New Attacks: MySQL DBMS vulnerabilityCourse projectStudent: Petras CerniauskasProfessor: Dr.Stefan RobilaCMPT585 Computer And Data SecurityMontclair State UniversityIntroduction Why MySQL? Why database security? What’s the emphasis of the research? User account information security DBMS robustnessUser account information storage System database “mysql” Location ..\data\mysql directory Files are named after table names Each table has 3 files User account information table “user” User account information if stored in user.myd file Main fields “user”, “host”, “password”User authentication User name Stored as plaintext in “user” table There 2 default users “root@localhost” and “root@%” Host name Stored as plaintext in “user” table Password Stored as 41-character hash code in “user”tableResource management Allows setting maximum number of connections per server instance Allows setting number of connections per user account per hourApplied attacks and their strategy Password replacement in user.myd Password field follows user name field It is 41 characters long Generate new password with PASSWORD function Replace 41 characters immediately following “root” or any other readable string with newly generated string Reload privileges with FLUSH PRIVILEGEApplied attacks and their strategy The same as previous strategy, but replacing user and host names New strings are limited to old string length Very simple to change since originals are stored in plaintextApplied attacks and their strategy Deleting or corrupting “user” table files Server fails to start Easy to perform but results are fatal Server does not lock or otherwise protect important system database files Buffer overflow fails due to good protocol design Each message contains message length Server checks for the size and reads only specified number of bytes. Message are limited to hard-coded maximum number of bytesWhat can be done to improve MySQL DBMS security? Running server in a protected environment to prevent internal attacks (using firewall and antivirus real-time protection) User and host name encryption Making password hash code variable length instead of 41 characters System database (“mysql”) file protection (locking by opening exclusively for reading/writing) Getting rid of PASSWORD
View Full Document