Computer Security: Principles and Practice

Similar documents
Ch.5 Database Security. Ch.5 Database Security Review

Computer Security (EDA263 / DIT 641)

Computer Security (EDA263 / DIT 641)

BM482E Introduction to Computer Security

Part II: Database Security

Chapter 23. Database Security. Security Issues. Database Security

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Lecture 6. SQL, Logical DB Design

DATABASE SECURITY, INTEGRITY AND RECOVERY

Database Security. Chapter 21

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

INFO/CS 330: Applied Database Systems

ITM661 Database Systems. Database Security and Administration

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

The Relational Model. Why Study the Relational Model?

In This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.

Database and Data Mining Security

UQC103S1 UFCE Systems Development. uqc103s/ufce PHP-mySQL 1

There are five fields or columns, with names and types as shown above.

How I hacked PacketStorm ( )

University of Massachusetts Amherst Department of Computer Science Prof. Yanlei Diao

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University

Foundations of Business Intelligence: Databases and Information Management

The Relational Model. Why Study the Relational Model? Relational Database: Definitions. Chapter 3

How To Create A Table In Sql (Ahem)

Database Administration with MySQL

Database Security. Database Security Requirements

Chapter 6 FOUNDATIONS OF BUSINESS INTELLIGENCE: DATABASES AND INFORMATION MANAGEMENT Learning Objectives

Course MIS. Foundations of Business Intelligence

CSCI-UA: Database Design & Web Implementation. Professor Evan Sandhaus sandhaus@cs.nyu.edu evan@nytimes.com

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Physical Database Design Process. Physical Database Design Process. Major Inputs to Physical Database. Components of Physical Database Design

Basic Concepts of Database Systems

The Relational Model. Why Study the Relational Model? Relational Database: Definitions

Overview. Edvantage Security

Database Security. The Need for Database Security

SQL, PL/SQL FALL Semester 2013

Outline. Data Modeling. Conceptual Design. ER Model Basics: Entities. ER Model Basics: Relationships. Ternary Relationships. Yanlei Diao UMass Amherst

DATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS

Introduction to IT Security

Chapter 6: Physical Database Design and Performance. Database Development Process. Physical Design Process. Physical Database Design

DB2 - DATABASE SECURITY

Oracle Database 10g Express

Introduction to Databases

Short notes on webpage programming languages

TIM 50 - Business Information Systems

Basic Unix/Linux 1. Software Testing Interview Prep

Developing and Implementing Web Applications with Microsoft Visual C#.NET and Microsoft Visual Studio.NET

Defense In-Depth to Achieve Unbreakable Database Security

CSC 443 Data Base Management Systems. Basic SQL

Oracle Database Security

IT360: Applied Database Systems. Database Security. Kroenke: Ch 9, pg PHP and MySQL: Ch 9, pg

1. INTRODUCTION TO RDBMS

5.5 Copyright 2011 Pearson Education, Inc. publishing as Prentice Hall. Figure 5-2

IBM Tivoli Monitoring V6.2.3, how to debug issues with Windows performance objects issues - overview and tools.

Foundations of Business Intelligence: Databases and Information Management

A Brief Introduction to MySQL

Database Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.

ADO and SQL Server Security

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Administering a Microsoft SQL Server 2000 Database

How To Secure Wireless Networks

Chapter 23. Database Security. Security Issues. Database Security

Alexander Nikov. 5. Database Systems and Managing Data Resources. Learning Objectives. RR Donnelley Tries to Master Its Data

SQL Injection Vulnerabilities in Desktop Applications

Services. Relational. Databases & JDBC. Today. Relational. Databases SQL JDBC. Next Time. Services. Relational. Databases & JDBC. Today.

Introduction to Computing. Lectured by: Dr. Pham Tran Vu

Computer Security: Principles and Practice

Database 10g Edition: All possible 10g features, either bundled or available at additional cost.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Foundations of Business Intelligence: Databases and Information Management

Databases and Information Management

Database Security. Sarajane Marques Peres, Ph.D. University of São Paulo

SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova

Administering a Microsoft SQL Server 2000 Database

Database Security and Authorization

Chapter 2: Security in DB2

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Extracting META information from Interbase/Firebird SQL (INFORMATION_SCHEMA)

SQL Server An Overview

Chapter 8 A secure virtual web database environment

Oracle Database 10g: Introduction to SQL

Overview. Physical Database Design. Modern Database Management McFadden/Hoffer Chapter 7. Database Management Systems Ramakrishnan Chapter 16

Where every interaction matters.

Using SQL Server Management Studio

Foundations of Business Intelligence: Databases and Information Management

Apache Sentry. Prasad Mujumdar

Relational Database: Additional Operations on Relations; SQL

5 Simple Steps to Secure Database Development

How To Protect Your Network From Attack From Outside From Inside And Outside

Databases and BigData

An Introduction to SQL Injection Attacks for Oracle Developers. January 2004 INTEGRIGY. Mission Critical Applications Mission Critical Security

Secure Your Hadoop Cluster With Apache Sentry (Incubating) Xuefu Zhang Software Engineer, Cloudera April 07, 2014

ICOM 6005 Database Management Systems Design. Dr. Manuel Rodríguez Martínez Electrical and Computer Engineering Department Lecture 2 August 23, 2001

Review: Participation Constraints

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Transcription:

Computer Security: Principles and Practice Chapter 5 Database Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Database Security 1

Relational Databases constructed from tables of data each column holds a particular type of data each row contains a specific value these ideally has one column where all values are unique, forming an identifier/key for that row have multiple tables linked by identifiers use a query language to access data items meeting specified criteria Relational Database Example 2

Relational Database Elements relation / table / file tuple / row / record attribute / column / field primary key uniquely identifies a row foreign key links one table to attributes in another view / virtual table Relational Database Elements 3

Structured Query Language Structure Query Language (SQL) originally developed by IBM in the mid-1970s standardized language to define, manipulate, and query data in a relational database several similar versions of ANSI/ISO standard CREATE TABLE department ( Did INTEGER PRIMARY KEY, Dname CHAR (30), Dacctno CHAR (6) ) CREATE VIEW newtable (Dname, Ename, Eid, Ephone) AS SELECT D.Dname E.Ename, E.Eid, E.Ephone FROM Department D Employee E WHERE E.Did = D.Did CREATE TABLE employee ( Ename CHAR (30), Did INTEGER, SalaryCode INTEGER, Eid INTEGER PRIMARY KEY, Ephone CHAR (10), FOREIGN KEY (Did) REFERENCES department (Did) ) Database Access Control DBMS provide access control for database assume have authenticated user DBMS provides specific access rights to portions of the database e.g. create, insert, delete, update, read, write to entire database, tables, selected rows or columns possibly dependent on contents of a table entry can support a range of policies: centralized administration ownership-based administration decentralized administration 4

SQL Access Controls two commands: GRANT { privileges role } [ON table] TO { user role PUBLIC } [IDENTIFIED BY password] [WITH GRANT OPTION] e.g. GRANT SELECT ON ANY TABLE TO ricflair REVOKE { privileges role } [ON table] FROM { user role PUBLIC } e.g. REVOKE SELECT ON ANY TABLE FROM ricflair typical access rights are: SELECT, INSERT, UPDATE, DELETE, REFERENCES Cascading Authorizations 5

Role-Based Access Control role-based access control work well for DBMS eases admin burden, improves security categories of database users: application owner end user administrator DB RBAC must manage roles and their users cf. RBAC on Microsoft s SQL Server Inference 6

Inference Example Inference Countermeasures inference detection at database design alter database structure or access controls inference detection at query time by monitoring and altering or rejecting queries need some inference detection algorithm a difficult problem cf. employee-salary example 7

Statistical Databases provides data of a statistical nature e.g. counts, averages two types: pure statistical database ordinary database with statistical access some users have normal access, others statistical access control objective to allow statistical use without revealing individual entries security problem is one of inference Statistical Database Security use a characteristic formula C a logical formula over the values of attributes e.g. (Sex=Male) AND ((Major=CS) OR (Major=EE)) query set X(C) of characteristic formula C, is the set of records matching C a statistical query is a query that produces a value calculated over a query set 8

Statistical Database Example Protecting Against Inference 9

Tracker Attacks divide queries into parts C = C1.C2 count(c.d) = count(c1) - count (C1. ~C2) combination is called a tracker each part acceptable query size overlap is desired result Other Query Restrictions query set overlap control limit overlap between new & previous queries has problems and overheads partitioning cluster records into exclusive groups only allow queries on entire groups query denial and information leakage denials can leak information to counter must track queries from user 10

Perturbation add noise to statistics generated from data will result in differences in statistics data perturbation techniques data swapping generate statistics from probability distribution output perturbation techniques random-sample query statistic adjustment must minimize loss of accuracy in results Database Encryption databases typical a valuable info resource protected by multiple layers of security: firewalls, authentication, O/S access control systems, DB access control systems, and database encryption can encrypt entire database - very inflexible and inefficient individual fields - simple but inflexible records (rows) or columns (attributes) - best also need attribute indexes to help data retrieval varying trade-offs 11

Database Encryption Summary introduced databases and DBMS relational databases database access control issues SQL, role-based inference statistical database security issues database encryption 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information