Lecture 2

Access Control
Dr. Zaki Brahmi
[email protected]

Computer Science Department,

College Of Science And arts at Al-Ola,
Taibah University
 Access Control
 This lecture try to cover Access Control
Computer security technical measures
– This lecture is based on Gollmann’s Computer
Security book (Chapter 3 and partially 4) (most
slides are from his course too)
 A bit theoretic concept
– because it is more than read, write, execute
 But still an operating system related concept
– the resources are to be accessed but by whom?
– access control paradigms center around this
question
2
Models & Policies
 A security policy captures the security
requirements of an enterprise or describes the
steps that have to be taken to achieve security
 A security model is a formal description of a
security policy
– Bell-LaPadula (BLP) model is the most famous one
 Three types of models
1. Access control models
2. Integrity models
3. Information flow models

3
Introduction
 “Access control” is where security engineering meets
computer science.

 Its function is to control which (active) subject

(‫ )موضوع‬have access to a which (passive (‫))غير فعال‬
object with some specific access (‫) االذن بالدخول إلى‬
operation.

 “The prevention (‫ ) وقاية‬of unauthorized use of a

resource, including the prevention of use of a
resource in an unauthorized manner.”
4
A Model for Access Control

Access request reference

subject monitor object

guard resource
source ‫حارس‬
(e.g. users, (e.g. files,
printers)
processes)

Reference Monitor (or access operation) decide

whether user can apply operation to resource
5
A Model for Access Control

6
Basic Terminology
 Subject/Principal: active entity – user or
process
 Object: passive entity – file or resource
 Access operations: read, write, ...
– Access operations vary from basic
memory/file access to method calls in an
object-oriented system.
– Comparable systems may use different
access operations.
7
Authorization
 Access control decision is actually an
authorization decision
 if o is an object, authorization answers
the question “Who is trusted to access o
?” (‫)من موثوق به للوصول‬

8
Example
 Consider a paper-based office in which
certain documents should only be read
by certain individuals
 We could implement access control by
– storing documents in filing cabinets
– issuing (‫ )إصدار‬keys to the relevant
individuals for the appropriate cabinets

9
Simple analogy
 The reference monitor is the set of
locked (‫ )مقفل‬filing cabinets
– An access request (an attempt to open a
filing cabinet) is granted if the key fits the
lock (and denied otherwise)

10
Options for Focusing Control
 Subjects and objects provide a different focus
of control
What is the subject allowed to do?
What may be done with an object?
 Traditionally, multi-user operating systems
manage files and resources, i.e. objects
– Access control takes the second approach
 Application oriented IT systems, like DBMSs,
offer services for the user and control the
actions of subjects.
11
 Elementary access operations
 On the most elementary level, a subject may
• observe an object, or
• alter an object.
 We refer to observe and alter as access modes
(‫)نموذج الوصول‬.
 The four Bell-LaPadula (BLP a security method used for
enforcing access control in government and military applications )
access rights:
• execute
• read
• Append (‫)أضافة‬, also called blind write
• write 12
BLP Access Rights and Modes
 Mapping between access rights and access
modes.
execute append read write
observe X X
alter X X
 Write access usually includes read access. Hence, the
write right includes observe and alter mode.
 Few systems implement append. Allowing users to alter an
object without observing its content is rarely useful
(exception: audit log).
 A file can be used without being opened and read.
Example: use of a cryptographic key. This can be
expressed by an execute right that includes neither observe
nor alter mode. 13
Ownership

 Ownership is an aspect often

considered in access control rules.
 When a new object is created, in many
operating systems the subject creating
the object becomes its owner.

14
Who Sets the Policy?
Security policies specify how subjects access
objects. There are two options for deciding who is
in charge of setting the policy:
 The owner of a resource decides who is allowed
access. Such policies are called discretionary
(disˈkreSHəˌnerē) as access control is at the owner’s
discretion (‫)تقدير‬.
– Called: Discretionary Access Control (DAC)

 A system wide policy decides who is allowed

access. Such policies are called mandatory
(‫)إجباري‬. Called mandatory Access Control
(MAC) 15
Access Control Structures
 Requirements on access control structures:
– The access control structure (‫) هياكل البيانات‬
should help to express your desired
access control policy.
– You should be able to check that your
policy has been captured correctly.
 Access rights can be defined individually for
each combination of subject and object.
 For large numbers of subjects and objects,
such structures are cumbersome to manage.
– Intermediate levels of control are preferable.
16
Access Control Matrix
 S … set of subjects
 O … set of objects
 A … set of access operations
 Access control matrix: M = (Mso)sS,oO,
Mso  A; Mso specifies the operations subject
s may perform on object o.
bill.doc edit.exe fun.com
Alice {} {exec} {exec,read}
Bob {read,write} {exec} {exec,read,write}
17
ACM: Exercise1
 Alice can read and write to the file filex.sys,
can read the file filey.sys, and can execute
the file filez.sys. Bob can read and write to
filey.sys, and cannot access filez.sys or
filex.sys.
Q: Write the associated access control matrix?

18
Access Control Matrix
 The access control matrix is
– an abstract concept
– not very suitable for direct implementation
• Management of the matrix is likely to be
extremely difficult if there are ten thousands of
files and hundreds of users (resulting in millions
of matrix entries)
• The matrix is likely to be extremely sparse and
therefore implementation is inefficient

19
Capability-based security
 Focus on the subject
– access rights are stored with the subject
– capabilities  rows of the access control
matrix
Alice edit.exe: {exec} fun.com: {exec,read}

 Good match between capabilities and distributed

system security
– Security policies have to deal with roaming
 Problems of capabilities
– How to check who may access to a specific object?
– How to revoke (‫ )إلغاء‬a capability? 20
 Access Control Lists (ACLs)
 Focus on the object
– access rights are stored with the object
– ACLs  columns of the access control matrix
fun.com Alice: {exec} Bill: {exec,read,write}
 Access rights are often defined for groups of
users
– because individual subjects may create a huge list
 ACLs are typical for operating systems security
– In UNIX, ACLs are attached to files
21
Exercice
 Alice can read and write to the file x, read the
file y and execute the file z. Bob can read x,
read and write to y and has no access to z.
a. Write access control lists for this situation.
b. Write capability lists for this situation.
c. What is the difference between access control lists and
capability lists in terms of revoking all access rights to a
specific file and revoking all access rights for a specific
person?

22
Aggregation Techniques
 ACLs and capability lists are of limited
use (one focuses on subjects, the other
focuses on objects)
 need to aggregate subjects and objects

• Groups
• Roles
• Procedures Role-based Access Control
• Data types
23
 Groups & Negative Permissions
 Groups are an intermediate layer between users
and objects. users

groups

objects
 To deal with special cases, negative permissions
withdraw rights
users

groups

objects
24
Role-Based Access Control
(RBAC)
 Several intermediate concepts can be inserted
between subjects and objects

subjects

roles

procedures
data types
objects
25
Role Based Access Control (RBAC)
 Data types: A data type is a set of objects with the
same structure (e.g. bank accounts)
– each object is of a certain data type and can be accessed only
through procedures defined for this data type.

 Procedures: high level access control methods

with more complex semantics than read or write
– procedures can only be applied to objects of certain data types;
example: funds transfer between bank accounts.

 Roles: collection of procedures assigned to roles; a

user can have more than one role and more than one
user can have the same role.
26
27
 Example
 Objects are bank  We define procedures for
accounts – Crediting accounts (CA)
 Subjects are bank – Debiting accounts (DA)
employees – Transferring funds between
accounts (TF)
 The set of bank
– Creating new accounts (NA)
accounts forms a data 
We assign procedure
type
– CA and DA to the Teller role
 We define roles – TF to the Clerk role
– Teller – NA to the Administrator role
– Clerk – The Administrator role can run all
– Administrator the procedures

28
 RBAC continued
 Roles are a good match for typical access
control requirements in business
 Roles implemented in
– Window NT onwards (as global and local
groups)
– IBM’s OS/400
– Oracle 8 onwards
– .NET framework
 There is no generally accepted standard for
RBAC 29
Example
 How to build role-based access control in
SQL ?
– privilege systems – for example:
group Can_delete Can_Update
user 0 1
admin 1 1
The application code often looks like this:
if ( $user->is_in_group("admin") ) {
$message->delete();
}
else {
print_error("Sorry, you can't delete messages."); }
if ( $user->is_in_group("users" || $user-
is_in_group("officers") )
{ // display some link here... ad nauseum } 30
RBAC – a quote
“The term RBAC itself does not have a
generally accepted meaning, and it is
used in different ways by different vendors
and users”

R. Sandhu, D. Ferraiolo, and R. Kuhn: The NIST Model for Role-Based

Access Control: Towards a Unified Standard, Proceedings of the 5th ACM
Workshop on Role-Based Access Control, Berlin, Germany, July 26-27,
2000

31
Lab
 ManageEngine
– https://www.manageengine.com/

32
Exercice 1
User Permission
Alice read account of Mr X
Alice read account of Mr Y
Alice write in project New Bank
Propose a
Alice start application Money
RBAC model
Alice start application Create New client
Bob read account of Mr Y
for
Bob write in project New Bank improving
Bob start application Create New client this
Bob read account of Mr X situation.
Charlie read account of Mr X
Charlie read account of Mr Y
Charlie write in project New Bank
Charlie start application Create New client
John read account of Mr Y 33
Exercice 2
1. You have a system that allows the owner of a file to identify users and their
permissions to the file. Which type of access control model is implemented?
2. Which access control model manages rights and permissions based on job
descriptions and responsibilities?
3. A remote access user needs to gain access to resources on the server.
Which of the processes are performed by the remote access server to control
access to resources?
4. In which form of access control environment is access controlled by rules
rather than identity?
5. What form of access control is based on job descriptions?
6. Which of the following defines an object as used in access control?
7. Which form of access control enforces security based on user identities and
allows individual users to define access controls over owned resources?
8. You have implemented an access control method that allows only managers
to access specific data. Which type of access control model is used?
34
Security Labels and Partial
orderings
 In several approaches to access control,
functions are used to associate entities with a
security label ( ‫)وسم‬
– a value that can be compared using an operator
 We can use a set L of security labels.
– We need a way of comparing labels but we need
not compare any pair of labels.
 A data structure with the property that some,
but not all, elements can be compared is
called a partial ordering.
35
Partial orderings
 A partial ordering  (read as ‘less or equal’ –
but not necessarily numeric comparison) on a
set L is relation on LL that is
 reflexive: for all aL, aa
 transitive: for all a,b,cL, if ab and bc, then ac
 antisymmetric: for all a,bL, if ab and ba, then
a=b
 Examples for partial orderings
– the integers with the relation ‘is divided by’
– a power set P(C) with the subset relation 
36
37
38
39
40
 Lattices
 Assume that a subject may observe an object
only if the subject’s label is higher than or
equal to the object’s label.
 Lattices are a mathematical structure where
these questions have unique answers
 Given two objects with different labels, what is the
minimal label a subject must have to be able to
observe both objects?
 Given two subjects with different labels, what is the
maximal label an object can have so that it can be
observed by both subjects?
 A lattice is a partially ordered set in which
every pair of elements has a greatest lower
bound and a least upper bound
41
 System Low and System High
 If a  b, we say ‘a is dominated by b’ or
‘b dominates a’.
 If a label exists that is dominated by all
other labels, it will be called System Low.
 If a label exists that dominates all other
labels, it will be called System High.
 What are System Low and System High in
the power set lattice example?
42
 root

uid1 uid2 uid3

guest

A ‘flat’ lattice

43
Information flow policies
 To address confidentiality requirements
 We assume the existence of a lattice of
security labels
 Every subject and object is assigned a
security label using a security function 
 Information can flow from an entity x to an
entity y if (x) <= (y)
– information can flow from low security entity
to high security one
 Read and write access rights are defined in
terms of information flow principles
44
Read Access: no read up
 Information flow from an object o to a
subject s
 Read access is granted if (o) <= (s)
– you can read an object if your security
label is larger than the object’s
 This condition is known as “no read up”
or the simple security (ss) property in
BLP terms
45
Write Access
 Information flow from a subject s to an object o
 Write access is granted if (s) <= (o)
– you can write to an object if your security label is
smaller than object’s
– quite counter-intuitive, but necessary to prevent
confidentiality violations such as
• a top secret user writing to an insecure printer
 This condition is known as “no write down” or
the -property (star property) in BLP terms
 No read-up and no write-down properties are
“mandatory access control” policies of BLP

46
Information flow blocked by -property

read
1 2
Trojan copy
Not
allowed
3 due to *-
property
read

A Trojan reads a high document and copies its

contents to a low file.
47
 Write Access: No Write-Down
 The  - property prevents a high level entities from
sending legitimate messages to low level entities
 Two ways to escape from this restriction:
– Temporarily downgrade a high level subject;
(downgrade current security level); BLP subjects should
have no memory of their own! They have to forget what
they knew when downgraded
• Possible with processes, but not for human beings :)
– Identify trusted subjects which are permitted to
violate the -property.
• We redefine the -property and demand it only for
subjects, which are not trusted.
48
 Multi level security (MLS)
 MLS: access control based on a partial ordering
(actually a lattice) of security levels

 Traditional: hierarchical top secret

security levels (linear order):
secret

confidential

unclassified

49
 Compartments
 In multi-level security, generally categories are
used as well as the security levels in lattices
 C is a set of all categories, e.g. project names, company
divisions, academic departments, etc.
 A compartment is a set of categories (a subset of C).
 H is a set of security levels which are hhierarchically
ordered.
 A security label (the function ) is a pair (h,c), where h
 H is a security level and c  C is a compartment.
 The partial ordering  is defined by (h1,c1)  (h2,c2) if
and only if h1  h2 and c1  c2 .
50
 Compartments - Example
 Two hierarchical levels:
– public, private (public  private)
 Two categories: PERSONNEL, ENGINEERING
 For examples, the following relations hold:

(public, {PERSONNEL})  (private, {PERSONNEL})

(public, {PERSONNEL})  (public,
{PERSONNEL,ENGINEERING})

 But the following one cannot be compared

(public, {PERSONNEL})  (private, {ENGINEERING})
51
Corresponding Lattice

52
The Bell-LaPadula Model
 Implements an information flow policy using a
lattice with compartments and an access
control matrix
 An example: evaluating a read access request
in BLP
– A read access request by subject s to object o is
granted if
 (o) <= (s) (information flow policy) and
• r  M [s, o] (appropriate entry in the access control matrix)
 BLP model actually a state machine
53
 State Machine Models
 State machines (automata): popular tool for modelling
many aspects of computing systems including security.
 The essential features of a state machine model are the
concepts of a state and of state transitions.
– A state is a representation of the system under investigation at one moment
in time. It should capture exactly those aspects of the system relevant to the
problem.
– The state transition (next state) function defines the next state depending
on the present state and the input. An output may also be produced.
 To design a secure system with the help of state machine
models:
– define state set so that it captures “security”
– check that initial state of the system is ‘secure’
– check that all state transitions starting in a “secure” state yield a
“secure” state
 Security is then preserved by all state transitions. The
system will always be ‘secure’.
54
States in BLP model
 A state in BLP model is
– the current subjects, objects and access
matrix among them and
– the security levels of subjects and objects
– current accesses by subjects to objects

55
 Basic Security Theorem
 A state is secure, if all current access tuples
(s,o,a) are permitted by the ss-, -, and ds-
properties.
 A state transition is secure if it goes from a
secure state to a secure state.
 How would you define state transition in BLP?

Basic Security Theorem: If the initial state of

a system is secure and if all state transitions are
secure, then the system will always be secure.
56
Harrison-Ruzo-Ullman Model
 BLP has no policies for changing access rights or for
the creation and deletion of subjects and objects.
 The Harrison-Ruzzo-Ullman (HRU) model defines
authorization systems that address these issues.
 The components of the HRU model:
– set of subjects S
– set of objects O
– set of access rights R
– access matrix M = (Mso)sS,oO : entry Mso is a
subset of R giving the rights subject s has on
object o
57
Primitive Operations in HRU
 Six primitive operations
for manipulating
subjects, objects, and
the access matrix:
– enter r into Mso
– delete r from Mso
– create subject s
– delete subject s
– create object o
– delete object o

58
 Examples
 Subject s creates a file f  The owner s of file f
so that s owns the file grants read access to
(access right o) and has another subject p
read and write
permission to the file
(access rights r and w). command grant_read(s,p,f)
if o in Ms,f
command create_file(s,f)
then enter r in Mp,f
create f
end
enter o into Ms,f
enter r into Ms,f
enter w into Ms,f
end

59
 Security vs. Complexity in

HRU Model
The access matrix describes the state of the system;
commands change the access matrix.
 HRU can model policies for allocating access rights. To
verify compliance with a given policy, you have to check
that no undesirable access rights can be granted.
 HRU model has some definitions and theorems about
the decidability of the safety of the system
– Saying that HRU model does not help to verify safety
in its full generality, but verification is possible with
some restrictions
 The moral of those theorems is:
– The more expressive and complex the security
model, the more difficult it is to verify security
60
References
 Vincent C. Hu, and al., Guide to Attribute Based Access Control
(ABAC) Definition and Considerations. NIST Special Publication 800-
162, 2014. (Available at http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-
162.pdf
 Advances in Security in Computing and Communications, Edited
by Jaydip Sen, ISBN 978-953-51-3346-9, 2017

61
 Lecture IV:
Cryptographic

Computer Science Department,

College Of Science And arts at Al-Ola, Taibah
University
© 2018 Dr. Zaki BRAHMI
 Introduction

 security is about how to prevent attacks (‫)منع‬, or -- if

prevention is not possible -- how to detect attacks and
recover from them

 an attack is a deliberate attempt (‫دة‬vvvvv‫ة متعم‬vvvvv‫ )محاول‬to

compromise(‫ام‬vvvv‫رق نظ‬vvvv‫)لخ‬ a system; it usually exploits
weaknesses in the system’s design, implementation,
operation, or management

 attacks can be
– passive
• attempts to learn or make use of information from the system but
does not affect system resources
• examples: eavesdropping message contents, traffic analysis
• difficult to detect, should be prevented
– active
• attempts to alter system resources or affect their operation
• examples: masquerade (spoofing
Security and Cooperation in Wireless Networks
‫خداع‬ ), replay, modification
(substitution,
Appendix A: Intro to cryptographic insertion,
algorithms and destruction), denial of service
Introduction
6
protocols • difficult to prevent, should be detected 3
 Main security services
 authentication
– aims to detect masquerade
– provides assurance that a communicating entity is the one
that it claims to be

 access control
– aims to prevent unauthorized access to resources

 confidentiality
– aims to protect data from unauthorized disclosure
– usually based on encryption

 integrity
– aims to detect modification and replay
– provides assurance that data received are exactly as sent by
the sender
– provides protection denial by one entity involved in
communication of having participated
against a in all or part of the
communication(‫)عدم التنصل‬
 non-repudiation
– twoinbasic
Security and Cooperation Wirelesstypes:
Networksnon-repudiation of origin and non-
repudiation
Appendix A: Intro to cryptographic deliveryand A.1
ofalgorithms Introduction 6
protocols 4
 Some security mechanisms
 encryption
– symmetric key, asymmetric (public) key

 digital signature

 access control schemes

– access control lists, capabilities, security labels,
...

 data integrity mechanisms

– message authentication codes, sequence
numbering, time stamping, cryptographic
chaining

 authentication protocols
– passwords, cryptographic challenge-response
protocols, biometrics

 traffic padding, route control, …

Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and A.1 6
protocols Introduction
5
 Cryptography: Overview

 Cryptography: The field of study related to

encoded
 information (comes from Greek word for "secret writing")

 Encryption: The process of converting plaintext (‫)نص عادي‬ into

ciphertext
 Decryption: The process of converting ciphertext (‫)النص المشفر‬
into plaintext
Key Used with an algorithm to determine fro
:Cipher:
plaintext An algorithm used to encrypt and decrypt text
theto transformation
ciphertext, m
and v.v.
Plainte This message is easy to encrypt but hard to find the
xt key

Encryptio Decryptio
n n
Ciphert ICFVQRVVNEFVRNNVSIYRGAHSLIOJICNTIYBFGTICRXR
ext S
Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and
protocols 66
/80
 Cryptography: Overview

Plaintex Plaintex
e n e m y a t t a c k s t o n ti g h t te n emy a t t a c k s t on i g h t
z z
Write row by Read row by row
row
e n e m e n e m
a y a y
k t t a k t t a
c c
s t o i s t o
i
n n
g h t g h t
z z
E E M Y E E M Y N
NT A A C T A A C T
TT K O N T K O N S
SH I T Z H I T Z G
Read column by column
G Write column by
column
E T T H E A K I MA O T Y C N Z N T S E T T H E A K I MA O T Y C N Z N T S
G G
Ciphertex Ciphertex
t Transmission t
Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and
protocols 67
/80
CRYPTOGRAPHY: OVERVIEW -
CRYPTANALYSIS
• Cryptanalysis is the art of breaking codes and
ciphers
• Cryptanalyst
• Deduce the original meaning of the ciphertext
• Determine the decryption algorithm that matches the
encryption one used

Breakable Encryption!

68
/80
&/80
 Classical model of encryption

EK(m)
E ciphertext D
m DK’ (EK(m)) =
plaintex m
t

K eavesdroppi K’
encryption ng decryption
key adversary key

 goal of the adversary:

– to systematically recover plaintexts from ciphertexts
– to deduce the (decryption) key

 Kerckhoff’s principle:
– we must assume that the adversary knows all details of
E and D
– security of the system should be based on the
protection of the
Securitydecryption key Networks
and Cooperation in Wireless
Appendix A: Intro to cryptographic algorithms and
protocols 69
/80
 Adversary models

 ciphertext-only attack
– the adversary can only observe ciphertexts produced by
the same encryption key
 known-plaintext attack
– the adversary can obtain corresponding plaintext-
ciphertext pairs produced with the same encryption key
 (adaptive) chosen-plaintext attack
– the adversary can choose plaintexts and obtain the
corresponding ciphertexts
 (adaptive) chosen-ciphertext attack
– the adversary can choose ciphertexts and obtain the
corresponding plaintexts
 related-key attack
– the adversary can obtain ciphertexts, or plaintext-
ciphertext pairs that are produced with different
encryption keys that are related in a known way to a
specific encryption key

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and A.2
protocols Encryption 70
/80
 Security of encryption schemes

 an scheme secure in a adversa

encryption
model if it is is given
computationally ry (‫غير‬
infeasible
‫ابيا‬v‫ )ممكن حس‬for the adversary to determine the
target decryption key under the assumptions of
the given model
for many encryption schemes used in practice, no
proof of security exists
– these schemes are used, nevertheless, because
they are efficient and they resist all known attacks

some encryption schemes are provably secure,

however these schemes are often inefficient

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and A.2 71
protocols Encryption
 Basic classification encryption schemes

 symmetric-key encryption
– it is easy to compute K’ from K (and vice versa)
– usually K’ = K
– two main types:
• stream ciphers – operate on individual characters of
the plaintext
• block ciphers – process the plaintext in larger blocks of
characters

 asymmetric-key encryption
– it is hard (computationally infeasible) to compute K’
from K
– K can be made public ( public-key cryptography)

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and A.2
protocols Encryption
7
 Symmetric Cryptography

 Assumes parties already share a

secret key
1)Alice and Bob agree on
a cryptosystem
2)Alice and Bob agree on a
key
3)Alice takes her
plaintext message and
encrypts it using the
encryption algorithm and
the key. This creates
a ciphertext message
4)Alice sends the
ciphertext message to Bob
5)Bob decrypts the
ciphertext message with
the same algorithm and
key and reads it

•The transformations are

Security and Cooperation in Wireless Networks
simple and fast enough
Appendix A: Intro to cryptographic algorithms and for practical use and
protocols
implementation. 7
 Symmetric Cryptography: Block ciphers
 In a block cipher:
– Plaintext and ciphertext have fixed length b (e.g., 128
bits)
– A plaintext of length n is partitioned into a sequence of m
blocks, P[0], …, P[m1], where n  bm  n + b
 Each message is divided into a sequence of blocks
and encrypted or decrypted in terms of its blocks.

Plaintext

Blocks of plaintext

Requires padding (‫ )حشوة‬with extra bits.

Security and Cooperation in Wireless Networks A.2

Appendix A: Intro to cryptographic algorithms and Encryption 1
protocols Block 2
ciphers
 Padding

 Block ciphers require the length n of the plaintext

to be a multiple of the block size b
 Padding the last block needs to be unambiguous
(cannot just add zeroes)
 When the block size and plaintext length are a
multiple of 8, a common padding method is a
sequence of identical bytes, each indicating the
length (in bytes) of the padding
 Example 1. for b = 128 (16 bytes)
– Plaintext: “Roberto” (7 bytes)
– Padded plaintext: “Roberto999999999” (16 bytes),
where 9 denotes the number and not the character

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
7
 Example of ECB (Electronic CodeBook) mode

 The simplest of the encryption modes is the Electronic

Codebook (ECB). Each bloc is encrypted separately.
 The plain text is the ASCII encoding of: "Now is the time for".
 That is, the 19-byte sequence:
4E 6F 77 20 69 73 20 74 68 65 20 74 69 6D 65 20 66 6F 72
 To encrypt, we break up the plaintext into blocks of 8 bytes (Note
we are using 8 in this example because the block size for DES is 64 bits or
8 bytes)
N o w _ i s_ h
e _ t i m e f o r ? ? ? ? ?
t _
4 6 7 2 6 7 2 74 68 65 20 74 69 6D 65 6 6 7 ? ? ? ? ??
E F 7 0 9 3 0 20 6 F 2 ? ? ? ?
Pad with bytes all of the same value as the number of padding bytes
(PKCS5 padding). PKCS5 Pad the input with a padding string of
between 1 and 8 bytes to make the total length an exact multiple of 8
bytes.

66 6F 72 05 05 05 05
 Note: There is others paid 05
methods
Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and
protocols
7
 Block cipher modes of operation
 ECB – Electronic Codebook
– used to encipher a single plaintext block (e.g., a DES
key)

 CBC – Cipher Block Chaining

– repeated use of the encryption algorithm to encipher a
message consisting of many blocks

 CFB – Cipher Feedback

– used to encipher a stream of characters, dealing with
each character as it comes

 OFB – Output Feedback

– another method of stream encryption, used on noisy
channels

 CTR – Counter
– simplified OFB with certain advantages
Security and Cooperation in Wireless Networks A.2 Encryption
Appendix A: Intro to cryptographic algorithms and Block cipher modes of
protocols operation 7
 Classification of Modern Block cipher

 A modern block cipher can be designed to act as a:

 substitution cipher or
 transposition cipher.

 Substitution Ciphers
Substitute a character or a symbol for each character of
the original message

 Transposition Ciphers
The order of letters is rearranged

 Notation
UPPERCASE PLAINTEXT
lowercase ciphertext
Security and Cooperation in Wireless Networks A.2 Block cipher
Appendix A: Intro to cryptographic algorithms and
protocols
7
 Example. The Caesar Cipher -- Substitution

 a Caesar cipher, also known as Caesar's cipher, the shift

cipher, Caesar's code or Caesar shift, is one of the simplest
and most widely known encryption techniques.
 It is a type of substitution cipher in which each letter in
the plaintext is replaced by a letter some fixed number of
positions down the alphabet.
 Example . Ci = pi + 3

Ad Xa
Be Yb
Cf Zc

 Caesar cipher using a left rotation of three places

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW

Security and Cooperation in Wireless Networks A.2 Block cipher

Appendix A: Intro to cryptographic algorithms and
protocols
7
 Example. The Caesar Cipher -- Substitution

 The Caesar cipher is probably the easiest of all ciphers to

break.
 Since the shift has to be a number between 1 and 25, (0 or
26 would result in an unchanged plaintext) we can simply
try each possibility and see which one results in a piece of
readable text.
 In generally two situations can be considered:
 an attacker knows (or guesses) that some
sort of simple substitution cipher has been
used, but not specifically that it is a
Caesar scheme;
 an attacker knows that a Caesar cipher is
in use, but does not know the shift value.
Security and Cooperation in Wireless Networks A.2 Block cipher
Appendix A: Intro to cryptographic algorithms and
protocols
8
 Other Substitutions: Permutation

 Alphabet is scrambled, each plaintext letter maps

to a unique ciphertext letter
 For example

1, 2, 3, 4, 5, 6, 7, 8, 9
p1 = 1, 3, 5, 7, 9, 8, 6, 4, 2
p1(1) = 1, p1(2) = 3, p1(3) = 5, p1(4) = 7, etc.

Key can be used to control the utilized permutation

Security and Cooperation in Wireless Networks A.2 Block cipher

Appendix A: Intro to cryptographic algorithms and
protocols
8
 Cryptanalysis of substitution ciphers
 Brute force attack !
 Brute-force attacks work by calculating every possible
combination that could make up a password and testing
it to see if it is the correct password. As the password's
length increases, the amount of time, on average, to
find the correct password increases exponentially.
 26! Possibilities
 Clues
 Short words,
 Words with repeated patterns,
 Common initial and final letters, …
 Knowledge of language may simplify it
 English E, T, O, A occur far more than J, Q, X, Z
 Context

Security and Cooperation in Wireless Networks A.2 Block cipher

Appendix A: Intro to cryptographic algorithms and
protocols
8
 Avoid Regularity

Non-repeating series of numbers

Encryption ciphertext Decryption

plaintext Original
plaintext

Security and Cooperation in Wireless Networks A.2 Block cipher

Appendix A: Intro to cryptographic algorithms and
protocols
8
 One-Time Pads (OTP) or Or Vernam Cipher
 Name  set of sheets of paper with non-repeating
keys, glued into a pad
 First described by Frank Miller in 1882. Used by spie of the
former USSR (Russia) during 1960
 Used a stack of small very thin (‫ف‬v‫ )نحي‬pages, each with a series
of random numbers on them. After use, a page would be
destroyed immediately

 Two copies of the OTP should existe: one for sender and one
for receiver.
Security and Cooperation in Wireless Networks A.2 Block cipher
Appendix A: Intro to cryptographic algorithms and
protocols
8
 One-Time Pads (OTP) or Or Vernam Cipher

H
Encryption E L L O Message
7 4 11 11 14
23 12 2 10 11 key
30 = 16 13 21 25 Message + key
= 16 13 21 25 (Message + key)
4 mod 26
Q N V Z ciphertext
E Q N V Z Ciphertext
E
16 13 21 25
4
Decryption
- 12 2 10 11 key

23
- = 4 11 11 14 Ciphertext - key
19
 If = the(-19
number 4 is negative
11 11 then1426 is added to
(Ciphertext make the
- key)
number
+26)
Security and positive
Cooperation in Wireless Networks A.2 Block cipher
mod 26
Appendix A: Intro to cryptographic algorithms and
protocols
7 8
 Transposition

• The letters of the message are rearranged.

• Example. Columnar transposition
T H I S I
S A M E S
THIS IS A MESSAGE
S A G E T
TO SHOW HOW A O S H O W
COLMUNAR H O W A C
RANSPOSITION O L M U N
WORKS
Plaintext A R T R A
N S P O S
I T I O N
W O R K S

tssoh oaniw haaso ciphertex

lrsto imghw utpir
Security and Cooperation in Wireless Networks
seeoa
Appendix A: Intro to cryptographic algorithms and mrook istwc
A.2 Block cipher

protocols
8
nasna
 Stream ciphers

Security and Cooperation in Wireless Networks A.2

Appendix A: Intro to cryptographic algorithms and Encryption
protocols Stream 8
ciphers
 Stream ciphers

 the key stream is generated independently of the

plaintext and of the ciphertext
 needs synchronization between the sender and the
receiver
– if a character is inserted into or deleted from the ciphertext
stream then synchronization is lost and the plaintext cannot
be recovered
– additional techniques must be used to recover from loss of
synch.
 no error propagation
– a ciphertext character that is modified during transmission
affects only the decryption of that character
 an attacker can make changes to selected ciphertext characters
and know exactly what effect these changes have on the plaintext
 Most Cipher Streams Algorithm used in software :
– RC-4 (Ron’s Code)
– Most pre-WWII machines
– German Enigma
– Linear Feedback Shift Register
Security –
andA5 – encrypting
Cooperation GSMNetworks
in Wireless handset toA.2
base station communication
Appendix A: Intro to cryptographic algorithms and Encryption
protocols
– List: http://www.ecrypt.eu.org/stream/
Stream 8
ciphers
 RC4

 RC4 was designed in 1987 by Ron Rivest and is

one of the most widely software stream cipher
 Used in popular protocols, such as SSL (protect
Internet traffic), WEP (secure wireless networks)
and PDF.
 It’s considered to be fast and simple in terms of
key forms random
software of all 8-bit
scrambles input info a byte at avalues,
permutation time

S internal state of the cipher, a byte k is
generated from S by selecting one of the
255 entries in a systematic fashion (‫ةيجهنم‬
‫)ةقيرطب‬.

Initialization and permutation of S state

vector. Key length: 1 |K|256
Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and
protocols
8
 RC4 block Diagram

Secret key

RC
A
KeyStrem

Plain Text Encrypted Text

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 RC4: Initialization of S
 The entries of S are set equal to the values from 0 through
255 in ascending order; that is; S[0] = 0, S[1] = 1, …,
S[255] = 255.
 A temporary vector, T, is also created.
– If the length of the key K is 256 bytes, then K is transferred to T. Otherwise,
for a key of length keylen bytes, the first keylen elements of T are copied
from K and then K is repeated as many times as necessary to fill out T
 Pseudocod for i = 0 to 255 do S[i] =
i;
e: T[i] = K[i mod(keylen)];
 Next we use T to produce the initial permutation
of S. This involves starting with S[0] and going through
to S[255], and, for each S[i], swapping (‫دابت‬v‫ )ل‬S[i] with
another byte in S according to a scheme dictated by T[i]:
j=0;
for i = 0 to 255 do
j = (j + S[i] + T[i])(mod 256)
swap (S[i], S[j])

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 RC4: Stream Generation
 Once the S vector is initialized, the input key is no longer
used.
 Stream generation involves starting with S[0] and
going through to S[255], and, for each S[i], swapping
S[i]encrypt,
 To with XOR
another byte with
the value in the
S according
next byteto
of a scheme
dictated by the current configuration
S[t] plaintext Mofi S.
i = j = 0
for each message byte
Mi i = + 1) (mod 256)
(i j + S[i]) (mod
= (j 256) S[j])
swap(S[i],
t = (S[i] + S[j]) (mod
256)
SGi = XOR
Mi S[t]

 To decrypt, XOR the value S[t] with the next byte of

ciphertext

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 RC4: Example

 Lets consider the stream cipher RC4, we will use 8 x

3-bits
 Assume we use a 4 x 3-bit key, K, and plaintext P as
below:
– K = [1 2 3 6]
– P = [1 2 2 2]
 Inutilisation:
– S = [0 1 2 3 4 5 6 7]
– T = [1 2 3 6 1 2 3 6]
 Initial permutation on S:
– For i = 0: j = (0 + 0 + 1) mod 8 = 1,
– Swap(S[0],S[1]): S = [1 0 2 3 4 5 6 7]
– The results of the remaining 7 iterations are: S= [2 3 7 4
6 0 1 5];
 Stream Generation:
Security and Cooperation in Wireless Networks
– Now we generate 3-bits at a time, k, that we XOR with
Appendix A: Intro to cryptographic algorithms and
protocolseach 3-bits of 9
 RC4: Example

 The 3-bits k is generated by:

– The First iteration:
• S = [2 3 7 4 6 0 1 5]
• i = (0 + 1) mod 8 = 1
• j = (0 + S[1]) mod 8 = 3
• Swap(S[1],S[3])
• S = [2 4 7 3 6 0 1 5]
• t = (S[1] + S[3]) mod 8 = 7
• k = S[7] = 5
• Remember, that P is: P = [1 2 2 2], So our first 3-bits of
ciphertext is obtained by: k XOR P1:
5 XOR 1 = 101 XOR 001 = 100 = 4
 So to encrypt the plaintext stream P with key K with RC4
stream we get C:
P = [1 2 2
2]
K = [5 1 0
1]
C = [4 3 2
Security and Cooperation in Wireless Networks
Appendix A: Intro to cryptographic algorithms and
protocols
3]
9
 Asymmetric-key encryption
 Also known as public-key cryptography, performs
encryption and decryption with two different algorithms.
 Each user has a pair of keys: a public key and a private
key.
 The public key is used for encryption:
– The key is known to the public.
 The private key is used for decryption.
– The key is only known to the owner.

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 Asymmetric-key encryption

 The strength of a public key cryptography system

relies on the degree of difficulty (computational
impracticality) for a properly generated private
key to be determined from its corresponding
public key
 How does asymmetric encryption work ?
2. Send public key to Ali

1. Generate private
and public key

3. Encrypt message
by public key 4 decrypt
message using the
private key

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 Asymmetric algorithms

 Types of Asymmetric algorithms (public key

algorithms):
– DSA
– Elliptic curve cryptography.
– RSA
– Diffie-Hellman key exchange.
– Key Serialization.
– Asymmetric Utilities.
– X25519 key exchange

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols
9
 The RSA encryption scheme

 Rivest-Shamir-Adleman is the most commonly used

asymmetric algorithm (public key algorithm). It can be
used both for encryption and for digital signatures.
 Based on the idea that factorization of integers into their
prime
factors is hard.
 Prime number:
– A prime number (or a prime) is a natural number greater than
1 that has no positive divisors other than 1 and itself.
– The twenty-five prime numbers less than 100 are:
2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79,
83, 89,
97.
 RSA is actually a set of two algorithms:
– Key Generation: A key generation algorithm
– RSA Function Evaluation: A function F, that takes as input a point x and
a key k and produces either an encrypted result or plaintext,
depending on the input and the key.
Security and Cooperation in Wireless Networks A.2 Encryption
Appendix A: Intro to cryptographic algorithms and A.2.2 Asymmetric-key 2
protocols encryption 7
 1 Key Generation :
THE
. RSA ENCRYPTION SCHEME
– Select 2 prime numbers: p=11 and
q=13
– Calculate n = p×q -> 11 ×13=143
– Calculate ϕ (n) = (p-1) (q-1) = 11 ×
12= 120
– Select a random prime number, that is prime with
ϕ(n)
• e is> e >1,
prime (n):
with ϕ (n) means that ϕ common
greatest
divisor (gcd) of e and ϕ(n) is equal to 1: gcd(e, ϕ (n) )=1
• e = 7 -> the public key is (e,n)
– Determine d, the private key, such that :
• d × e =1 mod ϕ(n) -> d × e= (k × Φ(n) + 1) -> d
= (k*Φ(n) +
1) / e
• d = (120 × k+1)/7 -> we can choose k=6 so d= 103

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and 2
protocols 8
 The RSA encryption scheme

 Encryptio
n: F(m, e) = me mod n=c

Where, m is the message, e is the public key and c is

the cipher.
– Lets choose our plaintext to be
message, m 9:
• me mod n=97 mod 143=48=c

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols 100
/80
 A Real World Example
 Lets encrypt the message "attack at dawn". The first thing
that must be done is to convert the message into a numeric
format. Each letter is represented by an ascii character,
therefore it can be accomplished quite easily. Convert
the string to a bit array, and then the bit array to a large
number. This can very easily be reversed to get back the
original string given the large number.
 Using this method, "attack at dawn" becomes
1976620216402300889624482718775150
 Key Generation
–
P:12131072439211271897323671531612440428472427633701410925634549312301
96437304
20856193241973653224168665410170573613652141717117137979742993348710628298
03541

–
Q:12027524255478748885956220793734512128733387803682075433653899983955
17985098
87978998691469008091316111533468170508320960221601463663463918124709871054
15233
Security and Cooperation in Wireless Networks
– Encryption:
Appendix A: Intro to cryptographic algorithms and
protocols 101
35052111338673026690212423937053328511880760811579981620642802346685810623 /80
 References
 http://doctrina.org/How-RSA-Works-With-
Examples.html
 Dejan Ristanovic and Jelica Protic, The Book Cipher Algorithm,
2008
 Delfs, Hans & Knebl, Helmut (2007). "Symmetric-key encryption".
Introduction to cryptography: principles and applications. Springer.
ISBN 9783540492436.
 Pelzl & Paar (2010). Understanding Cryptography. Berlin: Springer-
Verlag. p. 30.

Security and Cooperation in Wireless Networks

Appendix A: Intro to cryptographic algorithms and
protocols 102
/80
 Cyber Security

Lecture for July 2, 2010

Security Architecture
and Design
Dr. Bhavani Thuraisingham
OUTLINE
 Computer Architecture
 Operating System
 System Architecture
 Security Architecture
 Security Models
 Security Models of Operation
 System Evaluation Methods
 Open Vs Closed Systems
 Some security threats
COMPUTER ARCHITECTURE
COMPONENTS
 Central Processing Unit (CPU)
 Registers
 Memory Units
 Input/output Processors
 Single Processor
 Multi-Processor
 Multi-Core Architecture
 Grids and Clouds
OPERATING SYSTEMS
 Memory Management
 Process management
 File Management
 Capability Domains
 Virtual Machines
SYSTEM ARCHITECTURE
 The software components that make up the system
 Middleware
 Database management
 Networks
 Applications
SECURITY ARCHITECTURE
 Security critical components of the system
 Trusted Computing Base
 Reference Monitor and Security Kernel
 Security Perimeter
 Security Policy
 Least Privilege
TRUSTED COMPUTING BASE
 The trusted computing base (TCB) of a computer system is
the set of all hardware, firmware, and/or software
components that are critical to its security, in the sense that
bugs or vulnerabilities occurring inside the TCB might
jeopardize the security properties of the entire system.

 By contrast, parts of a computer system outside the TCB

must not be able to misbehave in a way that would leak any
more privileges than are granted to them in accordance to
the security policy.
REFERENCE MONITOR AND SECURITY
KERNEL
 In operating systems architecture, a reference monitor is a
tamperproof, always-invoked, and small-enough-to-be-fully-
tested-and-analyzed module that controls all software
access to data objects or devices (verifiable).

 The reference monitor verifies that the request is allowed by

the access control policy.
SECURITY MODELS
 Bell and LaPadula (BLP) Confidentiality Model
 Biba Integrity Model (opposite to BLP)
 Clark Wilson Integrity Model
 Other Models
 information Flow Model
 Non Interference Model
 Graham Denning Model
 Harrison-Ruzzo-Ullman Model
 Lattice Model
BELL AND LAPADULA
 A system state is defined to be "secure" if the only permitted access modes of
subjects to objects are in accordance with a security policy. To determine
whether a specific access mode is allowed, the clearance of a subject is
compared to the classification of the object (more precisely, to the combination
of classification and set of compartments, making up the security level) to
determine if the subject is authorized for the specific access mode.

 The clearance/classification scheme is expressed in terms of a lattice. The

model defines two mandatory access control (MAC) rules and one discretionary
access control (DAC) rule with three security properties:

 The Simple Security Property - a subject at a given security level may not read
an object at a higher security level (no read-up).
BIBA
 In general, preservation of data integrity has three goals:
 Prevent data modification by unauthorized parties
 Prevent unauthorized data modification by authorized parties
 Maintain internal and external consistency (i.e. data reflects the real world)
 Biba security model is directed toward data integrity (rather than confidentiality) and is
characterized by the phrase: "no read down, no write up". This is in contrast to the Bell-
LaPadula model which is characterized by the phrase "no write down, no read up".
CLARK WILSON MODEL
 The Clark-Wilson integrity model provides a foundation for
specifying and analyzing an integrity policy for a computing
system.
 The model is primarily concerned with formalizing the notion
of information integrity.
 Information integrity is maintained by preventing corruption
of data items in a system due to either error or malicious
intent.
CLARK WILSON MODEL
 A well-formed transaction is a series of operations that transition a system from one consistent
state to another consistent state.
 In this model the integrity policy addresses the integrity of the transactions.
 The principle of separation of duty requires that the certifier of a transaction and the
implementer be different entities.
CLARK WILSON MODEL
 At the heart of the model is the notion of a relationship between an
authenticated principal (i.e., user) and a set of programs (i.e., TPs) that
operate on a set of data items (e.g., UDIs and CDIs). The components of
such a relation, taken together, are referred to as a Clark-Wilson triple.

 The model must also ensure that different entities are responsible for
manipulating the relationships between principals, transactions, and data
items. As a short example, a user capable of certifying or creating a
relation should not be able to execute the programs specified in that
relation.
CLARK WILSON MODEL
 E1—System must maintain a list of certified relations and ensure only TPs certified to
run on a CDI change that CDI. E2—System must associate a user with each TP and
set of CDIs. The TP may access the CDI on behalf of the user if it is “legal.” This
requires keeping track of triples (user, TP, {CDIs}) called “allowed relations.”

 C3—Allowed relations must meet the requirements of “separation of duty.” We need

authentication to keep track of this.

 E3—System must authenticate every user attempting a TP. Note that this is per TP
request, not per login. For security purposes, a log should be kept.
SECURITY MODES OF OPERATION
 Dedicated
 Systems High
 Compartmented
 Multilevel
 Trust and Assurance
OPEN VS. CLOSED SYSTEM
 Open systems allow users to reuse, edit, manipulate, and
contribute to the system development
 Open source software is an example of Open systems
 Licensed to the public
 Freeware is also an example of Open systems
 Closed system permits users the system as it is
SOME SECURITY THREATS
 Buffer Overflow
 Maintenance Hooks
 Time of check / Time of use attacks
 DATABASE
SECURITY

Dr. Zaki Brahmi

[email protected] Computer
Science Departement,
College Of Science And arts at Al-
Ola, Taibah University

IS 257 - Fall 2002

2017- SLIDE
121
OVERVIEW DATA BASE
• Structured collection of data stored for use by one or
more applications
• Contains the relationships between data items and groups
of data items
• Can contain sensitive data that needs to be secured
• Query language: Provides a uniform interface to the
database like SQL

IS 257 - Fall 2002

2017- SLIDE
122
SQL
• Structure Query Language (SQL)
– originally developed by IBM in the mid-1970s
– standardized language to define, manipulate,
and query data in a relational database

CREATE TABLE department ( CREATE VIEW newtable (Dname, Ename, Eid, Ephone) AS
Did INTEGER PRIMARY Dname KEY, SELECT D.Dname E.Ename, E.Eid, E.Ephone
CHAR (30), FROM Department D Employee E WHERE E.Did = D.Did
Dacctno CHAR (6) )

CREATE TABLE employee (

Ename CHAR (30), Did INTEGER,
SalaryCode INTEGER, Eid INTEGER
PRIMARY
Ephone CHAR (10), KEY,

FOREIGN KEY (Did) REFERENCES department (Did) )

IS 257 - Fall 2017- SLIDE

2017 123
DBMS
• A database-management system (DBMS) is a software that allows
creation, definition and manipulation of database.
• Dbms is actualy a tool used to perform any kind of operation on
data in database.
• Dbms also provides protection and security to database. It
maintains data consistency in case of multiple users.
• Here are some examplesof popular dbms, MySql,
Oracle, Sybase, Microsoft Access and IBM DB2 etc.

IS 257 - Fall 2017- SLIDE

2017 124
DATABASE SECURITY ISSUES
• Threats to databases
– Loss of integrity
– Loss of availability
– Loss of confidentiality

• To protect databases against these types of threats four kinds of

countermeasures can be implemented:
– Access control
– Inference control
– Flow control
– Encryption

IS 257 - Fall 2017- SLIDE

2017 125
DATABASE SECURITY ISSUES

• A DBMS typically includes a database security and

authorization subsystem that is responsible for ensuring the
security portions of a database against unauthorized access.

• The security mechanism of a DBMS must include provisions

for restricting access to the database as a whole

– This function is called access control and is handled by creating

user accounts and passwords to control login process by the DBMS.

IS 257 - Fall 2017- SLIDE

2017 126
DATABASE SECURITY ISSUES

• The security problem associated with databases is

that of controlling the access to a statistical
database, which is used to provide statistical
information or summaries of values based on
various criteria.
– The countermeasures to statistical database security problem
is called inference control measures.

IS 257 - Fall 2017- SLIDE

2017 127
DATABASE SECURITY ISSUES

• Another security is that of flow control, which

prevents information from flowing in such a way
that it reaches unauthorized users.

• Channels that are pathways for information to flow

implicitly in ways that violate the security policy
of an organization are called covert channels.

IS 257 - Fall 2017- SLIDE

2017 128
DATABASE SECURITY ISSUES

• A final security issue is data encryption, which is

used to protect sensitive data (such as credit card
numbers) that is being transmitted via some type
communication network.
• The data is encoded using some encoding
algorithm.
– An unauthorized user who access encoded data will have
difficulty deciphering it, but authorized users are given
decoding or decrypting algorithms or (keys) to decipher
data.

IS 257 - Fall 2017- SLIDE

2017 129
TO SUM UP
• Database security Goals:
– define a security policy preserve ( ‫ )ظافحال‬the:
• Confidentiality: protection against unauthorized disclosure
(‫)هب حرصمال ريغ فشكال‬
• Integrity: protection against unauthorized
modification or destruction and
• availability: provide data to authorized users
when they need it
– avoid inferences

Use
DBM DB
r S
Access and
Applicatio data
interference
n encryption
Control
IS 257 - Fall 2017-
2017 SLIDE
130
DATABASE SECURITY AND THE DBA
• The database administrator (DBA) is the central
authority for managing a database system.
– The DBA’s responsibilities include:
• granting privileges to users who need to use the
system. 2 types of database security mechanisms:
– Discretionary security mechanisms
– Mandatory security mechanisms
• Classifying users and data in accordance with the
policy of the organization
• Impose same constraint: Integrity constraints
– The DBA is responsible for the overall security of the
database system.

IS 257 - Fall 2017-

2017 SLIDE
131
DATABASE SECURITY AND THE DBA

• The DBA has a DBA account in the DBMS

– Sometimes these are called a system or super-user
account
– These accounts provide powerful (‫ )يوق‬capabilities such as:
1. Account creation
2. Privilege granting
3. Privilege revocation (‫)ءاغإل‬
4. Security level assignment (‫)ةمهم‬
– Action 1 is access control, whereas 2 and 3 are discretionary
and 4 is used to control mandatory authorization

IS 257 - Fall 2017-

2017 SLIDE
132
INTEGRITY CONSTRAINTS
• The constraints we wish to impose in order to
protect the database from becoming inconsistent
(‫)مجسنم ريغ‬.
– Example:
• Suppose have a functional dependency name → salary and two
tuples (John, 10K) in source 1, and (John, 20K) in source 2.
• Five types
– Required data
– Attribute domain constraints
– Entity integrity
– referential integrity
– Enterprise Constraints

IS 257 - Fall 2002 2017-

SLIDE
133
REQUIRED DATA
• Some attributes must always contain a
value -- they cannot have a NULL value
• For example:
– Every employee must have a job title.
– In SQL:
CREATE TABLE table-name ( Job varchar(30) NOT
NULL
…..
);

IS 257 - Fall 2002 2017-

SLIDE
134
ATTRIBUTE DOMAIN CONSTRAINTS
• Every attribute has a domain, that is a set of
values that are legal for it to use
• For example:
– The domain of sex in the employee relation is “M”
or “F”
• Domain ranges can be used to validate input
to the database

IS 257 - Fall 2002 2017-

SLIDE
135
ENTITY INTEGRITY
• The primary key of any entity:
– Must be Unique
– Cannot be NULL

CREATE TABLE Persons ( ID int NOT

NULL,
LastName varchar(255) NOT NULL, FirstName
varchar(255),
Age int,
PRIMARY KEY (ID)
);

IS 257 - Fall 2002 2017-

SLIDE
136
REFERENTIAL INTEGRITY
• A “foreign key” links each occurrence ( ‫ )روهظ‬in a relation
representing a child entity to the occurrence of the parent
entity containing the matching candidate (usually primary)
key
• Referential Integrity means that if the foreign key contains a
value, that value must refer to an existing occurrence in the
parent entity
– To deal with insertions and deletions of data from the
parent and child tables
• For example:
– Since the Order ID in the diveitem relation refers to a particular
diveords item, that item must exist for referential integrity to be
satisfied.

IS 257 - Fall 2002 2017-

SLIDE
137
REFERENTIAL INTEGRITY
• Referential integrity are declared when tables
are systems)
defined (in most
•There are many issues having to do with how particular
referential integrity constraints are to be implemented to .

IS 257 - Fall 2002 2017-

SLIDE
138
DATA AND DOMAIN INTEGRITY
• In Oracle, for example, when defining a table
you can specify:

CREATE TABLE table-name (

attr2 attr-type NOT NULL, forbids NULL values
attrN attr-type CHECK (attrN = UPPER(attrN)
verifies that the data meets certain criteria attrO
attr-type DEFAULT default_value);
Supplies default values

IS 257 - Fall 2002 2017-

SLIDE
139
ENTERPRISE CONSTRAINTS

• These are business rule that may affect the

database and the data in it
– for example, if a manager is only permitted to
manage 10 employees then it would violate an
enterprise constraint to manage more

IS 257 - Fall 2002 2017-

SLIDE
140
DISCRETIONARY ACCESS CONTROL
• Based on the concept of access rights or privileges
for objects (tables and views), and mechanisms for
giving users privileges (and revoking privileges)
• Creator of a table or a view automatically gets all
privileges on it.
• Subject: user, groupe of user, all user, …
• Object: DB, Table, view, procedure, …
• Privileges: tables, schema, DB, …

IS 257 - Fall 2017-

2017 SLIDE
141
EXAMPLE(1)
• Suppose that the DBA creates four accounts
– A1, A2, A3, A4
• and wants only A1 to be able to create base relations. Then
the DBA must issue the following GRANT command in
SQL:
GRANT CREATETAB TO A1;
• Suppose that A1 wants to grant A2 the privilege to insert
and delete tuples in both of these relations:

GRANT INSERT, DELETE ON

EMPLOYEE, DEPARTMENT TO A2;

IS 257 - Fall 2017-

2017 SLIDE
142
EXAMPLE (2)
• Suppose that A1 wants to allow A3 to retrieve information
from either of the two tables and also to be able to propagate
the SELECT privilege to other accounts.
• A1 can issue the command:
GRANT SELECT ON EMPLOYEE, DEPARTMENT
TO A3 WITH GRANT OPTION;
• A3 can grant the SELECT privilege on the EMPLOYEE
relation to A4 by issuing:
GRANT SELECT ON EMPLOYEE TO A4;
– Notice that A4 can’t propagate the SELECT privilege because
GRANT OPTION was not given to A4

IS 257 - Fall 2017-

2017 SLIDE
143
EXAMPLE (3)
• Finally, suppose that A1 wants to allow A4 to update only
the SALARY attribute of EMPLOYEE; A1 can issue:

GRANT UPDATE ON EMPLOYEE (SALARY) TO

A4;

– The UPDATE or INSERT privilege can specify particular

attributes that may be updated or inserted in a relation.
– Other privileges (SELECT, DELETE) are not attribute
specific.

IS 257 - Fall 2017-

2017 SLIDE
144
EXAMPLE (4)
• Suppose that A1 decides to revoke the SELECT
privilege on the EMPLOYEE relation from A3; A1
can issue:
REVOKE SELECT ON EMPLOYEE FROM
A3;

• The DBMS must now automatically revoke the

SELECT privilege on EMPLOYEE from A4, too,
because A3 granted that privilege to A4 and A3
does not have the privilege any more.

IS 257 - Fall 2017-

2017 SLIDE
145
RBAC
• Roles permit common privileges for a class of users can be
specified just once by creating a corresponding “role”
• Privileges can be granted to or revoked from roles
• SQL:1999 supports roles
create role teller
create role manager

grant select on branch to teller

grant update (balance) on account to teller
grant all privileges on account to manager
grant teller to manager
grant teller to alice, bob
grant manager to avi

IS 257 - Fall 2017-

2017 SLIDE
146