Database Security

9 Key excerpts on "Database Security"

• 

  No longer available |Learn more

  Database Security

  Problems and Solutions

  • Christopher Diaz(Author)
  • 2022(Publication Date)
  • Mercury Learning and Information

    (Publisher)

  Data security has similar goals and objectives as information security—with the same fundamental principles of confidentiality, integrity, and availability. However, data security is often associated with only data that is at rest or saved in persistent storage, such as a magnetic disk, flash drive, or solid state device. Even though data security follows the same goals and objectives of information security, the goals are often much more focused on how to achieve and implement them. Such focus allows the goal to be more precisely defined and detailed in how the solution is achieved. As an example, to protect data against unauthorized modification (integrity), a data security approach may involve monitoring accesses to certain data to reveal who accesses the data as well as how the data is accessed. Such analysis can reveal anomalies to identify potential threats, such as when data is written unexpectedly (say, outside of normal work hours or outside of the expected processing pattern).

  1.4 Database Security

  “Database Security refers to the range of tools, controls, and measures designed to establish and preserve database confidentiality, integrity, and availability.”1 We can view Database Security to have the same objectives and principles as data security and information security, but within the scope or level of a database environment. This further focuses the choice, design, implementation, and configuration of controls available at the database level.

  Data confidentiality

  To achieve confidentiality in Database Security, we can employ controls such as privileges (which we cover in Chapter 5 , “Database Privileges“) and encryption of stored data (which we cover in Chapter 7 , “Other Database Security Controls”). Privileges are a database system control where the database system itself manages data access. As described earlier, encryption can provide confidentiality against agents that do not have the proper credentials and may be implemented by the database system, modules, or other programs.

  To achieve database integrity, in addition to checksums or hashing, we can use a range of controls that appear as early as the database design phase. This includes proper database design with normalization, defining referential integrity constraints, and identifying when concurrent access may occur. We cover database design and normalization approaches to help maintain data integrity in Chapter 2 , “Database Design,” and other data integrity controls in Chapter 8 , “Transactions for Data Integrity.” We also cover mechanisms that help maintain integrity when multiple applications and/or users access the same data in Chapter 9

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Relational Database Design and Implementation

  Clearly Explained

  • Jan L. Harrington(Author)
  • 2009(Publication Date)
  • Morgan Kaufmann

    (Publisher)

  Chapter 15. Database Security

  In our current computing environment, we usually think that the instant world-spanning access provided by the Internet is a good thing. However, that access has a dark side: those who would inadvertently or purposefully violate the security of our data. Security has always been a part of relational database management, but now it has become one of the most important issues facing database administrators.

  Another way to look at security is to consider the difference between security and privacy. Privacy is the need to restrict access to data, whether it be trade secrets or personal information that by law must be kept private. Security is what you do to ensure privacy.

  Many people view network security as having three goals:

  ▪ Confidentiality: Ensuring that data that must be kept private stay private.

  ▪ Integrity: Ensuring that data are accurate. For a security professional, this means that data must be protected from unauthorized modification and/or destruction.

  ▪ Availability: Ensuring that data are accessible whenever needed by the organization. This implies protecting the network from anything that would make it unavailable, including such events as power outages.

  One thing that makes data theft such a problem is that data can be stolen without anyone knowing about it. A good thief can get into a target system, copy the data, and exit without leaving a trace. Because copying digital data does not affect the source, examining the data won't reveal that any copying has taken place. An accomplished thief will also modify system log files, erasing any trace of the illegal entry.

  The popular media would have you believe that the source of most computer security problems is the “hacker.” However, if you ask people actually working in the field, they will tell you that nearly half the security breaches they encounter come from sources internal to an organization, and, in particular, employees. This means that it won't be sufficient to secure a network against external intrusion attempts; you must pay as much attention to what is occurring within your organization as you do to external threats. Databases in particular are especially vulnerable to internal security threats because direct access is typically provided only to employees.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Computer Security

  • Dieter Gollmann(Author)
  • 2011(Publication Date)
  • Wiley

    (Publisher)

  OBJECTIVES • Analyze the security issues that are specific to database systems. • Understand how views can be used for access control in a relational database. • Appreciate the problem of protecting information in statistical databases. • Give a brief outlook on the privacy issues that arise when processing personal data. 156 9 Database Security 9.1 I N T R O D U C T I O N A database is a collection of data, arranged in some meaningful way. A database management system (DBMS) organizes the data and gives users the means to retrieve information. If access to information were completely uncontrolled, a database would render a less useful service because it is quite likely that you would (be forced to) refrain from putting certain data into the database. For example, databases often hold information about individuals, be it employee records in a company, student records in a university, or tax records with the Inland Revenue. Many countries have enacted privacy legislation putting an organization maintaining such a database under an obligation to protect personal data. Therefore, from early on Database Security had an important place within computer security. It had a special place because Database Security is different from operating systems security. Here is the argument to back up this claim. Operating systems manage data. Users invoke operating systems functions to create a file, to delete a file, or to open a file for read or write access. None of these operations considers the content of a file. Quite appropriately, the same is true for access control decisions made by an operating system. Decisions depend on the identity of the user, permissions defined for the file, access control lists, security labels, etc., but not on the content of the file. This is not due to some fundamental security theorem, it is simply a reasonable engineering decision.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Implementing Database Security and Auditing

  • Ron Ben Natan(Author)
  • 2005(Publication Date)
  • Digital Press

    (Publisher)

  35 2 Database Security within the General Security Landscape and a Defense-in-Depth Strategy In Chapter 1 you saw some of the basic techniques and methods and you learned about hardening and patching—both critical for securing your database. In the chapters following this one, you’ll drill-down into several areas—each one important to ensure a protected database environment. In this chapter we’ll take a step back and look at the bigger picture of enter-prise security and how Database Security fits into this broad topic. A database is not an island. Most often it is a server deployed as a net-work node that provides persistence and transactional services to applica-tions. It is a networked service that waits for remote connections, authenticates connection requests, receives requests for data or operations on data, and services them. From this perspective it is similar to many other servers that exist on the corporate network (e.g., Web servers, e-mail servers, naming servers). While many other aspects make the database very different and very special servers (hence the need for a book that is focused on data-base security and auditing), this commonality does mean that many things can be learned from the security realm in general—things that can assist you when implementing Database Security. Even more important: any set of techniques that you use to secure your database will be more effective if they are aligned with and integrated with other security methods and processes employed within your organization. Security must be done throughout the organization and needs to address all infrastructure and applications. As a trivial example, there is no point in investing too much in Database Security if the database server sits in an inse-cure location where anyone can remove and take the disk.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Data Protection

  Governance, Risk Management, and Compliance

  • David G. Hill(Author)
  • 2016(Publication Date)
  • CRC Press

    (Publisher)

  114 Data Protection: Governance, Risk Management, and Compliance Data security implementations traditionally focused on defenses to man-made threats; that is, threats of human origin, whether intentional or not. For example, data security was concerned with stopping viruses that could corrupt data, but not with the corruption of a database table by an application. Yes, the result would be the same—corrupted data—but a secu-rity professional would deal with the virus, while a database professional would deal with the database corruption. However, that was then and not now. With today’s increased compliance and governance requirements, there is a need to ensure that data is preserved safely and is available for use. A security professional may not be able to perform a database administra-tor’s job of fixing database corruption but might well monitor and audit to ensure that the end result is an accurate and unspoiled database. So the def-inition of data security must be expanded to include all unacceptable threats to data and not just willful ones. Note that this task is complicated by the fact that many approaches to fixing database corruption (typically called “inaccurate” data) allow initial storage of inaccuracies, then “cleanse” the data as it is replicated to, say, a data warehouse. There is good reason for this—in many cases, data inaccu-racy can only be detected when data from multiple sources is combined— but the result is that data security must deal with a world in which both cor-rupt and accurate versions of the same data are permitted to coexist. In fact, all four basic objectives of data protection—data preservation, confidentiality, data availability, and data responsiveness—can benefit from improved data security. Although data security requirements were implicit in previous discussions—such as on compliance and governance—this chapter has more emphasis on data security and reexamines some basic con-cepts in that light.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Introduction to Database and Knowledge-Base Systems

  • S Krishna(Author)
  • 1992(Publication Date)
  • WSPC

    (Publisher)

  Chapter 8 Protection and Preservation of Databases A database is a valuable resource for any enterprise. The information a database contains would have been accumulated with considerable effort and expense over a period of time. As organizations increasingly become dependent on computers for their operational data storage, processing and decision making, preserving and protecting databases becomes a matter of critical importance. Further, access to databases is to be regulated and restricted in order to safeguard business, commercial, governmental con-fidentiality and individual privacy. We discuss the concept of a transaction and aspects of the integrity of a database in the next two sections. Database Security is considered in the following section. Techniques for database recovery from system crashes and other problems are considered in the last section. 8.1 Transactions The concept of a transaction is basic to much of the discussions on in-tegrity, recovery and concurrency control for database systems. Basic database operations are Retrieve, Insert, Delete and Modify. Application programs usually consist of a sequence of such operations. A transaction is a sequence of operations which characterizes the operation of a specific 198 Protection and Preservation of Databases application. A transaction is an execution of a program. More than one invocation of the same program code will be considered as many independent transac-tions. We require that a transaction represent a correct program. That is, if the database state was correct before commencement of the transaction and the transaction executes in isolation and completes its operations, it will leave the system again in a correct state. During intermediate stages of a transaction, this correctness may not be maintained.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Advances in Security in Computing and Communications

  • Jaydip Sen(Author)
  • 2017(Publication Date)
  • IntechOpen

    (Publisher)

  Comparative study of access control models. Advances in Security in Computing and Communications 88 3. Access control to databases 3.1. Mechanisms In a database context, a number of mechanisms can be enforced in a cooperative manner for ensuring the control of legitimate accesses and preventing unauthorized accesses. The diver-sity of access control mechanisms for database systems illustrates on the one hand the impor-tance of the access control for protecting sensitive data and services and on the other hand the difficulty and the complexity of defining a reliable access control solution. We present in the following a list of the principal access control mechanisms for database systems. • Passwords : a database management system allows to associate passwords for the identifica -tion of users and to enforce passwords for the activation of roles. • Privileges : a database management system allows defining a set of privileges for managing the empowerment of users. It provides system privileges and object privileges that allow users performing specific actions across the system and accessing database objects. • Views : a view represents an important and very useful mechanism for restricting access to data. It is a most common mechanism adopted by database management systems to sup-port content-based access control.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Architecting Secure Software Systems

  • Asoke K. Talukder, Manish Chaitanya(Authors)
  • 2008(Publication Date)
  • Auerbach Publications

    (Publisher)

  There are people in the networked world who are trying to build systems for various business and social goals, including governments that are building systems for good governance and help people to do things better. Also, there are people who try to break these systems for either fun or profit. To protect these systems from attack, we need secured and safe software systems. Building secured software system is a challenge. After all, to build a secured system one needs to understand what to secure, why to secure it, whom to secure it from, and finally how to secure it. Therefore, one needs to understand security as a whole, start-ing from security attacks to countermeasures. In this chapter we presented security, vulnerabilities, exploits, and attacks. We discussed various attacks that you as a programmer and an architect of a software system need to be aware of. Secure systems need secure programs that can protect the assets it guards and also protect itself. This is achieved through secured and safe programming. Building a secured system is not enough; the environment where the system is being deployed also needs to be secured. We, therefore, covered some aspects of peripheral security and security deploy-ment. Data are the main asset in a computer; this asset is mainly stored in databases. Therefore, the database needs to be secure. In this chapter we have taken Oracle database as an example and discussed principles of Database Security. We also discussed the CC and security standards. References 1. Global Information Infrastructure principles and framework architecture, ITU-T Recommendation Y.110, June 1998. 2. Wikipedia—the Free Encyclopedia, http://www.wikipedia.org. 3. SANS (SysAdmin, Audit, Network, Security) Institute, http://www.sans.org. 4. Open Source Software, http://sourceforge.net. 5. Tcpdump: http://www.tcpdump.org/. 6. Ethereal: http://www.ethereal.com/. Security in Software Systems 43 7. Libpcap (http://www.tcpdump.org).

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

  • Mike Chapple, James Michael Stewart, Darril Gibson(Authors)
  • 2021(Publication Date)
  • Sybex

    (Publisher)

  Isolation   The isolation principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. This prevents one transaction from working with invalid data generated as an intermediate step by another transaction.
• Durability   Database transactions must be durable. That is, once they are committed to the database, they must be preserved. Databases ensure durability through the use of backup mechanisms, such as transaction logs.
In the following sections, we'll discuss a variety of specific security issues of concern to database developers and administrators.

Security for Multilevel Databases

As you learned in Chapter 1 , many organizations use data classification schemes to enforce access control restrictions based on the security labels assigned to data objects and individual users. When mandated by an organization's security policy, this classification concept must also be extended to the organization's databases.

Multilevel security databases contain information at a number of different classification levels. They must verify the labels assigned to users and, in response to user requests, provide only information that's appropriate. However, this concept becomes somewhat more complicated when considering security for a database.

When multilevel security is required, it's essential that administrators and developers strive to keep data with different security requirements separate. Mixing data with different classification levels and/or need-to-know requirements, known as database contamination, is a significant security challenge. Often, administrators will deploy a trusted front end to add multilevel security to a legacy or insecure DBMS.

Restricting Access with Views

Another way to implement multilevel security in a database is through the use of database views. Views are simply SQL statements that present data to the user as if the views were tables themselves. Views may be used to collate data from multiple tables, aggregate individual records, or restrict a user's access to a limited subset of database attributes and/or records.