Database:
People, programs or systems rely on Database management system (DBMS) to manage protection of data. Security of DBMS is an example of how application security can be designed and implemented for a specific task.
Two main security concerns: integrity and confidentiality in the DB context.
Two main security problems: inference & aggregation.
Why securing data is important?
* Information is a critical resource in enterprise
* Securing data has become a billion dollar industry
* People want to secure their confidential information not only from hackers but also from legal &
professional
Basic Database Concepts
DB is a collection of data and a set of rules. Administrator defines the rules and controls who should have access to what part of the data. DB consists of records, which contains one related group of data. Fields/elements within each record are the elementary data item. Rules identify the columns with names, which is called an attribute.
Characteristics for a Good Database Security Management System:
* Data independence
* Shared access
* Minimal redundancy
* Data consistency
* Data integrity
Additional Characteristics for a Good Database Security Management System:
* Privacy: Signifies that an unauthorized user cannot disclose data
* Integrity: Ensures that an unauthorized user cannot modify data
* Availability: Ensures that data be made available to the authorized user unfailingly
Advantages of Using Databases:
* Shared access: Many users can use one common centralized set of data.
* Minimal redundancy: Individual users need not maintain their own set of data.
* Data consistency: Change to a data value affects all users of the data value.
* Data integrity: Data values are protected against accidental or malicious changes.
* Controlled access: Only authorized users allowed to view/modify data values.
Basic Security Requirements
* Physical Database Integrity
* Logical Database Integrity
* Element Integrity
* Access Control
* User Authentication
* Availability
Database Integrity
* Integrity rules are needed to inform the DBMS about certain constraints in the real world.
* Specific integrity rules apply to one specific database. Example: part weights must be greater than zero.
* General integrity rules apply to all databases. Two general rules ( primary keys and foreign keys)
Reliability and Integrity
Three dimensions of Reliability and Integrity:
a) Database Integrity : Concern that the database as a whole is protected from damage.
b) Element Integrity : Concern that the value of a specific element is written or changed only by actions
of authorized users.
c) Element Accuracy : Concern that only correct values are written into the elements of a database.
Various techniques to use:
a) 2-phase update
* phase-1: Intent
: gathering info & resources, no harm in the case of failure, writing of a commit flag to database
* phase-2: Commit
: set commit flag in the database , causing permanent changes, may be repairable in the case of failure
b) Introducing redundancy
* using error detection / correction codes : entire database, records, fields / elements
* shadow fields : duplication of attributes / records
c) Recovery
* one way to achieve this is to have a log file for all recent changes (since last backup)
d) Concurrency/consistency control
* Simultaneous read is not a problem.
* Modification requires one to be locked out.
* Query-update cycle treated as a single uninterrupted operation.
e) Using monitors
* Range Comparison: Tests each new value to ensure value is within acceptable range.
* State Constraints: Describes the condition of the entire database.
* Transition Constraints: Describes conditions necessary before changes can be applied to database.
Sensitive Data
a) Definition : Data that should not be made public
b) Factors that make data sensitive
* Inherently sensitive
* From a sensitive source
* Declared sensitive
* Of a sensitive attribute or record
* Sensitive in relation to previously disclosed information
Access decisions on sensitive data
Factors to be considered when permitting “user x to access data y”
a) Availability of data : Record is blocked from read while it is modified
b) Acceptability of access : No disclosure (even ‘partial’) of sensitive values to unauthorized users
c) Assurance of authenticity of user : Limit access based on other considerations.
Inference
a) Definition: infer or derive sensitive data from non-sensitive or (seemingly) un-related data
b) “Inference” is a subtle vulnerability in database security.
c) Inference problem: Deriving sensitive data from non-sensitive data
