2. Database
the heart of each information system
a persistent collection of related data,
where data are facts that have an implicit
meaning.
built to store logically interrelated data
representing some aspects of the real
world, which must be collected, processed,
and made accessible to a given user
population.
3. Database Concepts
• The database is constructed according
to a data model which define the way in
which data and interrelationships
between them can be represented.
Data
Models
• The collection of software programs that
provide the functionalities for defining,
maintaining, and accessing data stored
in a database is called a database
management system (DBMS).
DBMS
4. Database abstraction levels
Internal level
• describing
the physical
storage of the
database
Conceptual (or
logical level )
• providing the
users with a
high level
description of
the real world
that the
database
represents
External level
• describing
the views that
different
users or
applications
have on the
stored data.
The internal level maps the logical
objects supported by the data model to
the physical objects of the underlying
operating system
5. Data Security
• Concerned with
improper disclosure
of information. The
terms secrecy or non-
disclosure are
synonyms for
confidentiality.
Confidentiality
• Concerned with
improper modification
of information or
processes.
Integrity
• Concerned with
improper denial of
access to information.
The term denial of
service is also used
as a synonym for
availability.
Availability
7. • When someone is granted database privileges that
exceed the requirements of their job function, these
privileges can be abused.
Excessive and Unused Privileges
• Users may abuse legitimate database privileges for
unauthorized purposes.
Privilege Abuse
• Injection attacks usually involve inserting (or
“injecting”) unauthorized or malicious statements into
the input fields of web applications that gives an
attacker unrestricted access to an entire database.
Input Injection (Formerly SQL Injection)
8. • Cybercriminals, state-sponsored hackers, and spies use
advanced attacks that blend multiple tactics—such as
spear phishing emails and malware—to penetrate
organizations and steal sensitive data.
Malware
• Automated recording of database transactions involving
sensitive data should be part of any database deployment.
Failure to collect detailed audit records of database activity
represents a serious organizational risk on many levels.
Weak Audit Trail
• Backup storage media is often completely unprotected from
attack.
Storage Media Exposure
9. • It is common to find vulnerable and un-patched databases, or
discover databases that still have default accounts and
configuration parameters.
Exploitation of Vulnerable, Misconfigured
Databases
• Many companies struggle to maintain an accurate inventory of
their databases and the critical data objects contained within them.
Unmanaged Sensitive Data
• Denial of Service (DoS) is a general attack category in which
access to network applications or data is denied to intended users.
Denial of Service
• Many organizations are ill-equipped to deal with a security breach
due to the lack of expertise required to implement security
controls, enforce policies, or conduct incident response processes.
Limited Security Expertise and Education
10. Approaches to Data Security
Prevention
• Prevention ensures that security breaches cannot
occur. The basic technique is that the system
examines every action and checks its conformance
with the security policy before allowing it to occur.
• This technique is called access control.
Detection
• Detection ensures that sufficient history of the
activity in the system is recorded in an audit trail, so
that a security breach can be detected after the fact.
• This technique is called auditing.
13. Discretionary Access Control
• The word discretionary characterizes the fact that users
can be given the ability of passing their privileges to
others.
• Discretionary access control policies are based on
authorizations rules.
• An authorization rule states that a subject has the privilege to
exercise a given action on a given object.
• The kind (and granularity) of subjects, objects, and
actions that can be referenced in authorizations may be
different in different systems.
14. Discretionary access control policies
Subjects
Subjects are the entities
to which authorizations
can be granted.
Typically, subjects are
users.
Objects
Objects are the entities
to be protected.
Typically, objects
correspond to
information container
(tables or portion of it) or
procedures.
Actions
Actions define the
specific operations that
subjects can execute on
objects.
Actions to be supported
include the operations
corresponding to the
basic read, write, delete,
create, and execute
15. Authorizations
• Authorizations define which accesses are
to be allowed.
• The simplest form of authorization is a triple
(subject, object, action) specifying that
subject is authorized to exercise action on
object.
• Example
• subject object access
• Joe Black Employee-relation read
16. Granularity and Modes of Access Control
The entire
database.
Some
collection of
relations.
One relation.
Some
columns of
one relation.
Some rows
of one
relation.
17. DAC modes in SQL operations
The ability to INSERT and
DELETE is specified on a
relation by relation basis.
SELECT is also usually
specified on a relation by
relation basis.
UPDATE can be restricted
to certain columns of a
relation.
20. View Based Access Control
• A base relation is a “real" relation in the
database, that is actually stored in the
Database.
• A view is a “virtual" relation which is derived
from base relations and other views.
• For retrieval purposes users need not
distinguish between views and base
relations.
• Views, therefore, provide a very powerful
mechanism for specifying data-dependent
authorization for data retrieval.
21. A user who has read access
to TOY-DEPT is thereby
limited to retrieving
information about employees
in the Toy Department.
22. Suppose that a new
employee
Brown is inserted in
base relation
EMPLOYEE, as shown
in Table 3. The view
TOY-DEPT will be
automatically modified to
include Brown, as
shown in Table 4.
23. Views can also be used to provide access to statistical information.
A view is simply another relation in the database,
which happens to be automatically
modified by the DBMS whenever its base relations are modified.
Problem:
Difficult to maintain updates.
25. Grant
• Granting and revocation allow users to selectively and
dynamically grant privileges to other users, and
subsequently revoke them if so desired.
• The GRANT command applies to base relations as well
as views.
• In SQL granting is accomplished by means of the GRANT
statement which has the following general format.
27. Note that it is not possible to
grant a user the grant option on
a privilege, without
allowing the grant option itself to
be further granted.
28. Revoke
• Revocation in SQL is accomplished by means of the
REVOKE statement which has the following general
format.
• Examples:
29.
30.
31. STORED PROCEDURES
Assign rights to execute compiled programs
GRANT RUN ON <program> TO <user>
Problem:
Programs may access resources for which the user who runs the program
does not have permission.
32. QUERY MODIFICATION
• It is not supported in SQL
• In this technique, a query submitted by a user is
modified to include further restrictions as determined
by the user's authorization.