Download ON securable

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Microsoft Jet Database Engine wikipedia , lookup

SQL wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Relational model wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Clusterpoint wikipedia , lookup

Database model wikipedia , lookup

PL/SQL wikipedia , lookup

Transcript 
Database Security
An Overview
with some SQL
Copyright © 2013 Curt Hill
The DataBase
Administrator
• The security of a DBMS rests with
the DBA
• This person owns the account that
has all the power
• The DBA giveth and the DBA taketh
away the permissions
• When security fails, then the DBA is
fired
Copyright © 2013 Curt Hill
What needs protection?
• Confidentiality
– Only authorized parties are allowed to
view material
• Includes printing and display
– Sometimes just revealing the existence
of a person/item is a breach of security
• Integrity
– The ability to modify should be rarer
than the ability to view
• Availability
– The system can be made available to
authorized parties
Copyright © 2013 Curt Hill
Why?
• Competitive advantage
– We need to protect our corporate data
which may be of help to our
competitors
– Customers trust us with their data
• Laws
– The US has numerous laws concerning
who may and who may not access
confidential data
Copyright © 2013 Curt Hill
What Do We Do?
• Authentication
– Force users to login, have good
passwords and change them
occasionally
• Restrict access
– Permissions or privileges restrict what
a particular user may do
• Encryption
– Prevents the database from being
accessed outside of the DBMS
• Logging
– Helps to understand breaches
Copyright © 2013 Curt Hill
Access Control
• We can restrict what a user may see
or do
• This often focusses around the
notion of roles and permissions
• Like much in the SQL domain, not
very standard
Copyright © 2013 Curt Hill
SQL Server
• SQL Server believes in roles
• Each role expresses the relationship
a login has to objects
• Determines what the user may do
• The notion of a role is to ease the
management of a permissions
• These permissions may be given or
taken away from individuals or to
every user who has the same role
Copyright © 2013 Curt Hill
Role types
• There are:
– Predefined roles connected to a
particular database
– Fixed roles connected to entire server
– User created roles which are
connected to a particular database
• A few of these are considered in the
next screens
Copyright © 2013 Curt Hill
Predefined roles
• db_owner: Members have full
access
• db_datareader: Members can read
all data
• db_datawriter: Members can add,
delete, or modify data in the tables
• db_securityadmin: Members can
modify role membership and
manage permissions
• db_bckupoperator: Members can
back up the database
Copyright © 2013 Curt Hill
Fixed roles
• SysAdmin: Any member can perform
any action on the server
• ServerAdmin: Any member can set
configuration options on the server
• Security Admin: Any member can
manage server security
• DbCreator: Any member can create,
alter, drop, and restore databases.
• BulkAdmin: Any member can run the
bulk insert command
Copyright © 2013 Curt Hill
Assigning Roles
• Like many things in SQL Server
things can be done by the
Management Console or by SQL
command
– Many of the SQL commands in this area
have a unique syntax for SQL Server
• The SQL command is Create Role
Copyright © 2013 Curt Hill
Creating a role
• Syntax is:
Create Role role_name
Authorization user
• The role_name is the new role
• User is the user which owns this role
– This may be left out (including
Authorization) then the current user
owns this role
• This type of role is then connected
with database objects
Copyright © 2013 Curt Hill
Now what?
• Once roles are created we may give
them permissions
– The reserved word is Grant
• With Grant we connect a permission
with a user or role
• Consider the syntax next
Copyright © 2013 Curt Hill
Simplified Grant Syntax
GRANT
permission [ ( column [ ,...n ] ) ] [ ,...n
]
[ ON securable ]
TO principal [ ,...n ]
[ WITH GRANT OPTION ] [ AS
principal ]
• Where
– Permission is what they are able to do
– Securable may be a table, database,
Copyright © 2013
Curt Hill others
stored procedure
among
Permissions
• The permissions depend on the
object considered
• For a table or view they include:
DELETE, INSERT, REFERENCES,
SELECT, UPDATE
• For a stored procedure only
EXECUTE
• For a database there are many
– One for most actions
Copyright © 2013 Curt Hill
An Example
• Consider the following:
Create Role TestRole
Grant SELECT ON Faculty
TO TestRole
Grant Update ON Faculty
TO TestRole
• Permissions not granted are
unavailable
• The table may need to be qualified
by the database
Copyright © 2013 Curt Hill
Deny
• Blocks a permission
• Usually used to remove a single
permission
• Syntax is similar to Grant
• Example:
Deny Update ON Faculty
TO TestRole
Copyright © 2013 Curt Hill
Revoke
• Removes the permission specified
by a Grant or Deny
• Similar syntax
• Example
Revoke Select on Faculty
from TestRole
Copyright © 2013 Curt Hill
Oracle
• Not the number 1 database without
cause
• Has all the capabilities of the normal
database
• Implements:
–
–
–
–
Create Role
Grant
Deny
Revoke
• Although not quite the same syntax
Copyright © 2013 Curt Hill
Guidelines
• Restrict permissions to those who
actually need them
– Common mistake is for too many users
to have excessive privileges
• Web access is usually through a
predefined login
– Secure it to prevent issues
Copyright © 2013 Curt Hill
Injection Attacks
• A common problem is that user input
will be used to construct a SQL
command
• An injection attack is using cleverly
crafted bad input to subvert the
process
• Consider the next screen for an
example
Copyright © 2013 Curt Hill
Normally
• Suppose that we have a web form
and it asks for an ID that is to come
from the faculty table
• Suppose we read that value into a
JavaScript variable and then build a
JavaScript string with it:
stmt = ‘select * from faculty
where naid = ‘ + input
• Usually the user types in a number
and stmt contains:
select * from faculty
where naid = 512
Copyright © 2013 Curt Hill
Attack!
• In the above you get zero or one
rows depending on whether 512
may be found
• Instead of typing in
512
a hacker types in:
1 or 1 = 1
• Now the statement becomes:
select * from faculty
where naid = 1 or 1 = 1
• The whole table is the result
Copyright © 2013 Curt Hill
Defense
• The code in the web page cannot
just blindly insert user input
characters into a SQL statement
• First the user input characters must
be examined
• Suspicious or unexpected
characters need to be removed and
the query rejected
• Some systems have functions to
automate this
Copyright © 2013 Curt Hill
Statistical Databases
• The Census Bureau, among others,
maintains several statistical
databases
– These are generally publicly available
• The purpose is to provide for
demographic research
– Useful for governmental and market
research
• The inherent goal is that no personal
information may be observed
Copyright © 2013 Curt Hill
Attacking
• It is possible to make a query that
shows us an individual’s personal
data
• Find the average salary of all the
people who have a title of professor
at VCSU who started in 1995 and a
degree in CS
– This is me and me only
• The inherent confidentiality
requirement has been violated
Copyright © 2013 Curt Hill
Defense
• The above is an inference attack
– Attempt to get data on an individual
from a statistical database
• The usual approach to an inference
attack is to restrict queries that end
up with just a few individuals
• Make queries return a threshold
number’s worth of individuals before
release
Copyright © 2013 Curt Hill
Related documents
Adding simple ambient sounds
Adding simple ambient sounds
Instruction level architecture
Instruction level architecture
Curt Wollan Program Biography
Curt Wollan Program Biography
b%c+1
b%c+1
on Operating Systems
on Operating Systems
Data Mining
Data Mining
The digital world.
The digital world.
History of database
History of database
Data mining.
Data mining.
The functions a database should provide
The functions a database should provide
Network and Infrastructure
Network and Infrastructure
Potential and Kinetic Energy
Potential and Kinetic Energy