Computer Security:

Principles and
Practice
Fourth Edition

By: William Stallings and Lawrie Brown

Chapter 5
Database and
Data Center Security
Database There is a dramatic
imbalance between

Security
the complexity of
modern database
management systems
(DBMS) and the
security technique Databases have
The increasing used to protect these a sophisticated
reliance on cloud critical systems interaction
technology to host protocol,
part or all of the Structured
corporate Reasons Query
database database Language
security has (SQL), which is
not kept pace complex
with the
Most enterprise increased
environments consist of a reliance on Effective
heterogeneous mixture of databases are: database
database platforms, security requires
enterprise platforms, and a strategy based
OS platforms, creating an on a full
additional complexity understanding of
hurdle for security the security
personnel The typical vulnerabilities of
organization lacks SQL
full-time database
security personnel
 Databases
 Structured collection of data
stored for use by one or more
applications
Database management
system (DBMS)
 Contains the relationships
between data items and • Suite of programs for
groups of data items constructing and
maintaining the
database
 Can sometimes contain • Offers ad hoc query
sensitive data that needs to be facilities to multiple
secured users and applications

Query language
 Provides a uniform interface
to the database for users and
applications
 Relational Databases
 Table of data consisting of rows and columns
 Each column holds a particular type of data
 Each row contains a specific value for each column
 Ideally has one column where all values are unique, forming an
identifier/key for that row

 Enables the creation of multiple tables linked

together by a unique identifier that is present in
all tables
 Use a relational query language to access the
database
 Allows the user to request data that fit a given set of criteria
 Relational Database
Elements
Primary key
• Uniquely identifies a row

Relation • Consists of one or more column

Table/file names

Tuple Foreign key

Row/record • Links one table to attributes in

Attribute another

Column/field View/virtual table
• Result of a query that returns
selected rows and columns from
one or more tables
• Views are often used for security
purposes
 Table 5.1
Basic Terminology for Relational
Databases
 Structured Query Language
(SQL)
 Standardized language to define schema,
manipulate, and query data in a relational database
 Several similar versions of ANSI/ISO standard
 All follow the same basic syntax and semantics

SQL statements can be used to:

• Create tables
• Insert and delete data in tables
• Create views
• Retrieve data with query statements
 SQL Injection Attacks
(SQLi)
• One of the most • Most common attack
prevalent and goal is bulk extraction
dangerous network- of data
based security threats

• Designed to exploit the • Depending on the

environment SQL
nature of Web injection can also be
application pages exploited to:
o Modify or delete data

• Sends malicious SQL o Execute arbitrary operating

system commands
commands to the o Launch denial-of-service (DoS)
database server attacks
 Injection Technique

The SQLi attack typically works by

prematurely terminating a text string and
appending
Because the a new
inserted command maycommand
have additional strings
appended to it before it is executed the attacker terminates the
injected string with a comment mark “- -”

Subsequent text is ignored at execution time

SQLi Attack Avenues
User input
• Attackers inject SQL commands by providing suitable crafted user input

Server variables
• Attackers can forge the values that are placed in HTTP and network headers and
exploit this vulnerability by placing data directly into the headers

Second-order injection
• A malicious user could rely on data already present in the system or database to
trigger an SQL injection attack, so when the attack occurs, the input that modifies
the query to cause an attack does not come from the user, but from within the
system itself

Cookies
• An attacker could alter cookies such that when the application server builds an SQL
query based on the cookie’s content, the structure and function of the query is
modified

Physical user input

• Applying user input that constructs an attack outside the realm of web requests
 Inband Attacks
• Uses the same communication channel for injecting SQL code
and retrieving results
• The retrieved data are presented directly in application Web
page
• Include:

End-of-line Piggybacked
Tautology
comment queries
The attacker
This form of After injecting
adds additional
attack injects code into a
queries beyond
code in one or particular field,
the intended
more legitimate code
query, piggy-
conditional that follows are
backing the
statements so nullified through
attack on top of
that they always usage of end of
a legitimate
evaluate to true line comments
request
 Inferential Attack
• There is no actual transfer of data, but the
attacker is able to reconstruct the information by
sending particular requests and observing the
resulting behavior of the Website/database server
• Include:
o Illegal/logically incorrect queries
• This attack lets an attacker gather important information
about the type and structure of the backend database of
a Web application
• The attack is considered a preliminary, information-
gathering step for other attacks
o Blind SQL injection
• Allows attackers to infer the data present in a database
system even when the system is sufficiently secure to not
display any erroneous information back to the attacker
 Out-of-Band Attack
• Data are retrieved using a different channel

• This can be used when there are limitations on

information retrieval, but outbound connectivity
from the database server is lax
 SQLi
Countermeasures
• Three types:

• Manual defensive
Detection • Check queries at
coding practices runtime to see if
• Parameterized • Signature based they conform to a
query insertion • Anomaly based model of expected
• SQL DOM • Code analysis queries

Defensive Run-time
coding prevention
 Database Access
Control
Can support a
Database access
range of
control system
administrative
determines:
policies
Centralized administration
If the user has access to the entire • Small number of privileged users may
database or just portions of it grant and revoke access rights

Ownership-based administration
What access rights the user has • The creator of a table may grant and
(create, insert, delete, update, revoke access rights to the table
read, write)

Decentralized administration
• The owner of the table may grant and
revoke authorization rights to other users,
allowing them to grant and revoke access
rights to the table
 SQL Access Controls
• Two commands for managing access rights:
• Grant
o Used to grant one or more access rights or can be
used to assign a user to a role
• Revoke
o Revokes the access rights

• Typical access rights are:

• Select
• Insert
• Update
• Delete
• References
 Control
(RBAC)
• Role-based access control eases administrative burden and improves security

• A database RBAC needs to provide the following capabilities:

• Create and delete roles
• Define permissions for a role
• Assign and cancel assignment of users to roles

• Categories of database users:

Application owner End user Administrator

• An end user who owns • An end user who • User who has
database objects as part operates on database administrative
of an application objects via a particular responsibility for part or
application but does not all of the database
own any of the database
objects
 Table
5.2

Fixed
Roles
in
Microso
ft
SQL
Server
(Table is on page 165 in
the textbook)
 Inference Detection
Approach removes an
inference channel by
altering the database
structure or by changing
the access control regime
to prevent inference
Inference detection
during database design
Techniques in this
category often result in
unnecessarily stricter
access controls that
reduce availability

Two approaches

Approach seeks to
eliminate an inference
channel violation during
a query or series of
queries
Inference detection
at query time

If an inference channel is
detected, the query is
denied or altered

• Some inference detection algorithm is needed for either of these approaches

• Progress has been made in devising specific inference detection techniques for
multilevel secure databases and statistical databases
 Database Encryption
 The database is typically the most valuable information
resource for any organization
 Protected by multiple layers of security
 Firewalls, authentication, general access control systems, DB access
control systems, database encryption
 Encryption becomes the last line of defense in database security
 Can be applied to the entire database, at the record level, the
attribute level, or level of the individual field
 Disadvantages to encryption:
 Key management
 Authorized users must have access to the decryption key for the
data for which they have access
 Inflexibility
 When part or all of the database is encrypted it becomes more
difficult to perform record searching
Data Center Security

• Data center:
o An enterprise facility that houses a large number of servers,
storage devices, and network switches and equipment
o The number of servers and storage devices can run into the tens
of thousands in one facility
o Generally includes redundant or backup power supplies,
redundant network connections, environmental controls, and
various security devices
o Can occupy one room of a building, one or more floors, or an
entire building
• Examples of uses include:
o Cloud service providers
o Search engines
o Large scientific research facilities
o IT facilities for large enterprises
 TIA-492
• The Telecommunications Industry Association (TIA)
• TIA-492 (Telecommunications Infrastructure Standard
for Data Centers) specifies the minimum requirements
for telecommunications infrastructure of data centers
• Includes topics such as:
• Network architecture
• Electrical design
• File storage, backup, and archiving
• System redundancy
• Network access control and security
• Database management
• Web hosting
• Application hosting
• Content distribution
• Environmental control
• Protection against physical hazards
• Power management
 Table
5.4

Data
Center
Tiers
Defined in
TIA-942
(Table is on page 177 in textbook)
 Summary
• The need for database • Database access
security control
• Database management • SQL-based access definition
systems • Cascading authorizations
• Role-based access control
• Relational databases
• Elements of a relational
• Inference
database system • Database encryption
• Structured Query Language
• Data center security
• SQL injection attacks • Data center elements
• A typical SQLi attack • Data center security
• The injection technique considerations
• SQLi attack avenues and types • TIA-492
• SQLi countermeasures