Page-1

ORACLE DATABASE SECURITY

Page-2

Oracle Database Security Defense-in-Depth

Access Control

• Oracle Database Vault

• Oracle Label Security

• Oracle Advanced Security

• Oracle Secure Backup

• Oracle Data Masking

Encryption and Masking

Auditing and Monitoring

• Oracle Audit Vault

• Oracle Configuration Management

• Oracle Total Recall

• Oracle Database Firewall

Blocking and Logging

Page-3

Agenda

• Oracle DB Security

• Protecting Data

– Encrypt stored data

– Mask data that is not used for production

• Controlling data access

– Implementing the Virtual Private Database (VPD)

– Using Oracle Label Security (OLS)

• TDE

• Summary

Page-4

Agenda

• Oracle DB Security

• Protecting Data

– Encrypt stored data

– Mask data that is not used for production

• Controlling data access

– Implementing the Virtual Private Database (VPD)

– Using Oracle Label Security (OLS)

• TDE

• Summary

Page-5

Data Masking

• What is data masking? Data masking is the process of replacing sensitive information with realistic data based on masking rules.

• Why use data masking? Use data masking so that data can be shared with nonproduction users such as testing companies.

Page-6

Data Masking

EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER

100 King 90 515.123.4567

105 Austin 60 590.423.4569

110 Chen 100 515.124.4269

EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER

468 Jefferies 90 510.555.1256

975 Smith 60 650.555.9753

396 Allen 100 925.555.3597

Page-7

Data Masking: Features

• Uses an irreversible process to replace the sensitive database based on masking rules

• Ensures that the original data cannot be retrieved, recovered, or restored

• Enables you to define a central definition for common data masking formats to be used with all databases

Page-8

Implementing Data Masking

Identifysensitive

information

Createdata mask

formats

Createmasking

definitions

Cloneproductionto staging

Createmasking

definitions

Executemasking

job

Clonestagingto test

Security admin

DBA

Production Staging Test

App DBA

Page-9

Data Masking

Page-10

Agenda

• Oracle DB Security

• Protecting Data

– Encrypt stored data

– Mask data that is not used for production

– TDE

• Controlling data access

– Implementing the Virtual Private Database (VPD)

– Using Oracle Label Security (OLS)

• Summary

Page-11

Discretionary Access Control

Joe

Fred

GRANT SELECT ON emp TO JOE;

REVOKE SELECT ON emp FROM FRED;

How to secure row or column level?

Page-12

Oracle VPD

• A Virtual Private Database (VPD) combines an application context and FGAC

– Fine-grained access control: associate security policies to database objects

– Application Context: define and access application or session attributes

• Enforce business rules to limit row access

• Use a secure application context to provide high-performance resolution of user attributes

Page-13

Why VPD?

• Scalability – Table Customers contains 1,000 customer records. Suppose we

want customers to access their own records only. Using views, we need to create 1,000 views. Using VPD, it can be done with a single policy function.

• Simplicity– Say, we have a table T and many views are based on T. Suppose we

want to restrict access to some information in T. Without VPD, all view definitions have to be changed. Using VPD, it can be done by attaching a policy function to T; as the policy is enforced in T, the policy is also enforced for all the views that are based on T.

• Security– Server-enforced security (as opposed to application-enforced).

– Cannot be bypassed. (There are two exceptional cases, though.)

Page-14

How Fine-Grained Access Control Works

1. The user accesses a table or view with a policy.

2. The data server calls the policy function.

3. The policy function returns a predicate.

4. The data server adds the predicate to the statement.

5. The data server executes the modified statement.

becomes

SELECT * FROM orders WHERE customer_id = sys_context

('oeapp','cust_id');

SELECT * FROM orders;

Page-15

Application Context

• Application contexts act as secure caches of data that may be used by a fine-grained access control policy.

– Upon logging into the database, Oracle sets up an application context in the user’s section.

– You can define, set and access application attributes that you can use as a secure data cache.

• There is a pre-defined application context, “userenv”.

Page-16

Application Context

• One can create a customized application context and attributes.

– Say, each employee can access a portion of the Customers table, based on the job-position.

– For example, a clerk can access only the records of the customers who lives in a region assigned to him. But a manager can access any record.

– Suppose that the job-positions of employees are stored in a LDAP server (or in the Employee table).

– Such information can be accessed and cached in an application context when an employee logs in.

Page-17

VPD: Example

• Demo

Page-18

Agenda

• Protecting Data

– Encrypt stored data

– Mask data that is not used for production

– TDE

• Controlling data access

– Implementing the Virtual Private Database (VPD)

– Using Oracle Label Security (OLS)

• Summary

Page-19

Oracle Label Security

Joe

Fred

GRANT SELECT ON emp TO JOE;

REVOKE SELECT ON emp FROM FRED;

• Discretionary Access Control

Page-20

Oracle Label Security

Discretionary

access control

SQL request

OLS access

mediation

Select objectprivilege granted?

User clearance

dominatesdata row label?

Location Storage OLS Label

Nevada Conventional Sensitive

Montana Nuclear Highly Sens.

Colorado Medical Confidential

XX

Confidential

– The objects in the database can have rows that are labeled

– Access to rows is restricted on the basis of Oracle Label Security authorizations.

Page-21

How Sensitivity Labels Are Used

Labels Data

Users

Data sensitivity

Authorizations

Secret

Top Secret

Access mediation

Page-22

Oracle Label Security

• Demo

Page-23

Thank you !