Database Security

• Database Security - protection from malicious attempts to steal (view) or modify data.

• Database security is the technique that protects and secures the database against intentional or
accidental threats. Security concerns will be relevant not only to the data resides in an
organization's database: the breaking of security may harm other parts of the system, which may
ultimately affect the database structure.
Enforcing adequate database security practices is vital for any
organizations for a variety of reasons. These include:

• Ensuring business continuity: Many enterprises cannot operate

until the breach is resolved.
• Minimizing financial damage: Once a breach occurs, an
organization must sustain significant financial costs to communicate
the breach to all its customers, manage the crisis, repair or update
the affected systems and hardware, pay for investigative activities,
etc.
• Loss of intellectual property: If a database is accessed, there’s a
chance that a company’s trade secrets, proprietary procedures, and
other forms of intellectual property are stolen or exposed. In some
instances, this means the complete loss of any competitive edge
maintained by that organization.
• Brand reputation damage: Once a breach is notified to the
customer base, partners and customers may lose faith in the
organization’s ability to protect their data. The brand’s reputation
will suffer, and many might decide not to buy that organization’s
products or services anymore.
Database Security Issues
• The security mechanism of a DBMS must include provisions for restricting access to the database
as a whole
• This function is called access control and is handled by creating user accounts
and passwords to control login process by the DBMS.

• The security problem associated with databases is that of controlling the access to a statistical
database, which is used to provide statistical information or summaries of values based on various
criteria.
• The countermeasures to statistical database security problem is called
inference control measures.
Database Security Issues
• Another security is that of flow control, which prevents information from flowing in such a way
that it reaches unauthorized users.
• Channels that are pathways for information to flow implicitly in ways that violate the security
policy of an organization are called covert channels.
• A final security issue is data encryption, which is used to protect sensitive data (such as credit
card numbers) that is being transmitted via some type communication network.
• The data is encoded using some encoding algorithm.
• An unauthorized user who access encoded data will have difficulty
deciphering it, but authorized users are given decoding or decrypting
algorithms (or keys) to decipher data.
Database Security Counter Measures

• Access Control:  A database for an organization contains a great deal of information

and usually has several users. Most of them need to access only a small part of the
database. A policy defines the requirements that are to be implemented within
hardware and software and those that are external to the system, including physical,
personal, and procedural controls.

• Flow Control: Flow control provides the flow of information among accessible

objects. Flow controls check that information contained in objects does not flow
explicitly or implicitly into less protected objects.
Database Security Counter Measures

• Encryption: An encryption algorithm should be applied to the data, using a user-

specified encryption key. The output of the algorithm is the encrypted version. There
is also a decryption algorithm, which takes the encrypted data and a decryption key
as input and then returns the original data.

• RAID: Redundant Array of Independent Disks which protect against data loss due to
disk failure. The hardware that the DBMS is running on must be fault-tolerant, meaning that
the DBMS should continue to operate even if one of the hardware components fails.

• Authentication: Access to the database is a matter of authentication. It provides the

guidelines how the database is accessed. Every access should be monitored.

• Backup:  At every instant, backup should be done. In case of any disaster,
Organizations can retrieve their data.
 Database Security and the DBA

• The DBA has a DBA account in the DBMS, sometimes called a

system or superuser account, which provides powerful capabilities
that are not made available to regular database accounts and users.

• DBA-privileged commands include commands for granting and

revoking privileges to individual accounts, users, or user groups and
for performing the following types of actions:
1. Account creation. This action creates a new account and password
for a user or a group of users to enable access to the DBMS.
2. Privilege granting. This action permits the DBA to grant certain
privileges to certain accounts.
3. Privilege revocation. This action permits the DBA to revoke
(cancel) certain privileges that were previously given to certain
accounts.
4. Security level assignment. This action consists of assigning user
accounts to the appropriate security clearance level.
Levels of Data Security
• Human level: Corrupt/careless User
• Network/User Interface
• Database application program
• Database system
• Operating System
• Physical level

8
Database and Application Security, Nov 2006
 Physical/OS Security
• Physical level
• Traditional lock-and-key security
• Protection from floods, fire, etc.
• E.g. WTC (9/11), fires in IITM, WWW conf website, etc.
• Protection from administrator error
• E.g. delete critical files
• Solution
• Remote backup for disaster recovery
• Plus archival backup (e.g. DVDs/tapes)
• Operating system level
• Protection from virus/worm attacks critical
 Database Encryption
• E.g. What if a laptop/disk/USB key with critical data is lost?
• Partial solution: encrypt the database at storage level, transparent to
application
• Main issue: key management
• E.g. user provides decryption key (password) when database is
started up
• Supported by many database systems
• Standard practice now to encrypt credit card information, and other
sensitive information
 Database/Application Program
• Authentication and authorization
mechanisms to allow specific users
access only to required data
• Authentication:
• who are you? Prove it!
• Authorization:
• what you are allowed to do
Network Security
• Network level: must use encryption to prevent
• Eavesdropping: unauthorized reading of messages
• Masquerading:
• pretending to be an authorized user or legitimate site, or
• sending messages supposedly from authorized users
• Handled by secure http - https://

• Must prevent person-in-the-middle attacks

• E.g. someone impersonates seller or bank/credit card
company and fools buyer into revealing information
 Human level /User Authentication
• Password
• Most users abuse passwords. For e.g.
• Easy to guess password
• Share passwords with others
• Smartcards
Bill Gates
• Need smartcard
• + a PIN or password
Database Security Issues
• A DBMS typically includes a database security and authorization subsystem that is responsible for
ensuring the security portions of a database against unauthorized access.

• Two types of database security mechanisms:

• Discretionary security mechanisms
• Mandatory security mechanisms
Discretionary Access Control
• The typical method of enforcing discretionary access control in a database system is based on the
granting and revoking privileges.
Mandatory Access Control for Multilevel Security

• The discretionary access control techniques of granting and revoking

privileges on relations has traditionally been the main security mechanism for
relational database systems.
• This is an all-or-nothing method:
• A user either has or does not have a certain privilege.
• In many applications, and additional security policy is needed that classifies
data and users based on security classes.
• This approach as mandatory access control, would typically
be combined with the discretionary access control
mechanisms.
 Mandatory Access Control for Multilevel Security

• Typical security classes are top secret (TS), secret (S), confidential (C), and unclassified (U),
where TS is the highest level and U the lowest: TS ≥ S ≥ C ≥ U

• The commonly used model for multilevel security, known as the Bell-LaPadula model, classifies
each subject (user, account, program) and object (relation, tuple, column, view, operation) into
one of the security classifications, T, S, C, or U:
• Clearance (classification) of a subject S as class(S) and to the classification
of an object O as class(O).
Threats
Threat is any intentional or accidental event that may adversely
affect the system.
Examples of threats:
- Using another person’s log-in name to access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
- Etc.
Security Layers in DBMS

• Authorization

• Authentication
Security Layers in DBMS

• Authorization
Authorization means allowing access to the system.
• Authentication
Authentication means confirmation of your identity. 
Authentication

Authentication is regarding credentials.

For example,
Username and Password for identity verification.
Here, the system checks whether you are what you say
you are through your credentials. Whether you’re using
public or private networks, the system authenticates
users’ identity through login details, namely, username
and password. However, there are other methods for
Authentication, but this is the most basic one, which is
used almost by everyone.
Authorization 

Authorization comes into picture once your identity

successfully gets authenticated by the system. Due to which
you get access to resources like files, funds, databases,
sensitive information, and so on.
Though Authorization is needed to verify your rights for
granting you access to resources once your access rights are
determined, in other words, Authorization is the process that is
used for determining whether the user who’s authenticated
has access right for the particular resources.
For example, once the employee User ID and password get
authenticated, the next thing will be to decide which employee
will get access to which floor, and it’s done using Authorization.
 Differences between Authentication and Authorization.

Authentication Authorization
It helps decide whether users are what they claim they It helps to decide which user is allowed to access what.
are.
User identity has to be verified via a username and It verifies whether the given access is allowed by
password or answering a security question. following rules and policies.
Typically this process takes place before Authorization. It takes place once Authentication is completed.
Different ways of Authentication are: Other forms of Authorization are:

Captcha test Permissions – Read & Write access to files and allowing
Biometric Authentication access to the database.
Passwords Deciding the roles of users for accessing data

It’s controlled through the server for finding out who’s The server helps to decide that client has the authority
accessing what data or site. to access a resource or not.
Example: Employees authenticating through the network Example: Once an employee is authenticated, the
before opening the company mails. different system decides which information will be
accessed by which employee.
Threats in Database

1. Availability Loss: Authorized users should be able to access data

whenever they need to do so
2. Integrity Loss: Only the authorized person can do changes and
update. Data should be maintained in a correct state and nobody
should be able to improperly modify it, either accidentally or
maliciously
3. Confidentiality Loss: This occur due to unauthorized or unintentional
disclosure of information.
Only authorized users and processes should be able to access or
modify data
DATABASE THREATS
• Databases today are facing different kind of attacks. Before describing
the techniques to secure databases, it is preferable to describe the
attacks which can be performed on the databases.
1. Excessive privileges
2. SQL Injections
• Database systems are used for the backend functionality. User supplied data as input is often used to
dynamically build sql statements that affect directly to the databases. Input injection is an attack that is
aimed at subverting the original intent of the application by submitting attacker – supplied sql statements
directly to the backend database. There are two types of input injection:
1. SQL Injection
2. NoSQL Injection.
• SQL Injection: Targets the tradition database system. It attacks usually involve injecting unauthorized
statements into the input fields of applications.
• NoSQL Injection: Targets big data platforms. This type involves inserting malicious statements into big data
components like Hive, MapReduce. In SQL and NoSQL successful input injection attack can give attacker
unrestricted access to an entire database.
3. Malware
• Malware (short for “malicious software”) is a file or code, typically
delivered over a network, that infects, explores, steals or conducts
virtually any behavior an attacker wants. And because malware comes
in so many variants, there are numerous methods to infect computer
systems. 
• Countermeasures of Malware Enable firewall protection and Install
Antivirus
4. Weak Audit Trail
• Weak audit policy and technology represent risks in terms of compliance,
deterrence, detection, forensics and recovery. Automated recording of database
transactions involving sensitive data should be part of any database deployment.
Failure to collect detailed audit records of database activity represents a serious
organizational risk on many levels. Organizations with weak database audit
mechanisms will increasingly find that they are at odds with industry and
government regulatory requirements. Most audit mechanisms have no
awareness of who the end user is because all activity is associated with the web
application account name.

• users with administrative access to the database, either legitimately or

maliciously obtained, can turn off native database auditing to hide fraudulent
activity. Audit capabilities and responsibilities should ideally be separate from
both database administrators and the database server platform to ensure strong
separation of duties policies.
• Countermeasures of Weak Audit Trail

1. Network-based audit appliances are a good solution. Such

appliances should have no impact on database performance, operate
independently of all users and offer granular data collection.
5. Backup Exposure
• Backup storage media is often completely unprotected from attack. As a result, numerous security breaches
have involved the theft of database backup disks and tapes. Furthermore, failure to audit and monitor the
activities of administrators who have low-level access to sensitive information can put your data at risk.
Taking the appropriate measures to protect backup copies of sensitive data and monitor your most highly
privileged users is not only a data security best practice, but also mandated by many regulations.
• Countermeasures of Backup Exposure
• Encrypt Databases: Store data in Encrypted form as this allows you to secure both production and backup
copies of databases, then audit the activity of and control access to sensitive data from users who access
databases at the operating system and storage tiers. By leveraging database auditing along with encryption,
organizations can monitor and control users both inside and outside of the database.
6. Weak Authentication
• Weak authentication schemes allow attackers to assume the identity
of legitimate database users. Specific attack strategies include brute
force attacks, social engineering, and so on. Implementation of
passwords or two-factor authentication is a must. For scalability and
ease-of use, authentication mechanisms should be integrated with
enterprise directory/user management infrastructures.
7. DB Vulnerabilities and Misconfiguration
• It is common to find vulnerable and un-patched databases, or discover databases that still have default
accounts and configuration parameters. Attackers know how to exploit these vulnerabilities to launch attacks
against your organization. Unfortunately, organizations often struggle to stay on top of maintaining database
configurations even when patches are available.

• Countermeasures of Misconfigured Databases

1. No default accounts should be there. Accounts must be created using fresh username and password.
 FAQ
• What do you understand by database security?
• What are threats in DBMS?
• What is RAID?
• What is revoke authentication in SQL?
• Explain privilege in SQL.