Download - DatabaseSecurity Aug14
Database and Web Database Systems
CT014-3-2
Database Security
CT014-3-2 Database and Web Database Systems Database Security
Topic and Structure of the Lesson
• Database security• Security threats• Countermeasures• Web database security• Crash recovery
Slide 2 (of 30)
CT014-3-2 Database and Web Database Systems Database Security Slide 3 (of 30)
Learning Outcomes
At the end of this lesson, YOU should be able to discuss:
•Discuss security threats.•Discuss countermeasures.•Discuss web database security.•Explain crash recovery measures
CT014-3-2 Database and Web Database Systems Database Security Slide 4 (of 30)
Key Terms you must be able to use
If you have mastered this topic, you should be able to use the following terms correctly in your assignments and exams:
• Database security• Security threats• Countermeasures• Web database security• Crash recovery
CT014-3-2 Database and Web Database Systems Database Security Slide 5 (of 30)
Database Security
• Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource.
• Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential.
CT014-3-2 Database and Web Database Systems Database Security
Database Security
• Involves measures to avoid:– Theft and fraud– Loss of confidentiality (secrecy)– Loss of privacy– Loss of integrity– Loss of availability
Slide 7 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Database Security
• Threat– Any situation or event, whether intentional or
unintentional, that will adversely affect a system and consequently an organization.
Slide 8 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Summary of Threats to Computer Systems
Slide 9 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Typical Multi-User Computer Environment
Slide 10 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Countermeasures – Computer-Based Controls
• Concerned with physical controls to administrative procedures and includes: – Authorization– Views– Backup and recovery– Integrity– Encryption– RAID technology
Slide 11 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Countermeasures – Computer-Based Controls
• Authorization– The granting of a right or privilege, which enables
a subject to legitimately have access to a system or a system’s object.
• Authentication– A mechanism that determines whether a user is
who he or she claims to be.
Slide 12 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Countermeasures – Computer-Based Controls
• View– Dynamic result of one or more relational
operations operating on the base relations to produce another relation.
– A virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.
Slide 13 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Countermeasures – Computer-Based Controls
• Backup– Process of periodically taking a copy of the database and log file
(and possibly programs) to offline storage media.
• Journaling– Process of keeping and maintaining a log file (or journal) of all
changes made to database to enable effective recovery in event of failure.
Slide 14 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Countermeasures – Computer-Based Controls
• Integrity– Prevents data from becoming invalid, and hence giving
misleading or incorrect results.
• Encryption– The encoding of the data by a special algorithm that renders
the data unreadable by any program without the decryption key.
Slide 15 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
RAID (Redundant Array of Independent Disks) Technology
• Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.
• Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures.
Slide 16 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
RAID Technology
• Main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, cooling fans.
• Disk drives are most vulnerable components with shortest times between failure of any of the hardware components.
Slide 17 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
RAID Technology
• One solution is to provide a large disk array comprising an arrangement of several independent disks organized to improve reliability and increase performance.
Slide 18 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
DBMSs and Web Security
• Internet communication relies on TCP/IP as the underlying protocol.
• However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.
Slide 19 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
DBMSs and Web Security• Must ensure while transmitting information over the
Internet that:– inaccessible to anyone but sender and receiver (privacy);– not changed during transmission (integrity);– receiver can be sure it came from sender (authenticity);– sender can be sure receiver is genuine (non-fabrication);– sender cannot deny he or she sent it (non-repudiation).
• Must also protect information once it has reached Web server.
Slide 20 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
DBMSs and Web Security
• Download may have executable content, which can perform following malicious actions:
– Corrupt data or execution state of programs.– Reformat complete disks.– Perform a total system shutdown.– Collect and download confidential data.– Usurp identity and impersonate user.– Lock up resources.– Cause non-fatal but unwelcome effects.
Slide 21 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
DBMSs and Web Security
• Measures include:– Proxy servers – Firewalls– Message digest algorithms and digital signatures– Digital certificates– Kerberos– Secure sockets layer (SSL) and Secure HTTP (S-HTTP) – Secure Electronic Transactions (SET) and Secure Transaction
Technology (SST) – Java security– ActiveX security.
Slide 22 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Proxy Servers
• Proxy server is computer that sits between browser and Web server.
• It intercepts all requests to Web server to try to fulfill requests itself.
• Has two main purposes: – improve performance;– filter requests.
Slide 23 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Firewalls
• Designed to prevent unauthorized access to/from a private network.
• Can be implemented in both hardware and software, or a combination of both.
• Several types of firewall techniques: – Packet filter. – Application gateway.– Circuit-level gateway. – Proxy server.
Slide 24 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Message Digest Algorithms
• Message digest algorithm takes an arbitrary-sized string (message) and generates fixed-length string (digest or hash).
• A digest has following characteristics:– Should be computationally infeasible to find another message
that will generate same digest.– Digest does not reveal anything about message.
Slide 25 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Digital Signatures
• Digital signature consists of two parts: – string of bits computed from data being ‘signed’; – private key of individual or organization wishing the
signature.
• Can be used to verify data comes from this individual or organization.
Slide 26 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Digital Signatures
• Digital signature has many useful properties:– Authenticity can be verified, using public key.– Cannot be forged (assuming private key is kept secret). – Function of data signed and cannot be claimed to be signature
for any other data.– Signed data cannot be changed or signature will no longer
verify data as being authentic.
Slide 27 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Digital Certificates
• Attachment to electronic message used for security purposes (e.g. verify user sending message), and provide receiver with means to encode reply.
• Sender applies for certificate from Certificate Authority (CA).
• CA issues encrypted certificate containing applicant’s public key and other identification information.
Slide 28 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Digital Certificates
• CA makes its own public key readily available. • Recipient uses CA’s public key to decode certificate
attached to message, verifies it as issued by CA, and obtains sender’s public key and identification information held within certificate.
• With this information, recipient can send an encrypted reply.
• CA’s role is critical, acting as go-between in relationship between two parties.
Slide 29 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Kerberos
• A server of secured user names and passwords.• Provides one centralized security server for all data and
resources on network. • Database access, login, authorization control, and other
security features are centralized on trusted Kerberos servers.
• Has similar function to that of Certificate server: to identify and validate a user.
Slide 30 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Secure Sockets Layer (SSL)
• Encryption protocol for transmitting private documents. • Designed to prevent eavesdropping, tampering, and
message forgery. • Works by using private key to encrypt data that is
transferred over SSL connection. • Layered between application-level protocols such as
HTTP and TCP/IP transport-level protocol.• Thus, may be used for other application-level protocols
such as FTP and NNTP.
Slide 31 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Secure-HTTP (S-HTTP)
• Protocol for securely transmitting individual messages over Web.
• Both SSL and S-HTTP use techniques such as encryption, and digital signatures, and:– allow browsers and servers to authenticate each other;– allow controlled access to Web site;– ensure data exchanged between browser and server is secure
and reliable.
Slide 32 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Secure Electronic Transactions (SET)
• Open, interoperable standard for processing credit card transactions over Internet, in simple and secure way.
• Transaction is split in such a way that merchant has access to information about:– what is being purchased, – how much it costs, – whether payment is approved,
• but no information on what payment method customer is using.
Slide 33 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Secure Electronic Transactions (SET)
• Card issuer (e.g. Visa) has access to purchase price, but no information on type of merchandise involved.
• Certificates are heavily used by SET, both for certifying cardholder and for certifying that merchant has relationship with financial institution.
Slide 34 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
How SET Works
Slide 35 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Secure Transaction Technology (SST)
• Protocol designed to handle secure bank payments over Internet.
• Uses DES encryption of information, RSA encryption of bankcard information, and strong authentication of all parties involved in transaction.
Slide 36 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Java Security
• Sandbox ensures untrusted application cannot gain access to system resources.
• Involves three components: – class loader; – bytecode verifier;– security manager.
• Safety features provided by language and JVM, and enforced by compiler and runtime system.
• Security is a policy built on top of safety layer.
Slide 37 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
ActiveX Security
• ActiveX security model places no restrictions on what a control can do.
• Instead, each ActiveX control can be digitally signed by its author using system called Authenticode™.
• Digital signatures are then certified by CA. • This security model places responsibility for the
computer’s security on the user.
Slide 38 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Quick Review Question
List the potential threats to a database system.
Slide 39 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
Database Recovery
Slide 40 (of 48)
• Mechanism for restoring a database quickly and accurately after loss or damage
• Recovery facilities:• Backup Facilities• Journalizing Facilities• Checkpoint Facility• Recovery Manager
CT014-3-2 Database and Web Database Systems Database Security
Backup Facilities
Slide 41 (of 48)
• Automatic dump facility that produces backup copy of the entire database
• Periodic backup (e.g. nightly, weekly)• Cold backup – database is shut down during backup• Hot backup – selected portion is shut down and
backed up at a given time• Backups stored in secure, off-site location
CT014-3-2 Database and Web Database Systems Database Security
Journalizing Facilities
Slide 42 (of 48)
• Audit trail of transactions and database updates• Transaction log – record of essential data for each
transaction processed against the database• Database change log – images of updated data
• Before-image – copy before modification• After-image – copy after modification
CT014-3-2 Database and Web Database Systems Database Security Slide 43 (of 48)
Database Audit Trail
From the backup and logs, databases can be restored in case of damage or loss
CT014-3-2 Database and Web Database Systems Database Security
Recovery and Restart Procedures
Slide 44 (of 48)
• Switch - Mirrored databases• Restore/Rerun - Reprocess transactions against the
backup• Transaction Integrity - Commit or abort all transaction
changes• Backward Recovery (Rollback) - Apply before images• Forward Recovery (Roll Forward) - Apply after
images (preferable to restore/rerun)
CT014-3-2 Database and Web Database Systems Database Security Slide 45 (of 48)
Basic Recovery Technique: Rollback
CT014-3-2 Database and Web Database Systems Database Security Slide 46 (of 48)
Basic Recovery Technique:Roll forward
CT014-3-2 Database and Web Database Systems Database Security
Summary
• What is database security.• Threats to a database system.• Measures taken to protect a database from
potential threats.• Crash recovery procedures.
Slide 47 (of 48)
CT014-3-2 Database and Web Database Systems Database Security Slide 29 (of 30)
Q & A
Question and Answer Session
CT014-3-2 Database and Web Database Systems Database Security
Next Session
Database Concurrency Issues
Slide 48 (of 48)
CT014-3-2 Database and Web Database Systems Database Security
DWDS Assignment
Due date extended to:Friday 22-August-2014.