* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security and Integrity
Extensible Storage Engine wikipedia , lookup
Oracle Database wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Functional Database Model wikipedia , lookup
Concurrency control wikipedia , lookup
Relational model wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Clusterpoint wikipedia , lookup
Security and Integrity Database security and Authorization Introduction to security issues Mechanisms used to grant and revoke privilege in relational database in SQL An overview of the mechanisms for enforcing multiple levels of security Briefly discusses the security problem in statistical database Introduces flow control and mentions problems associated with convert channels. A brief summary of encryption and public key infrastructure schemes. Summaries the chapter What is security? Introduction to Database Security Issues Types of Security Legal and ethical issues regarding the right to access certain information. In US there are many laws governing privacy of information. Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical records System-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels. The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced. Threats to Database Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. Loss of integrity Loss of availability Loss of confidentially Loss of integrity Integrity refer to requirement that information be protected from improper modification. Modification of data includes Creation Insertion Modification Deletion Change the status of data Integrity is lost if unauthorized changes are make to the data by either intentional or accidental acts. If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision Loss of availability Database availability refers to making objects available to human user or a program to which they have a legitimate right Loss of confidentially Database confidentially refers to the protection of data from unauthorized disclosure. The impact range from Violent of data privacy act to the damage of national security Unauthorized could result in loss of public confidence, embarrassment, or legal action against the organization. How to protect database To protect database against these types of 4 kinds of countermeasures can be implemented: Access control Inference control Flow control Encryption Database security mechanisms Discretionary security mechanisms Grant privilege to users, includes the capability to access specific data files, records, or fields in a specified mode (insert, read, delete, update) Mandatory security mechanisms Classifying the data and users into various security classes Implementing the appropriate security policy of the organization Example Policy to permit users at a certain classification level to see only the data item classified at the user’s own (or lower) classification level. Role-based security Database security and the DBA DBA has a DBA account in the DBMS Called “system” or “superuser” account Provide powerful capabilities that are not available for regular database accounts and users. DBA privilege commands include commands for granting and revoking privilege to individual accounts, users or user groups For performing the followings Account creation Privilege granting Privilege revocation Security level assignment DBA response for the overall security of the database system. Access Protection, User accounts, and Database Audits 1. Person need to access database 2. DBA create user account and password 3. The user login to the DBMS by enter user account and password 4. The DBMS checks that the account and password valid If the user is permitted to use the DBMS to access the database 5. DBMS keep track of database users and their accounts and passwords by creating and encrypted table of file with the two fields Account and Password. This table was maintained by the DBMS. When create new user, the data will insert into this table When account is canceled, the corresponding record must be delete from the table Keep track of operation 6. BDMS keep track of operations on the database Create login session when user log in Keep track of sequence of database interactions from the time of logging in to the time of logging out When user log in, the DBMS record the user’s account and associate it with the terminal from with the terminal from which the user logged on All operations applied from that terminal are attributed to the user’s account until the log off Keep track of the update operation If the database is tampered with, the DBA can find out which user did the tampering System log Keep track of operations on system log System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash. If have any tampering with database, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period. When illegal or unauthorized is found, the DBA can determine the account user Database audits is important for sensitive databases that are updated by many transactions and users. Audit trail is a database log that used mainly for security purposes. Discretionary Access control Based on Granting and Revoking Privilege Type of Discretionary Privilege Account level: the DBA specifies the particular privilege that each account holds independently of the relations in the database Relation level: the DBA/owner can control the privileges to access each individual relation or view in the database Account level Relation level SQL SELECT privilege on R: MODIFY privileges on R: REFERENCES privileges on R: **Remark: create view, the account must have select privilege on all relations in invoked in view definition. Specifying Privilege using VIEW Important method to limiting users to manipulate data If user A want user B to be able to retrieve only some field of relation R (create by A) Then A can a view V of R that includes only some attributes And then grant SELECT on V to B Grant privilege Grant operation on Table/View to User with grant option Example GRANT select ON emp to tori; GRANT select ON empcom to nok with grant option; GRANT update on emp (salary) to tori; GRANT all on emp to nok with grant option; example Tori : Grant select on student to Hana; Hana: Select * from Tori.student; Tori : Grant select, update on student to kawa with grant option; Kawa: Grant select on student to Nara with grant option; Question: Can Nara grant her privilege to others? If No, why? If yes, what privilege nara can grant to other users? Syntax for create view by SQL (oracle) CREATE VIEW View_name AS SELECT col1,col2,…,coln FROM table1,…,tablen WHERE condition; EXAMPLE DEPT (DEPTNO, DNAME, LOC) EMP (EMPNO, ENAME, JOB, MGR, SAL, COMM, DEPTNO) CREATE VIEW EMPCOM AS Select Empno , Ename, Sal, Comm, E.DeptNo, Dname FROM EMP E, DEPT D WHERE E.DeptNo = D.DeptNo and Comm > 0; EMPCOM EMPCOM (Empno , Ename, Sal, Comm, DeptNo, Dname) Revoking Privileges Purpose for canceling privileges REVOKE operation on table/view/object from USER Example REVOKE select on EMP from tori; REVOKE select on EMPCOM from tori; Propagation of Privileges using the Grant Option User A create table R (A is owner of R) GRANT REVOKE User A grants Privilege on R to User B with grant option (mean B can also grant that privilege on R to other accounts). User B give grant privilege to User C with grant option This mean privilege on R can propagate to other accounts without the knowledge of the owner of R If A revoke privilege on R from B. All privilege that B propagated should automatically be revoked by the system. User receive a certain privilege from two or more sources. A2 and A3 give certain UPDATE privilege on R To A4 IF A2 revokes the privilege from A4 A4 will still continue to have to privilege by virtual grant from A2 IF A3 revokes the privilege, the A4 totally lose the privilege on R Role-based Access control (RBAC) RBAC emerged rapidly in 1990s A proven technology for managing and enforcing security in large scale enterprisewide system. Example ORACLE System level role provide by oracle has 3 roles: CONNECT, RESOURCE, and DBA Create Role Create role role_name not identified Create role role_name identified by password Example CREATE role APPL_ROLE not identified GRANT connect to APPL_ROLE GRANT resource to APPL_ROLE GRANT select on student to APPL_ROLE GRANT select, update on student to APPL_ROLE GRANT APPL_ROLE to TORI REVOKE update on student from APPL_ROLE