CHAPTER 30

Database Security

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe

Introduction to Database Security
Issues
 Threats to databases
 (1)Loss of integrity
 Improper modification of information
 (2)Loss of availability
 Legitimate user cannot access data objects
 (3)Loss of confidentiality
 Unauthorized disclosure of confidential information

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 2

Control Measures
 Four Main Control measures
 (1)Access control
 Handled by creating user accounts and passwords
 (2)Inference control (for statistical DBs)
 Must ensure information about individuals cannot be
accessed
 (3)Flow control
 Prevents information from flowing to unauthorized
users
 (4)Data encryption
 Used to protect sensitive transmitted data
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 3
Access Control, User Accounts, and
Database Audits
 User must log in using assigned username and
password
 Login session
 Sequence of database operations by a certain
user
 Recorded in system log
 Database audit
 Reviewing log to examine all accesses and
operations applied during a certain time period

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 4

Introduction to Database Security
Issues (cont’d.)
Two types of database security mechanisms:
 (1)Discretionary security mechanisms
 Used to grant privileges to users or revoked
 (2)Mandatory security mechanisms
 Classify data and users into various security
classes
 Implement security policy
 (2.1)Role-based security: An extension of
Mandatory

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 5

(1) Discretionary Access Control Based
on Granting and Revoking Privileges
 DAC: Two levels for assigning privileges to use a
database system
 (1)Account level
At this level, the DBA specifies the particular privileges that each
account holds independently of the relations in the database
Example: CREATE, DROP, ALTER, MODIFY
Grant Create user To User_B
 (2)Relation (or table) level
At this level, the DBA can control the privilege to access each individual
relation or view in the database
Access matrix model
Example: Grant Select On Department To A1

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 6

 Discretionary Access Control (cont’d.)
 Relation or table level
 Owner of a relation given all privileges on that relation.
Owner can grant privileges to other users on any
owned relation
 A can create view V of R that includes only attributes
A wants B to access
 Example: Grant SELECT on V to User_B
Revoking of Privileges:
Example: Revoke SELECT on V From User_B
Propagation of privileges using the GRANT OPTION
Example:
Grant Insert On Department To A2 with grant Option
Slide 30- 7
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe
Example: Matrix Table (Discretionary)
Relations or Employee Department Student Views V1
view and Relation Relation Relation
users
User A1 Select Insert , delete Update All

User A2 Select All update select

User A3 Insert Delete all none

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 8

(2) Mandatory Access Control and Role-Based
Access Control for Multilevel Security

 Mandatory access control

 Additional security policy that classifies data and
users based on security classes
 Typical security classes
 Top secret (T)
 Secret(S) T>S>C>U
 Confidential (C )
 Unclassified (U)
 Bell-LaPadula model
 Subject(user) and object(data) classifications

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 9

Mandatory Access Control and Role-Based
Access Control for Multilevel Security (cont’d.)

 Simple security property

 Subject not allowed read access to object unless
class(Subject)≥class(Object)
 Prevent information from flowing from higher to
lower classifications
 Attribute values and tuples considered as data
objects

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 10

 Filtering
 Sometimes it is necessary to store two or more
tuples at different classification levels with the same
apparent key
 Several tuples have the same key, but have different
values for users at different clearance levels
 Example
R(A1, C1, A2, C2, … , An, Cn, TC)
where each Ci represents the classification attribute
associated with attribute Ai. The value of TC in each
tuple t is the highest of all attribute classification
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 11
SELECT * FROM EMPLOYEE
This Figure has a multilevel
relation to illustrate multilevel
security
(a) The original EMPLOYEE
tuples
(b) Appearance of EMPLOYEE
after filtering for
classification C users.
(c) Appearance of
EMPLOYEE after filtering
for classification U users
Smith tuple

Clearance S user: Sees (a)

Clearance C user : Sees (b)
Clearance U user: sees (c)

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 12

More example
 How does a user with a clearance Level C see
this table:
St-name C1 City C2 Salary C3 TC
Ali C Amman C 220 U C
Rayan S Irbid S 225 T T
Mohammad U Aqaba T 405 T T
Ahmad C Amman C 750 S S
Basel C Madaba U 650 S S

T>S>C>U

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 8- 13

More example
 How does a user with a clearance Level C see
this table:
St-name C1 City C2 Salary C3 TC
Ali C Amman C 220 U C
Rayan S Irbid S 225 T T
Mohammad U Aqaba T 405 T T
Ahmad C Amman C 750 S S
Basel C Madaba U 650 S S

T>S>C>U

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 8- 14

More example
 How does a user with a clearance Level C see
this table:
St-name C1 City C2 Salary C3 TC
Ali C Amman C 220 U C
null - null - null - -
Mohammad U null - null - U
Ahmad C Amman C null - C
Basel C Madaba U null - C

T>S>C>U

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 8- 15

Comparing Discretionary Access
Control and Mandatory Access Control
 DAC policies have a high degree of flexibility
 Do not impose control on how information is
propagated
 Mandatory policies ensure high degree of
protection
 Prevent illegal information flow

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 16

(2.1)Role-Based Access Control
 It is managing and enforcing security in large-
scale enterprise-wide systems.
 Permissions associated with organizational roles
Users are assigned to appropriate roles
Example : Create Role roleName;
Grant select On Department To roleName;
Grant insert, Update On student To roleName;
Grant roleName to username;

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 17

 Example
 Use the following access matrix to make role for
User A1( MySQL-grant and revoke)
Relations or Employee Department Student Views V1
view and Relation Relation Relation
users
User A1 Select Insert , Update All
delete
User A2 Select All update select

User A3 Insert Delete all none

Create Role R1;

Grant select On Employee To R1;
Grant insert, delete On Department To R1;
Grant update On Student To R1;
Grant all privileges on V1 To R1;
Grant R1 to A1;
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 18
Role-Based Access Control
 Can be used with traditional discretionary and
mandatory access control.
 Mandatory with roles

Each user has classification level and Role.

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 19

Label-Based Security and Row-Level
Access Control
 Sophisticated access control rules implemented
by considering the data row by row
 Each row given a label which is used to store
information about data sensitivity
 Used to prevent unauthorized users from viewing
or altering certain data
 Label security policy
 Defined by an administrator
 On top of DAC (the use must satisfy DAC and
then the label security requirements)
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 20
Introduction to Statistical
Database Security
 Statistical databases used to provide statistics
about various populations
 Users permitted to retrieve statistical information
 Must prohibit retrieval of individual data
 Population: set of tuples of a relation (table) that
satisfy some selection condition.
 Statistical queries involve applying statistical
functions to a population of tuples.

The PERSON relation schema for illustrating statistical database security Such as sex=‘M’ .

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 21

Inference Problem

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 22

Inference Example

 In some cases it is
possible to infer
the values of
individual tuples
from a sequence
of statistical
queries.

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 23- 23

Introduction to Statistical
Database Security (cont’d.)
 Only statistical queries are allowed

 How to prevent the inference of individual

information
 Provide minimum threshold on number of tuples
 Prohibit sequences of queries that refer to the
same population of tuples
 Partition the database

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 24

Encryption and Public Key
Infrastructures
 Encryption converts data(plaintext) into ciphertext
 Performed by applying an encryption algorithm to
data using a prespecified encryption key
 Resulting data must be decrypted using a decryption
key to recover original data
 Data Encryption Standard (DES)
 Is a system developed by the U.S. Government for
use by the general public. (Cryptographic) Plaintext
is encrypted as blocks of 64 bits.
 Advanced Encryption Standard (AES)
 More difficult to crack (This algorithm has a block
size of 128 bits) Slide 30- 25
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe
Encryption and Public Key
Infrastructures (cont’d.)
 Symmetric key algorithms
 Also called secret key algorithms. A symmetric key
is one key that is used for both encryption and
decryption.
 Can apply some function to a user-supplied
password string at both sender and receiver
 Public (asymmetric) key encryption
 Involves public key and private key
 Private key is not transmitted

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 26

Encryption and Public Key
Infrastructures (cont’d.)
 Public (asymmetric) key encryption steps
 Sender encrypts message using receiver’s public
key
 Receiver decrypts message using receiver’s
private key
 Example :RSA is public key encryption algorithm

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 27

Digital Signatures
 A digital signature is an example of using
encryption techniques to provide authentication
services in electronic commerce applications.
 Consist of string of symbols and it is unique
 Public key techniques used to create digital
signatures.
 Signatures must be different for each use. This
can be achieved by making each digital signature
a function of the message that it is signing,
together with a timestamp
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 28
Digital Certificates
 Combines value of a public key with the identity
of the person or service that holds the
corresponding private key into a digitally signed
statement
 Information included in the certificate
 Owner information
 Public key of the owner
 Date of certificate issue and validity period
 Issuer identification
 Digital signature
Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 29
Challenges to Maintaining
Database Security
 (1)Data quality: The database community needs
techniques to assess the quality of data, such as.
 Quality stamps
 Application-level recovery techniques to
automatically repair incorrect data
 (2)Intellectual property rights, we can use
 Digital watermarking techniques, they protect
content from unauthorized duplication and
distribution by enabling provable ownership of the
content.

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 30

Challenges to Maintaining
Database Security (cont’d.)
 (3)Database survivability. A DBMS should be
able to do the following:
 Confinement: take immediate action to
eliminate/reduce attacker's access
 Damage assessment
 Reconfiguration
 Repair: recover corrupted or lost data and reinstall
failed system functions
 Fault treatment: identify the weaknesses and holes

Copyright © 2016 Ramez Elmasri and Shamkant B. Navathe Slide 30- 31