New Attacks: MySQL DBMS vulnerabilityCourse projectStudent: Petras CerniauskasProfessor: Dr.Stefan RobilaCMPT585 Computer And Data SecurityMontclair State UniversityIntroduction Why MySQL? Why database security? What’s the emphasis of the research? User account information security DBMS robustnessUser account information storage System database “mysql” Location ..\data\mysql directory Files are named after table names Each table has 3 files User account information table “user” User account information if stored in user.myd file Main fields “user”, “host”, “password”User authentication User name Stored as plaintext in “user” table There 2 default users “root@localhost” and “root@%” Host name Stored as plaintext in “user” table Password Stored as 41-character hash code in “user”tableResource management Allows setting maximum number of connections per server instance Allows setting number of connections per user account per hourApplied attacks and their strategy Password replacement in user.myd Password field follows user name field It is 41 characters long Generate new password with PASSWORD function Replace 41 characters immediately following “root” or any other readable string with newly generated string Reload privileges with FLUSH PRIVILEGEApplied attacks and their strategy The same as previous strategy, but replacing user and host names New strings are limited to old string length Very simple to change since originals are stored in plaintextApplied attacks and their strategy Deleting or corrupting “user” table files Server fails to start Easy to perform but results are fatal Server does not lock or otherwise protect important system database files Buffer overflow fails due to good protocol design Each message contains message length Server checks for the size and reads only specified number of bytes. Message are limited to hard-coded maximum number of bytesWhat can be done to improve MySQL DBMS security? Running server in a protected environment to prevent internal attacks (using firewall and antivirus real-time protection) User and host name encryption Making password hash code variable length instead of 41 characters System database (“mysql”) file protection (locking by opening exclusively for reading/writing) Getting rid of PASSWORD