Download Slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

IMDb wikipedia , lookup

Oracle Database wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Ingres (database) wikipedia , lookup

Microsoft Access wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Concurrency control wikipedia , lookup

Functional Database Model wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Database wikipedia , lookup

Versant Object Database wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Relational model wikipedia , lookup

ContactPoint wikipedia , lookup

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

Transcript 
Chapter 5
Database and Cloud Security



Structured collection of data
stored for use by one or more
applications
Contains the relationships
between data items and
groups of data items
Can sometimes contain
sensitive data that needs to
be secured
Query language

Provides a uniform interface
to the database
Database management
system (DBMS)
• Suite of programs for
constructing and
maintaining the
database
• Offers ad hoc query
facilities to multiple users
and applications
Database
utilities
User
applications
DDL
processor
User
queries
DML and query
language processor
Database
description
tables
DBMS
Authorization
tables
Transaction
manager
DDL = data definition language
DML = data manipulation language
File manager
Physical
database
Figure 5.1 DBMS Architecture
Concurrent
access
tables
 Standardized language to define schema, manipulate,
and query data in a relational database
 Several similar versions of ANSI/ISO standard
 All follow the same basic syntax and semantics
SQL statements can be used to:
• Create tables
• Insert and delete data in tables
• Create views
• Retrieve data with query statements
SQL Injection Attacks
(SQLi)
• One of the most
• Most common attack
• Designed to exploit the
• Depending on the
prevalent and
dangerous networkbased security threats
nature of Web
application pages
• Sends malicious SQL
commands to the
database server
goal is bulk extraction
of data
environment SQL
injection can also be
exploited to:
o Modify or delete data
o Execute arbitrary operating
system commands
o Launch denial-of-service (DoS)
attacks
Switch
Internet
Router
Wireless
access point
Firewall
Web servers
Legend:.
Data exchanged
between hacker
and servers
Two-way traffic
between hacker
and Web server
Credit card data is
retrieved from
database
Web
application
server
Database servers
Database
Figure 5.5 Typical SQL Injection Attack
Injection Technique
The SQLi attack typically works by prematurely
terminating a text string and appending a new command
Because the inserted command may have additional strings appended to
it before it is executed the attacker terminates the injected string with a
comment mark “- -”
Subsequent text is ignored at execution time
User input
• Attackers inject SQL commands by providing suitable crafted user input
Server variables
• Attackers can forge the values that are placed in HTTP and network headers and exploit this
vulnerability by placing data directly into the headers
Second-order injection
• A malicious user could rely on data already present in the system or database to trigger an SQL
injection attack, so when the attack occurs, the input that modifies the query to cause an attack does
not come from the user, but from within the system itself
Cookies
• An attacker could alter cookies such that when the application server builds an SQL query based on
the cookie’s content, the structure and function of the query is modified
Physical user input
• Applying user input that constructs an attack outside the realm of web requests
• There is no actual transfer of data, but the attacker is
able to reconstruct the information by sending particular
requests and observing the resulting behavior of the
Website/database server
• Include:
o Illegal/logically incorrect queries
• This attack lets an attacker gather important information
about the type and structure of the backend database of a
Web application
• The attack is considered a preliminary, information-gathering
step for other attacks
o Blind SQL injection
• Allows attackers to infer the data present in a database
system even when the system is sufficiently secure to not
display any erroneous information back to the attacker
SQLi Countermeasures
• Three types:
•Manual defensive
coding practices
•Parameterized query
insertion
•SQL DOM
Defensive
coding
Detection
•Signature based
•Anomaly based
•Code analysis
•Check queries at
runtime to see if they
conform to a model of
expected queries
Run-time
prevention
Database access control
system determines:
Can support a range of
administrative policies
Centralized administration
If the user has access to the entire database
or just portions of it
• Small number of privileged users may grant and
revoke access rights
Ownership-based administration
What access rights the user has (create,
insert, delete, update, read, write)
• The creator of a table may grant and revoke access
rights to the table
Decentralized administration
• The owner of the table may grant and revoke
authorization rights to other users, allowing them to
grant and revoke access rights to the table
• Two commands for managing access rights:
• Grant
o Used to grant one or more access rights or can be
used to assign a user to a role
• Revoke
o Revokes the access rights
• Typical access rights are:
•
•
•
•
•
Select
Insert
Update
Delete
References
Bob
t=
Ann
t=
10
20
Chris
t=
t=
Ellen
David
40
t=
t = 60
Frank
David
t = 60
Frank
30
t = 70
50
Bob
t=
Ann
t=
10
20
Chris
t=
50
Figure 5.6 Bob Revokes Privilege from David
Jim
•
Role-based access control eases administrative burden and improves
security
•
A database RBAC needs to provide the following capabilities:
•
Categories of database users:
•
•
•
Create and delete roles
Define permissions for a role
Assign and cancel assignment of users to roles
Application owner
•An end user who owns
database objects as part
of an application
End user
Administrator
•An end user who operates
on database objects via
a particular application
but does not own any of
the database objects
•User who has
administrative
responsibility for part or all
of the database
Nonsensitive
data
Inference
Sensitive
data
Access Control
Authorized
access
Unauthorized
access
Metadata
Figure 5.7 Indirect Information Access Via Inference Channel
Name
Position
Salary ($)
Department
Dept. Manager
Andy
senior
43,000
strip
Cathy
Calvin
junior
35,000
strip
Cathy
Cathy
senior
48,000
strip
Cathy
Dennis
junior
38,000
panel
Herman
Herman
senior
55,000
panel
Herman
Ziggy
senior
67,000
panel
Herman
(a) Employee table
Position
Salary ($)
Name
Department
senior
43, 000
Andy
strip
junior
35,000
Calvin
strip
senior
48,000
Cathy
strip
(b) Two views
Name
Position
Salary ($)
Department
Andy
senior
43,000
strip
Calvin
junior
35,000
strip
Cathy
senior
48,000
strip
(c) Table derived from combining query answers
Figure 5.8 Inference Example
Inference Detection
Inference detection during
database design
Approach removes an
inference channel by
altering the database
structure or by changing the
access control regime to
prevent inference
Techniques in this category
often result in unnecessarily
stricter access controls that
reduce availability
Two approaches
Approach seeks to eliminate
an inference channel
violation during a query or
series of queries
Inference detection at query
time
If an inference channel is
detected, the query is
denied or altered
•
•
Some inference detection algorithm is needed for either of these approaches
Progress has been made in devising specific inference detection techniques for
multilevel secure databases and statistical databases

The database is typically the most valuable information resource for any
organization



Protected by multiple layers of security

Firewalls, authentication, general access control systems, DB access
control systems, database encryption

Encryption becomes the last line of defense in database security
Can be applied to the entire database, at the record level, the
attribute level, or level of the individual field
Disadvantages to encryption:

Key management


Authorized users must have access to the decryption key for the data for which
they have access
Inflexibility

When part or all of the database is encrypted it becomes more difficult to
perform record searching
–
organization that
produces data to be
made available for
controlled release
– human entity
that presents queries to
the system
1. Original query
Data owner
User
– frontend that
transforms user queries
into queries on the
encrypted data stored
on the server
– an
organization that
receives the encrypted
data from a data owner
and makes them
available for distribution
to clients
Meta
Data
metadata
Database
4. Plaintext
result
Client
Query
Processor
2. Transformed
query
Query
Executor
3. Encrypted
result
Meta
Data
Encrypt/
Decrypt
Server
Figure 5.9 A Database Encryption Scheme
Encrypted
database
Summary
• The need for
database security
• Database
management
systems
• Relational databases
o Elements of a relational
database system
o Structured Query Language
• SQL injection attacks
o A typical SQLi attack
o The injection technique
o SQLi attack avenues and
types
o SQLi countermeasures
• Inference
• Database access
control
o SQL-based access
definition
o Cascading
authorizations
o Role-based access
control
• Database
encryption
Related documents
Chapter 05
Chapter 05
jAdmin: Remote database admin tool
jAdmin: Remote database admin tool
The Gaian Database: a Dynamic Distributed Federated Database
The Gaian Database: a Dynamic Distributed Federated Database
Database Presentation
Database Presentation
Database Software
Database Software
Assignment: SQL #2 Putting Data into the Database
Assignment: SQL #2 Putting Data into the Database
PPT - ETH Systems Group
PPT - ETH Systems Group
Chapter 6 Concepts New 11e Edition
Chapter 6 Concepts New 11e Edition
Using Access to Hack Your Data
Using Access to Hack Your Data
Technology in Action, Seventh Edition Answer Key Chapter 11 Word
Technology in Action, Seventh Edition Answer Key Chapter 11 Word
Version 1.2 - Course Module Slide Options
Version 1.2 - Course Module Slide Options
CMSI 686 Database Management Systems
CMSI 686 Database Management Systems
Task #1
Task #1