SecurityDatabase Security: DefinitionsWhy SecurityAspects of Security RiskExamples of Threats & RisksSources of Threats (p. 521)Who can use the data?SQL GRANT / REVOKE… Are You Who You Say You Are?Risks of PasswordsDBMS Account/PasswordsUsers & GroupsViewsStatistical Database SecurityCountermeasuresEncryptionEncryption DefinitionsEncryption IdeasVery Simple EncryptionPrivate Key EncryptionPublic Key EncryptionPublic vs. Private KeyRAID: Data Storage RedundancyError-Detecting & Correcting CodesWeb SecurityMechanisms for Web SecuritySecurity on the WebSQL Injection AttackSQL Injection AttackProtecting against User Input AttacksRequirements for a Safe TransactionSlide 32Secure Sockets Layer, Secure HTTPSecure Electronic Transactions (SET)SecurityCPSC 356 DatabaseEllen WalkerHiram College(Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)Database Security: Definitions•Security –The mechanisms that protect the database against intentional or accidental threats•Threat–Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organizationWhy Security•Data is a valuable resource•Corporate data can be strategic–Trade secrets–Customer relationship information–Details of financials (costs, profits, etc.)•Personal data can be sensitive–Medical records–Financial recordsAspects of Security Risk•Theft and fraud•Loss of confidentiality•Loss of privacy•Loss of integrity•Loss of availabilityExamples of Threats & Risks•Using another person’s access–Theft/fraud, confidentiality, privacy•Unauthorized changes to data–Theft/fraud, integrity, availability•Theft of data, programs, and equipment–Theft/fraud, confidentiality, privacy, availability•Power loss or surge; fire; physical damage–Integrity, availability•Inadequate staff training–Confidentiality, privacy, integrity, availabilitySources of Threats (p. 521)Who can use the data?•Authorization–Granting a user rights or privileges to access the system or some data•Controlling privileges–Discretionary Access Control•SQL grant & revoke statements –Mandatory Access Control•Clearance attributes in tuples themselvesSQL GRANT / REVOKE–GRANT SELECT ON Hotel, Room, Booking TO Users–GRANT SELECT, UPDATE on Hotel, Room, Booking TO Managers WITH GRANT OPTION–REVOKE ALL PRIVILEGES from User256… Are You Who You Say You Are?•Authentication–Secret passwords (most common)–Physical “keys” (e.g. dongles)–Biometrics•Fingerprint•Voiceprint•Retinal scan•Iris measurementsRisks of Passwords•Guessable passwords–Name, address, significant other, ssn–Dictionary words (or slight variations)–No special characters–Short passwords•Shared passwords–Sharing with friends–Sticky note on monitor–FraudDBMS Account/Passwords•Separate passwords for the DBMS–Some degree of safety–Users need to remember multiple passwords•Use OS accounts / passwords–DB is only as secure as OS–User can’t be one account on OS and another on DBUsers & Groups•DBA can set up users and groups; assign users to groups–E.g. Administrators, Managers, Users•Users and Groups can have various authorizations–SELECT, UPDATE, DELETE, INSERT, ALL•Access control matrix–Rows are users / groups–Columns are attributes–Values are privilegesViews•Views allow attributes to be hidden from users•User has access to view, but not to base table–Faculty sees class list, but cannot access complete student records–Department members see total salary budget, but not individual salariesStatistical Database Security•Careful use of aggregates can reveal “hidden” information!–Min and max of salaries of dept. with 2 individuals–Average salaries of two sets of employees that overlap by exactly one individual–Careful construction of conditions that select one individualCountermeasures•Don’t report small sets–Still doesn’t solve “difference” problem•Add random “noise” to each result–Aggregate data will be “close enough” for most valid purposes–Differences won’t be accurate anymore–Many databases do thisEncryption•Prevents data from being useful if it is stolen…–Theft of media (disks, backup tapes)–Eavesdropping (wiretapping, network “sniffing”)•Unauthorized user sees gibberish•Authorized access through DB gets decrypted–Requires extra time for every accessEncryption Definitions•Plaintext–The original information•Ciphertext–Information as stored or passed on a public line (unintelligible)•Encryption Key, Algorithm–Transforms plaintext into ciphertext•Decryption Key, Algorithm–Transforms ciphertext into plaintextEncryption Ideas•Use a secret algorithm to transform the data. Only authorized recipients know the algorithm.•Use an algorithm that takes data and a key and performs math on it. For example, multiply data by key. –With the key, divide to get the data–Without the key, try all factors?Very Simple Encryption•The Caesar cipher: each letter is replaced by one 13 steps ahead (with wrap) in the alphabet.–“Database” becomes “Qngnonfr”–“Qngnonfr” becomes “Database”•No specific key; encryption and decryption algorithm are the same–Can generalize to arbitrary shift; key is number of letters to shift.Private Key Encryption•Algorithm does encryption and decryption with a single key•Sender and recipient of message must both have the key•Problem: transmitting the key securely!•Example:–Data Encryption Standard (DES) 56-bit key–PGP 128-bit key–The longer the key, the harder to break.Public Key Encryption•Pair of keys: public and private•Message encrypted by public key can be decrypted by private key & vice versa (asymmetric)•Algorithm is public. All public keys are in a “phone book”.•If I want to send you a message, I encrypt it using your public key. Only you (with your private key) can decrypt it•To sign the message, I encrypt a signature with my private key. You verify it’s me by decrypting it with my public key. •Example: RSA Algorithm (initials of authors)Public vs. Private Key•Private key encryption / decryption is usually faster•Private keys can be exchanged using a public key method.RAID: Data Storage Redundancy•Addresses risks of data loss, loss of integrity•RAID = Redundant Array of Independent Disks•Levels 0 through 6 include combinations