application-specific events, while database-level audit
trails focus on database-specific events.

d) List the four possible security labels in mandatory access control (order of dominance:
highest to lowest). (4 marks)
1. Top Secret:
• Description: The highest security level, reserved for the most sensitive information.
• Example: Military intelligence data.
2. Secret:
 • Description: High-level security classification for sensitive information.
• Example: Government classified documents.
3. Confidential:
• Description: Mid-level security classification for sensitive information.
• Example: Corporate confidential data.
4. Unclassified:
• Description: Little or no security requirements, often used for public information.
• Example: Public records.
Note: The order of dominance is from highest to lowest: Top Secret > Secret > Confidential >
Unclassified.

QUESTION FIVE (20 MARKS)

a) Illustrate the four main levels of granularity of object protection in access control. (8
marks)
1. Coarse-Grained Protection:
• Description: Protection at a broad level, such as entire databases or schemas.
• Example: Granting access to an entire database.
2. Medium-Grained Protection:
• Description: Protection at the table or view level.
• Example: Granting SELECT, INSERT, UPDATE, or DELETE privileges on specific
tables.
3. Fine-Grained Protection:
• Description: Protection at the row or column level.
• Example: Granting access to specific columns or rows within a table.
4. Cell-Level Protection:
• Description: Protection at the individual cell level.
• Example: Granting access to specific cells within a table.
Summary:
• The granularity of object protection ranges from coarse to cell-level, with each level offering
different levels of control over access to database objects.