CHAPTER-2

Activity -1

Introduction to Database Security Issues

10/17/2023 2
 Introduction to Database Security Issues 1

1 Types of Security
Database security is a broad area that addresses many issues, including the following:
■ Various legal and ethical issues regarding the right to access certain information—for example, some information may be
deemed to be private and cannot be accessed legally by unauthorized organizations or persons. In the United States, there are
numerous laws governing privacy of information.
■ Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly
available—for example, credit ratings and personal medical records.
■ System-related issues such as the system levels at which various security functions should be enforced—for example, whether a
security function should be handled at the physical hardware level, the operating system level, or the DBMS level.
■ The need in some organizations to identify multiple security levels and to categorize the data and users based on these
classifications—for example, top secret, secret, confidential, and unclassified. The security policy of the organization with respect
to permitting access to various classifications of data must be enforced.

10/17/2023 3
Threats to Databases. Threats to databases can result in the loss or degradation of some or all of the following commonly
accepted security goals: integrity, availability, and confidentiality.
■ Loss of integrity. Database integrity refers to the requirement that information be protected from improper modification.
Modification of data includes creation, insertion, updating, changing the status of data, and deletion. Integrity is lost if
unauthorized changes are made to the data by either intentional or accidental acts. If the loss of system or data integrity is not
corrected, continued use of the contaminated system or corrupted data could result in inaccuracy, fraud, or erroneous decisions.
■ Loss of availability. Database availability refers to making objects available to a human user or a program to which they have a
legitimate right.
■ Loss of confidentiality. Database confidentiality refers to the protection of data from unauthorized disclosure. The impact of
unauthorized disclosure of confidential information can range from violation of the Data Privacy Act to the jeopardization of
national security. Unauthorized, unanticipated, or unintentional disclosure could result in loss of public confidence,
embarrassment, or legal action against the organization.

10/17/2023 4
A DBMS typically includes a database security and authorization subsystem that is responsible for ensuring the security of
portions of a database against unauthorized access. It is now customary to refer to two types of database security mechanisms:
■ Discretionary security mechanisms. These are used to grant privileges to users, including the capability to access specific data
files, records, or fields in a specified mode (such as read, insert, delete, or update).
■ Mandatory security mechanisms. These are used to enforce multilevel security by classifying the data and users into various
security classes (or levels) and then implementing the appropriate security policy of the organization.For example, a typical
security policy is to permit users at a certain classification (or clearance) level to see only the data items classified at the user’s
own (or lower) classification level. An extension of this is role-based security, which enforces policies and privileges based on the
concept of organizational roles.

10/17/2023 5
 2.Control Measures

Four main control measures are used to provide security of data in databases:
■ Access control
■ Inference control
■ Flow control
■ Data encryption
A security problem common to computer systems is that of preventing unauthorized persons from accessing the system itself,
either to obtain information or to make malicious changes in a portion of the database.
The security mechanism of a DBMS must include provisions for restricting access to the database system as a whole. This
function, called access control, is handled by creating user accounts and passwords to control the login process by the DBMS.

10/17/2023 6
 2.Control Measures


Statistical databases are used to provide statistical information or summaries of values based on various criteria. For
example, a database for population statistics may provide statistics based on age groups, income levels, household size,
education levels, and other criteria.

Statistical database users such as government statisticians or market research firms are allowed to access the database to
retrieve statistical information about a population but not to access the detailed confidential information about specific
individuals.

Security for statistical databases must ensure that information about individuals cannot be accessed.

It is sometimes possible to deduce or infer certain facts concerning individuals from queries that involve only summary
statistics on groups; consequently, this must not be permitted either. This problem, called statistical database security

The corresponding control measures are called inference control measures.

10/17/2023 7
 2.Control Measures


Another security issue is that of flow control, which prevents information from flowing in such a way that it reaches
unauthorized users.

Channels that are pathways for information to flow implicitly in ways that violate the security policy of an organization are
called covert channels.

A final control measure is data encryption, which is used to protect sensitive data (such as credit card numbers) that is
transmitted via some type of communications network. Encryption can be used to provide additional protection for sensitive
portions of a database as well.

The data is encoded using some coding algorithm. An unauthorized user who accesses encoded data will have difficulty
deciphering it, but authorized users are given decoding or decrypting algorithms (or keys) to decipher the data.

Encrypting techniques that are very difficult to decode without a key have been developed for military applications.

Encryption techniques, including popular techniques such as public key encryption, which is heavily used to support Web-
based transactions against databases, and digital signatures, which are used in personal communications.

10/17/2023 8
 3.Database Security and the DBA


The database administrator (DBA) is the central authority for managing a database system.

The DBA’s responsibilities include granting privileges to users who need to use the system and classifying users and data in
accordance with the policy of the organization.

The DBA has a DBA account in the DBMS, sometimes called a system or superuser account, which provides powerful
capabilities that are not made available to regular database accounts and users.

DBA-privileged commands include commands for granting and revoking privileges to individual accounts, users, or user
groups and for performing the following types of actions:
1. Account creation. This action creates a new account and password for a user or a group of users to enable
access to the DBMS.
2. Privilege granting. This action permits the DBA to grant certain privileges to certain accounts.
3. Privilege revocation. This action permits the DBA to revoke (cancel) certain privileges that were previously
given to certain accounts.
4. Security level assignment. This action consists of assigning user accounts to the appropriate security clearance
level.

10/17/2023 9
 4.Access Control, User Accounts, and Database Audits


Whenever a person or a group of persons needs to access a database system, the individual or group must first apply for a
user account.

The DBA will then create a new account number and password for the user if there is a legitimate need to access the
database.

The user must log in to the DBMS by entering the account number and password whenever database access is needed. The
DBMS checks that the account number and password are valid; if they are, the user is permitted to use the DBMS and to
access the database.

Application programs can also be considered users and are required to log in to the database

It is straightforward to keep track of database users and their accounts and passwords by creating an encrypted table or file
with two fields: AccountNumber and Password. This table can easily be maintained by the DBMS. Whenever a new account
is created, a new record is inserted into the table.When an account is canceled, the corresponding record must be deleted
from the table.

10/17/2023 10
 4.Access Control, User Accounts, and Database Audits


The database system must also keep track of all operations on the database that are applied by a certain user throughout
each login session, which consists of the sequence of database interactions that a user performs from the time of logging in
to the time of logging off.

When a user logs in, the DBMS can record the user’s account number and associate it with the computer or device from
which the user logged in.

All operations applied from that computer or device are attributed to the user’s account until the user logs off. It is
particularly important to keep track of update operations that are applied to the database so that, if the database is tampered
with, the DBA can determine which user did the tampering

To keep a record of all updates applied to the database and of particular users who applied each update, we can modify the
system log,that the system log includes an entry for each operation applied to the database that may be required for
recovery from a transaction failure or system crash.

We can expand the log entries so that they also include the account number of the user and the online computer or device ID
that applied each operation recorded in the log.

10/17/2023 11
 4.Access Control, User Accounts, and Database Audits


If any tampering with the database is suspected, a database audit is performed, which consists of reviewing the log to
examine all accesses and operations applied to the database during a certain time period.

When an illegal or unauthorized operation is found, the DBA can determine the account number used to perform the
operation.

Database audits are particularly important for sensitive databases that are updated by many transactions and users, such as a
banking database that is updated by many bank tellers.

A database log that is used mainly for security purposes is sometimes called an audit trail.

10/17/2023 12
 5.Sensitive Data and Types of Disclosures

Sensitivity of data is a measure of the importance assigned to the data by its owner, for the purpose of denoting its need for
protection. Some databases contain only sensitive data while other databases may contain no sensitive data at all.
Several factors can cause data to be classified as sensitive:
1. Inherently sensitive. The value of the data itself may be so revealing or confidential that it becomes sensitive—for example, a
person’s salary or that a patient has HIV/AIDS.
2. From a sensitive source. The source of the data may indicate a need for secrecy—for example, an informer whose identity must
be kept secret.
3. Declared sensitive. The owner of the data may have explicitly declared it as sensitive.
4. A sensitive attribute or sensitive record. The particular attribute or record may have been declared sensitive—for example, the
salary attribute of an employee or the salary history record in a personnel database.
5. Sensitive in relation to previously disclosed data. Some data may not be sensitive by itself but will become sensitive in the
presence of some other data—for example, the exact latitude and longitude information for a location where some previously
recorded event happened that was later deemed sensitive.

10/17/2023 13
 5.Sensitive Data and Types of Disclosures

The three most important factors are data availability, access acceptability, and authenticity assurance.
1. Data availability. If a user is updating a field, then this field becomes inaccessible and other users should not be able to view
this data. This blocking is only temporary and only to ensure that no user sees any inaccurate data. This is typically handled by the
concurrency control mechanism.
2. Access acceptability. Data should only be revealed to authorized users. A database administrator may also deny access to a
user request even if the request does not directly access a sensitive data item, on the grounds that the requested data may reveal
information about the sensitive data that the user is not authorized to have.
3. Authenticity assurance. Before granting access, certain external characteristics about the user may also be considered. For
example, a user may only be permitted access during working hours. The system may track previous queries to ensure that a
combination of queries does not reveal sensitive data. The latter is particularly relevant to statistical database queries

10/17/2023 14
 5.Sensitive Data and Types of Disclosures

The term precision, when used in the security area, refers to allowing as much as possible of the data to be available, subject to protecting exactly the subset of data that is
sensitive.

The definitions of security versus precision are as follows:

■ Security: Means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. To provide security means to disclose only nonsensitive data, and
reject any query that references a sensitive field.

■ Precision: To protect all sensitive data while disclosing as much nonsensitive data as possible.

10/17/2023 15
 6.Relationship between Information Security
versus Information Privacy


The rapid advancement of the use of information technology (IT) in industry, government, and academia raises challenging
questions and problems regarding the protection and use of personal information.

Questions of who has what rights to information about individuals for which purposes become more important as we move
toward a world in which it is technically possible to know just about anything about anyone.

Deciding how to design privacy considerations in technology for the future includes philosophical, legal, and practical
dimensions. There is a considerable overlap between issues related to access to resources (security) and issues related to
appropriate use of information (privacy).We now define the difference between security versus privacy.

Security in information technology refers to many aspects of protecting a system from unauthorized use, including
authentication of users, information encryption, access control, firewall policies, and intrusion detection. For our purposes
here, we will limit our treatment of security to the concepts associated with how well a system can protect access to
information it contains.

10/17/2023 16
 6.Relationship between Information Security
versus Information Privacy

The concept of privacy goes beyond security. Privacy examines how well the use of personal information that the system acquires
about a user conforms to the explicit or implicit assumptions regarding that use. From an end user perspective, privacy can be
considered from two different perspectives: preventing storage of personal information versus ensuring appropriate use of
personal information.

10/17/2023 17
 ACTIVITY-2

Discretionary Access Control Based on

Granting /Revoking of Privileges

10/17/2023 18
10/17/2023 19
10/17/2023 20
10/17/2023 21
10/17/2023 22
10/17/2023 23
10/17/2023 24
10/17/2023 25
 Activity 3

Mandatory Access Control for

Multilevel Security

10/17/2023 26
10/17/2023 27
10/17/2023 28
10/17/2023 29
10/17/2023 30
10/17/2023 31
10/17/2023 32
 ACTIVITY-4

Statistical DB Security

10/17/2023 33
10/17/2023 34
10/17/2023 35
10/17/2023 36
10/17/2023 37
10/17/2023 38
10/17/2023 39
10/17/2023 40
10/17/2023 41