The data stored in the database need protection from unauthorized access and malicious destruction or alteration, in addition to the protection against accidental introduction of inconsistency that integrity constraints provide.
Security Violations
• Unauthorized reading of data (theft of information)
• Unauthorized modification of data
• Unauthorized destruction of data
To protect the database we must take security measures at different levels:
• Database System: Some database system users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is the responsibility of the database system to ensure that these authorization restrictions are not violated.
• Operation System: No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database.
• Network: Since almost all database systems allow remote access through terminals or networks, software level security within the network software is as important as physical security, both on the Internet and in private networks.
• Physical: Sites with computer system must be physically secured against armed or surreptitious entry by intruders.
• Human: Users must be authorized carefully to reduce the chance of any user giving access to an intruder in exchange for a bribe or other favors.
Authorization
We may assign a user several forms of authorization on parts of the database. For example,
Read authorization allows reading, but not modification, of data.
Insert authorization allows insertion of new data, but not modification of existing data.
Update authorization allows modification, but not deletion, of data.
Delete authorization allows deletion of data.
We may assign the user all, none or a combination of these types of authorization. In addition to these forms of authorization for access to data, we may grant a user authorization to modify the database schema:
Index authorization allows the creation and deletion of indices.
Resource authorization allows the creation of new relations.
Alteration authorization allows the addition or deletion of attributes in a relation.
Drop authorization allows the deletion of relations.
Privileges in SQL
The SQL standard includes the privileges delete, insert, select, and update. SQL also includes a references privilege that permits user to declare foreign keys when creating relations.
Grant
E.g. grant select on account to U1, U2, U3
grant update (amount) on loan to U1, U2, U3
grant references (branch-name) on branch to U1
Security and Views
A view can hide data that a user does not need to see.
The ability of views to hide data serves both to simplify usage of the system and to enhance security.
create view cust-loan as
(select branch-name, customer-name
from borrower, loan
where borrower.loan-number = loan.loan-number)
Now someone who is allowed to issue query to the view cust-loan only, cannot read or modify other customer details such as balance amount, loan number, customer address etc. This is preferable and it enhances the security of the database system.
Granting of Privileges
U1 U4
DBA U2 U5
U3
Authorization grant graph
A user who has been granted some form of authorization may be allowed to pass on this authorization to other users. However, we must be careful how authorization may be passed among users, to ensure that such authorization can be revoked at some future time.
• The passing of authorization from one user to another can be represented by an authorization graph.
• The nodes of this graph are the users.
• The graph includes an edge Ui Uj if user Ui grants update authorization to Uj.
• The root of the graph is the database administrator.
• A user has an authorization if and only if there is a path from the root of the authorization graph down to the node representing the user.
Roles
A set of roles can be created in the database and authorizations can be granted to roles in exactly the same fashion as they are granted to individual users. Each database user is granted a set of roles that he or she is authorized to perform.
In a bank database, examples of roles could include teller, branch-manager, auditor, system-administrator.
Creating roles in SQL:
create role teller
Granting privileges to roles:
grant select on account
to teller
Assigning roles to users and other roles
grant teller to john
create role manager
grant teller to manager
grant manager to mary
Audit Trails
Many secure database applications require an audit trail to be maintained. An audit trail is a log of all changes (inserts/deletes/updates) to the database, along with information such as which user performed the change and when the changes were performed.
The audit trail aids security in several ways. For example, if the balance on an account is found to be incorrect, the bank may wish to trace all the updates performed on the account, to find out incorrect of fraudulent updates, as well as the persons who carried out the updates. The bank could then also use the audit trail to trace all the updates performed by these persons, in order to find other incorrect or fraudulent updates.
Encryption and Decryption
The various provisions that a database system may make for authorization may still not provide sufficient protection form highly sensitive data.
In such cases, data may be stored in encrypted form.
It is not possible for encrypted data to be read unless the reader knows how to decipher (decrypt) them.
Encryption Techniques
There are a vast number of encryption techniques. Simple encryption techniques may not provide adequate security. E.g.
By substituting each character with the next character in the alphabet
Perryridge becomes Qfsszsjehf
This is a weak encryption since if an intruder sees a large number of encrypted branch names, he or she could use statistical data regarding the relative frequency of characters to guess what substitution is being made.
A good encryption technique has the following properties:
• It is relatively simple for authorized users to encrypt and decrypt data.
• It depends not on the secrecy of the algorithm, but rather on a parameter of the algorithm called the encryption key.
• Its encryption key is extremely difficult for an intruder to determine.
Authentication
Authentication refers to the task of verifying the identity of verifying the identity of a person/software connecting to a database. The simplest form of authentication consists of a secret password which must be presented when a connection is opened to a database. This is known as password-based authentication.
Other examples of authentication are
Challenge response system
Digital signatures
No comments:
Post a Comment