1

DATABASE SECURITY
 2
Databases

 Structured collection of data stored

for use by one or more applications
Database
management system
 Contains the relationships between (DBMS)
data items and groups of data
• Suite of programs for
items
constructing and
maintaining the
 Can sometimes contain sensitive database
data that needs to be secured • CRUD Functionality

Query language
 Provides a uniform
interface to the database
Database Concepts

 Database
 a collection of data & set of rules that organize the data
 user works with a logical representation of the data
 Relational database
 in the relational model, data is organized as a collection of
RELATIONS or tables
 relations is a set of ATTRIBUTES or columns
 each row (or record) of a relation is called a TUPLE
 Database management system (DBMS)
 maintains the DB and controls read write access
 Database administrator (DBA)
 sets the organization of DB and access rules to the DB
Database Concepts

 Relationships between tables (relations) must be

in the form of other relations
 base (‘real’) relations: named and autonomous
relations, not derived from other relations (have
stored data)
 views: named derived relations (no stored data)
 snapshots: like views are named, derived relations,
but they do have stored data
 query results: result of a query - may or may not
have name, and no persistent existence
Database Concepts

 Within every relation, need to uniquely identify

every tuple
 a primary key of a relation is a unique and minimal
identifier for that relation
 can be a single attribute - or may be a choice of
attributes to use
 when primary key of one relation used as attribute in
another relation it is a foreign key in that relation
Database Concepts

 Structured Query Language (SQL)

 to manipulate relations and data in a relational
database
 Types of SQL Commands
 Data Dictionary Language (DDL)
 define, maintain, drop schema objects
 Data Manipulation Language (DML)
 SELECT, INSERT, UPDATE
 Data Control Language (DCL):
 control security (GRANT,REVOKE) and concurrent access
(COMMIT , ROLLBACK)
Security Requirements

 Physical database integrity

 Logical database integrity
 Element integrity
 Auditability
 Access control
 User authentication
 Availability
Security Requirements

 Physical database integrity

 immunity to physical catastrophe, such as power
failures, media failure
 physical securing hardware, UPS
 regular backups

 Logical database integrity

 reconstruction Ability
 maintain a log of transactions
 replay log to restore the systems to a stable point
Security Requirements

 Element integrity
 integrity of specific database elements is their
correctness or accuracy
 field checks
– allow only acceptable values
 access controls
– allow only authorized users to update elements
 change log
– used to undo changes made in error
 referential Integrity (key integrity concerns)
 two phase locking process

 Auditability
 log read/write to database
Security Requirements

 Access Control (similar to OS)

 logical separation by user access privileges
 more complicated than OS due to complexity of
DB (granularity/inference/aggregation)
 User Authentication
 may be separate from OS
 can be rigorous
 Availability
 concurrent users
 reliability
SQL Security Model

 SQL security model implements DAC based on

 users: users of database - user identity checked during
login process;
 actions: including SELECT, UPDATE, DELETE and INSERT;
 objects: tables (base relations), views, and columns
(attributes) of tables and views
 Users can protect objects they own
 when object created, a user is designated as ‘owner’ of
object
 owner may grant access to others
 users other than owner have to be granted privileges to
access object
SQL Security Model

 Components of privilege are

 grantor, grantee, object, action, grantable
 privileges managed using GRANT and REVOKE operations
 the right to grant privileges can be granted
 Issues with privilege management
 each grant of privileges is to an individual or to “Public”
 makes security administration in large organizations
difficult
 individual with multiple roles may have too many
privileges for one of the roles
 SQL3 is moving more to role based privileges
SQL Security Model

 Authentication & identification mechanisms

 CONNECT <user> USING<password>
 DBMS may chose OS authentication
 or its own authentication mechanism
SQL Security Model

 Mandatory access controls (MAC)

 no read up, no write down
 traditional MAC implementations in RDBMS have
focused solely on MLS
 there have been three commercial MLS RDBMS
offerings
 trusted Oracle ,Informix OnLine/Secure, Sybase Secure
SQL Server
SQL Security Model

 Enforce MAC using security labels

 assign security levels to all data
 label associated with a row
 assign a security clearance to each users
 label associated with the user
 DBMS enforces MAC
 access to a row based upon
– the label associated with that row and the label associated with
the user accessing that row.
 Case Study
RECORDID CLIENTNO DEPTNO ALLOCATION_DATE LAST_UPDATE MEDICAL_HISTORY RISK_FACTOR

0010 K108341 K01 2006/01/05 2006/02/05 Diabetes 0

0020 K104546 K01 2006/10/20 2006/11/05 Arthritis 2

0030 S245987 S02 2006/09/01 2006/10/05 High Blood 3

Pressure
0040 S245456 S02 2006/06/26 2006/07/05 Asthma 1

– Medical record analyst

• READ all records
• WRITE all records
– Managers
• READ client records of their department
• READ only non-confidential columns
• No WRITE access
Case Study

 Columns
 medical record analysts have READ/WRITE access to
confidential columns
 managers have READ access to non-confidential columns
 Rows:
 medical record analysts can read and update all the
records
 managers can read but not update client records for their
department
Database Access Control 18

Database access Can support a range

control system of administrative
determines: policies

Centralized administration
If the user has access to the
• Small number of privileged users may
entire database or just portions grant and revoke access rights
of it

Ownership-based administration
What access rights the user has
• The creator of a table may grant and
(create, insert, delete, update, revoke access rights to the table
read, write)

Decentralized administration
• The owner of the table may grant and
revoke authorization rights to other users,
allowing them to grant and revoke access
rights to the table
 19
SQL Access Controls

 Two commands for managing access rights:

 Grant
 Used to grant one or more access rights or can be used to assign a
user to a role
 Revoke
 Revokes the access rights

 Typical access rights are:

 Select
 Insert
 Update
 Delete
 References
 20
Role-Based Access Control
(RBAC)
 Role-based access control eases administrative burden and improves security
 A database RBAC needs to provide the following capabilities:
Create and delete roles
Define permissions for a role
Assign and cancel assignment of users to roles
 Categories of database users:

Application owner End user Administrator

• An end user who owns
database objects as part
of an application
• An end user who • User who has
operates on database administrative
objects via a particular responsibility for part or
application but does not all of the database
own any of the database
objects
 INFERENCE

 Process of performing authorized queries & deducing

unauthorized information from the legitimate responses
received.
 The inference problem arises when the combination of a
number of data items is more sensitive than the individual
items, or when a combination of data items can be used to
infer data of a higher sensitivity.
 The attacker may make use of nonsensitive data as well as
metadata.
 Metadata refers to knowledge about correlations or
dependencies among data items that can be used to deduce
information not otherwise available to a particular user.
21
 The information transfer path by which unauthorized data
is obtained is referred to as an inference channel.
 Two inference techniques can be used to derive
additional information:
1.Analyzing functional dependencies between attributes within a
table or across tables; and
2. Merging views with the same constraints.

22
 INFERENCE EXAMPLE…

Figure a : Shows a table Employee with five columns.

Figure b : Shows two views.
Figure c : This violates the access control policy that the
relationship of attributes Name and Salary must not be disclosed.
23
 24
Inference Detection Approach removes an
inference channel by
altering the database
structure or by changing
the access control regime
to prevent inference
Inference detection
during database design
Techniques in this category
often result in
unnecessarily stricter
access controls that reduce
availability

Two approaches

Approach seeks to
eliminate an inference
channel violation during a
query or series of queries

Inference detection at
query time

If an inference channel is
detected, the query is
denied or altered

 Some inference detection algorithm is needed for either of these approaches

 Progress has been made in devising specific inference detection techniques for
multilevel secure databases and statistical databases
 PROTECTING AGAINST INFERENCE
1. Query restriction:

• Rejects a query that can lead to a compromise

• Query restriction techniques defend against inference by restricting
statistical queries so that they do not reveal user confidential
information.
• Restriction in this context simply means that some queries are
denied.

2
2. Perturbation:
Provides answers to all queries, but the answers are
approximate.
Due to the addition of noise to the statistics generated from the
original data.
This can be done in one of two ways:
1. Data Perturbation :
 The data in the database can be modified (perturbed) so as to produce statistics that
cannot be used to infer values for individual records.

2. Output Perturbation :

When a statistical query is made, the system can generate

statistics that are modified from those that the original database
would provide, again thwarting attempts to gain knowledge of
individual records.
2
PROTECTING AGAINST INFERENCE….

2
Database Encryption 28

 The database is typically the most valuable information resource for any
organization
 Protected by multiple layers of security
 Firewalls, authentication, general access control systems, DB access control systems,
database encryption
 Encryption becomes the last line of defense in database security
 Can be applied to the entire database, at the record level, the attribute
level, or level of the individual field
 Disadvantages to encryption:
 Key management
 Authorized users must have access to the decryption key for the data for which they
have access
 Inflexibility
 When part or all of the database is encrypted it becomes more difficult to perform
record searching
 29

Data owner – organization that

produces data to be made
available for controlled release

User – human entity that

presents queries to the system

Client – frontend that

transforms user queries into
queries on the encrypted data
stored on the server

Server – an organization that

receives the encrypted data
from a data owner and makes
them available for distribution to
clients
Database Encryption…
 A user at the client can retrieve a record from the database
with the following sequence:

1. The user issues an SQL query for fields from one or more
records with a specific value of the primary key.

2. The query processor at the client encrypts the primary key,

modifies the SQL query accordingly, and transmits the query
to the server.

3. The server processes the query using the encrypted value of

the primary key and returns the appropriate record or records.

4. The query processor decrypts the data and returns the results.

3
Summary
31
 The need for database
security • Database access
 Database management control
systems
 SQL-based access
 Relational databases definition
 Elements of a relational  Cascading
database system authorizations
 Structured Query Language  Role-based access
 SQL injection attacks control
 A typical SQLi attack • Database
 The injection technique encryption
 SQLi attack avenues and
types
 SQLi countermeasures
 Inference
 32
Further Readings

 https://www.owasp.org/index.php/Testing_for_SQL_
Injection_(OTG-INPVAL-005
)
 https://www.w3schools.com/sql/sql_injection.asp