Comp 424Lecture 12Database Security●DBMS: Database Management System●RDBMS:Relational Database Management System–Ubiquitous–Examples:●ACCESS●Oracle●PostgreSQL●MySQL●Data is organized as tables of records●Tables as organized as columns of data. Name of the column is an “attribute” or piece of data.●Schema: Collection of tables and the manner in which they are related.–SubSchema: a subset of tables●Queries: Structured Query Language (SQL)–Example:SELECT *FROM studentsWHEREfirstname=”John”;Database Advantages●Shared Access: user share a common set of data●Minimal Redundancy: “normalization” of tables results in minimum redundancy of information●Data Consistency: changes to a set of values affects all users.●Data Integrity: access to and modification of database is done in a manner that prevents unauthorized manipulation●Controlled Access: only authorized users allowedSecurity requirements●$$$$$$: Databases in many cases represent the only truly valuable asset of a company.●Corruption, loss of theft of databases can literally destroy companies. (Bank of America: grrrrr....)●Databases share similar security requirements as other resources we have studied to date.●Some security requirements become more important though. (integrity/access for example)Requirements●Physical Database Integrity–The data of a database should be immune to physical problems:●Loss of power●Loss of machine–Oracle is a leader in this area. MySQL lacks some of these features–Journals and transaction logging can be used to restore incomplete actions.●Logical database integerity–Structure of the database should be preserved.–This is usually enforced through a standardized language and the implementation of the RDBMS.●Element Integrity:–data contained in each element (or cell) should be accurate and remain so.●Auditability:–It should be possible to track who or what has access the database.–This can be accomplished a number of ways●Log files generated by RDBMS●Data collected by access applications●Data collected and stored as part of the schema●Access Control:–Users should be allowed to access only authorized data.–Different users can be restricted to different modes of access–MySQL uses the concept of privileges to accomplish this (GRANT/REVOKE)●User Authentication”–Every user is positively identified.●To complete the audit trail●To decide permissions●Availability:–Users can access data when they need it without deadlock, starvation or other Denial Of Service type issues.Two-Phase Updates●Systems that crash in the middle of doing something or otherwise exhibit non-atomic updates are severe problems for DBMS.●Problem is solved by a Two Phase Update procedure...●1st phase: “Intent phase”: gather all required resources needed: Information, Locks, files etc.–Everything from this phase can be repeated since o changes are made.–Last event taken: “committing”; a commit flag is written to the database.●2nd phase: “modification”: no actions prior to the commit can be repeated but any actions in the 2nd phase can be repeated as many times as desired.Alternatives●Error detection and Correction Codes:–CRC and other fingerprint checksum techniques can be used to determine valid data from invalid data and the invalid data can be recopied/transacted.–Can be applied to fields, rows, tables or schemas●Shadow fields: second copies of data. Corrupt or incomplete main fields can be replaced with shadow data to maintain integrity.●Transaction Rollback capability (e.g. Oracle)Concurrency●DBMS are designed to support simultaneous users.●Facilties most be present to support concurrency.–Table locking and row locking commands exist in, at least, MySQLMonitors●Range comparisons–Database prevents illegal values from being entered●State constraints–Database prevents combinations of information from being entered (Males with two X chromosomes for instance)●Transition Constraints–Orders cannot go from “ordered” to “paid” without first being “shipped”.Data Sensitivity●Inherently Sensitive: Defense Locations●From a sensitive source: snitches●Declared Sensitive: sensitivity decided by authority.●Relation to previously disclosed data.Disclosure●Exact:–allows for the actual data to become known●Bounds:–can allow for arbitrary position to be obtained●Negative Result:–Can allow for values to be deduced through process of elimination.Inference●Direct Attacks:–Direct SQL queries for items of interest (easy to spot and detect)–Queries the obfuscate the obvious using contradictions or tautologies can directly acquire information●Indirect attacks:–Sum: No student living in Grey receives financial aid -> a student receiving financial aid does not live in Grey.–Count: Used with Sum to reveal specifics–Median: intersection of two medians produces a single