Upload
tabitha-lane
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
CS551 Project - Security of Databases
Security of Databases
ByChristopher DiBiagio-Wood
Yves LéPouchardYiting Nan
Kendrick HangTed Hsu
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
22
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Outline
TopicsDatabase Security OverviewObject Oriented Database SecuritySQLOracle® and MS® SQL Server
Active DatabasesData Warehousing and MiningReal-time databasesConclusion
Outline
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
33
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Overview of Database Security
The 3 primary goals of DB SecuritySecrecy
data is not disclosed to unauthorized users
Integrityonly authorized users can modify the data
Availabilityauthorized users are only denied access to data when absolutely necessary
example: table locked for a write operation
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
44
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Models of Database Security
Access Control Listsall users are given lists of rights to all objects in the database (like OSes)
Flow Controlinformation passage between objects is governed by data flow rules
Bell-LaPadula Modelhas two important propertiesthe basis of mandatory access control
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
55
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Comparison of Flow vs. ACLs
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
66
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Mandatory Access Control
Bell-LaPadula Model (saw this before)1. Simple Security Property: A subject S can read an object
O only if [class (O)] <= [class (S)]2. *-Property (Confinement): A subject S can write to an
object O only if [class (O)] >= [class (S)]based on military security ideals, it is described in terms of objects, subjects, security classes, and clearancesSecurity classes are usually ordered TS > S > C > UGiven that objects are given security classes and subjects are given clearances, the database system enforces the security policies using the 2 rules of the above modelthe key issue is that mandatory access control is a system wide policy, not a user controlled access system
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
77
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Discretionary Access Control
Uses privileges that are granted and revoked between users
Weaker than mandatory access control
Strongly linked to SQL92Can grant privileges like this:
GRANT privileges ON object TO users [WITH GRANT OPTION]
Grantable privileges include:select, insert, update, delete, and references
Revoking a privilege can cause cascading revocations
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
88
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Discretionary Access Example
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
99
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Views/Roles
Viewsusers can pass rights for only certain columns or rows in a table (more specific access control)the underlying representation of the view is unknown to the recipient
Rolesprivileges are associated with a job rather than a user, because this is often more naturalusers are assigned to roles in the systemroles can be assigned sub-roles for nesting
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1010
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Covert Channels
A Difficult ProblemThis is an extremely hard to combat method of passing data through unexpected pathways (not new)For instance, use differential commit transactions to pass ‘1’ or ‘0’ from a higher level DB user to a lower level oneStopping this kind of attack often requires limiting the database to one op at a timeYou can also formally prove that a covert attack is not possible (extremely difficult to do)
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1111
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Inference
Inference Attacks produce protected information from databases by logical deduction (usually statistical)Examples:
Salary of the company president is protected, but not the MAX of salaries in the database, which is a statistical queryThe number of top rated people is protected, but not the average rating of the top n, n+1, . . . until the average drops
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1212
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Auditing
Similar to OS auditingA retroactive technique to check whether improper access to database information has been obtained
this allows corrective action to be taken (sometimes automated as part of audit system)it can also notify the DBA of potential security breakdowns or corrupted data and set other processes in motion
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1313
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Encryption
Information can be stored as ciphertext within the databaseThis keeps those who steal the data from being able to decrypt it, because they do not know the keysThis step serves as a good second layer of defense for a data fortress
Overview
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1414
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Object-Oriented Databases
= database containing OO dataData encapsulated in ObjectsObjects = instances of classesObjects have attributes / variablesObject have methods (functions)Objects communicate via messagesInheritance hierarchyDefinition of Object-Oriented is controversial
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1515
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Orion (1)
= discretionary security model for OODB
Role-based (Role Lattice)Classes (AOS) and instances (AOL)Access modes (AAM & ATL)
Write, Read, Generate, Write any, Read Definition
Authorizationsexplicit / implicitpositive / negativestrong / weak
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1616
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Orion (2)
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1717
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Orion (3)
Propagation of access modes restrictedA.up (WA, RD) / A.down (W, R) / A.nil (G)
6 formal rules to describe this propagatione.g Authorizations with access mode belonging to A.down are propagated for subjects at higher levels, and for objects at lower levels as described in the corresponding lattices
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1818
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Message filter (1)
= mandatory security model based on Bell-LaPadula rules
message filter mediates every message exchanged between objectssubjects and objects are considered as objects in the BLP meaningObject has an immutable security levelAlterations to an object (like its creation) consists of a message which is sent by the object to itself
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
1919
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Message filter (2)
Two basic rules:the level of an instance object must dominate the level of the class of which the object is an instancethe level of a subclass must dominate the level of its super class(es)
Three decisions of the message filter:
block, let flow or enforce restriction
OODBS
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2020
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
How SQL handles security
ViewA view is a virtual table. For example:
Create or replace view RESTRICTED_NAMES asSelect * from NAMEWhere Name = User;
Authority SQL99 based on Role-model.
SQL
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2121
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Authority
Advantages of Role-based model:Permit enforcement of the least privilegePermits enforcement of the separation of duties principleSimplified the authorization management task Allows for more powerful administrative policies
SQL
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2222
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Role can be granted two database privileges: system privileges and object privileges create role clerk;
create role manager;grant select on account_access TO clerk;GRANT clerk TO manager;REVOKE SELECT ON account_access FROM clerk;DROP ROLE clerk;
Role can also be authorized by the operating system or network. The SQL statement is like:
CREATE ROLE account_access IDENTIFIED EXTERNALLY;
Example - Oracle 8
SQL
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2323
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
SQL is the standard relational database language
Two widely used commercial relational databases
SQL Server 7 by MicrosoftOracle 8/8i by Oracle
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2424
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
Microsoft SQL Server Security
Claim: “SQL Server 7.0 makes far-reaching enhancements in data security by completely integrating Microsoft Windows NT security into the SQL Server core”
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2525
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
Microsoft SQL Server Security Features
Security ModesRolesPermissionsNetworking Protocols
Version 7 is the first to provide these features
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2626
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
Oracle 8/8i Security FeaturesAuthentication Modes
Oracle, Host OS, Third-Party
Privileges2 types: system and object
Stored ProceduresCall procedures instead of modifying data
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2727
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
Oracle 8/8i Security FeaturesVirtual Private Database
Fine grained control at DB level instead of app level for client interfaces
RolesAuditingDatabase Encryption
Choose from: full, partial, or off-line
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2828
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Relational Databases
SQL Server and Oracle 8i are widely used on the InternetWhat mechanisms do we have when we operate on the Internet?
Still dependent on the operating systemNew features include secure networking and secure services
Oracle &MicrosoftSQL Server
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
2929
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Active Databases
What is an active database?Automatically executes actionsReactive behavior
BenefitsReactive behavior moved to DBMSDBMS can react & monitor specific eventsCentralized & timely
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3030
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Need for Rules System
Most active database definitions informalNeed formal definitionHelp define clear & maintainable policy
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3131
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Active database model
Knowledge Model – describes rules
EventConditionActionECA (Event-condition-action)
Execution Model – describes behaviors associated with rule
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3232
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Termination Problem
Event conditions can call other eventsPossibility of infinite loopSolutions
Static analysis of rules setLimit number of rules evaluated in sequence
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3333
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Granularity
Event granularityTransition granularityNet effect
Multiple event-rule pairs triggeredStarburst
Check with transition tableOption to delay with later net effects
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3434
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Need for Monitors
Needed to enforce policyMonitors
Event DetectorCondition MonitorSchedulerQuery evaluator
Active DB
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3535
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Data Warehousing and Mining
Data warehousingA technique to integrate an
organization’s distributed, autonomous, and heterogeneous data for use in analysis.
Data mining A technology that converts data in data
warehouse into useful information. It can give a complete picture of the data.
Data mining/warehouse
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3636
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Security in Data Warehousing
Characters Subject-oriented Integrated Time-variant Low volatility
Issues security architectures, integrating multiple security policies for the
warehouse, inference problem, administrating and auditing the warehouse.
Data mining/warehouse
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3737
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Data Mining and Security
As a technique to handle security problemsSuch as intrusion detection and database
auditing, which finding abnormal pattern in audit data.
Security in data mining itselfThe main problem is the inference
problem. It is a dual-edged sword.
Data mining/warehouse
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3838
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Same problem as statistical databases have. Do not know what it is we are trying to protect. Opposite of raised by statistical/summary queries thatvalue to be protected is the individual values of data
instances.
Model imprecise database inference. Establish the granularity of inference and evaluate the potential of inference compromise. Materialization of latent facts and rules (inference channels) Representation method to express common sense knowledge
Data mining/warehouse
Data Mining - Challenges
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
3939
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Mining - Current Approaches
Before-hand Adding an inference
controller between data mining tools and data warehouse.
After-handUse data mining tools to
see whether sensitive information can be deduced.
Data mining/warehouse
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4040
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Real-time Database Definition
A real-time database is a database in which each transaction has a deadline.
Implies:Real-time database correctness is based
on both logical correctness and the timelines of its actions. Real-time
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4141
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Real-time DB Motivation
Many RTDBS applications arise in safety-critical areas where enforcing security is crucial (aerospace, stock
exchanges)A secure RTDBS has to simultaneously satisfy two conflicting requirements - guarantee data security and minimize the number of missed transaction deadlines. Real-time
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4242
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Real-time Database Issues
New architectural and transaction processing model
New approaches to supporting transaction scheduling and concurrency control
New specification language New metrics for evaluation
Real-time
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4343
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Assumption:Timeliness is more essential than security
and hence security can be traded for timeliness.
Solution:Defined the notion of partial security. Classified transactions into three catalogs:
class1 - Critical and periodic transactions class2 - Critical and aperiodic transactions class3 - Non-critical transactions
Real-time
Real-time DB Proposals (1)
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4444
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Assumption:Security is of utmost importance (i.e. it is
a correctness criterion) whereas timeliness is a performance issue.
Solution:Simultaneously using different
Concurrent Control protocols in order to guarantee security and improve real time performance. Real-time
Real-time DB Proposals (2)
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4545
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Conclusion
Database security is a complex topicThere are many different database paradigms and hence many different security modelsCommercial systems only implement part of the solutions to dateMore standardization is neededMore research is needed
Conclusion
04/2604/2620002000
University of Virginia - CS551 Project - Security of Databases
4646
Outline
Overview
OODBS
SQLOracle &MicrosoftSQL Server
Active DB
Data mining/warehouse
Real-time
Conclusion
Our Web Page
Go here to learn more:www.cs.virginia.edu/~kjh7r