Computer Security:

Principles and Practice

Chapter 5: Database Security

Database Security

2
Relational Databases
• Constructed from tables of data
– each column holds a particular type of data
– each row contains a specific value these
– ideally has one column where all values are
unique, forming an identifier/key for that row
• Have multiple tables linked by identifiers
• use a query language to access data items
meeting specified criteria

3
A relational database example

4
Relational database terms

• Relation/table/file
• Tuple/row/record
• Attribute/column/field
• Primary key: uniquely identifies a row
• Foreign key: links one table to attributes in
another
• View/virtual table: Result of a query that
returns selected rows and columns from
one or more tables

5
Abstract view of a relation

6
Relational Database Elements

7
 Structured Query Language
• Structure Query Language (SQL)
– originally developed by IBM in the mid-1970s
– standardized language to define, manipulate,
and query data in a relational database
– several similar versions of ANSI/ISO standard
CREATE TABLE department ( CREATE VIEW newtable (Dname, Ename, Eid, Ephone)
Did INTEGER PRIMARY KEY, AS SELECT D.Dname E.Ename, E.Eid, E.Ephone
Dname CHAR (30), FROM Department D Employee E
Dacctno CHAR (6) )
WHERE E.Did = D.Did

CREATE TABLE employee (

Ename CHAR (30),
Did INTEGER,
SalaryCode INTEGER,
Eid INTEGER PRIMARY KEY,
Ephone CHAR (10),
FOREIGN KEY (Did) REFERENCES department (Did) )

8
Database Access Control

• DBMS provide access control for database

• assume have authenticated user
• DBMS provides specific access rights to portions
of the database
– e.g. create, insert, delete, update, read, write
– to entire database, tables, selected rows or columns
– possibly dependent on contents of a table entry
• can support a range of policies:
– centralized administration
– ownership-based administration
– decentralized administration

9
SQL Access Controls
• If the user has access to the entire database or
just portions of it
• Two commands:
– GRANT {privileges | role} [ON table] TO {user |
role | PUBLIC} [IDENTIFIED BY password] [WITH
GRANT OPTION]
• e.g. GRANT SELECT ON ANY TABLE TO john
– REVOKE {privileges | role} [ON table] FROM
{user | role | PUBLIC}
• e.g. REVOKE SELECT ON ANY TABLE FROM john
– WITH GRANT OPTION: whether grantee can grant
“GRANT” option to other users
• Typical access rights are:
– SELECT, INSERT, UPDATE, DELETE, REFERENCES

10
Cascading Authorizations

• Bob revokes the access rights

11
Role-Based Access Control
• Role-based access control work well for
DBMS
– eases admin burden, improves security
• Categories of database users:
– application owner
– end user
– administrator
• DB RBAC must manage roles and their
users

12
Inference

13
Inferential attack (gathering
info)
• There is no actual transfer of data, but the
attacker is able to reconstruct the
information by sending particular requests
and observing the resulting behavior of
the Website/database server
– Illegal/logically incorrect queries: lets an
attacker gather important information about
the type and structure of the backend
database of a Web application

14
Inference Example

15
Inference Countermeasures
• Inference detection at database design
– alter database structure or access controls
• Inference detection at query time
– by monitoring and altering or rejecting queries

16
Statistical Databases

• Provides data of a statistical nature

– e.g. counts, averages
• Two types:
– pure statistical database
– ordinary database with statistical access
• some users have normal access, others statistical
• Access control objective to allow statistical
use without revealing individual entries
• Security problem is one of inference

17
Statistical Database Security
• use a characteristic formula C
– a logical formula over the values of attributes
– e.g. (Sex=Male) AND ((Major=CS) OR (Major=EE))
• query set X(C) of characteristic formula C,
is the set of records matching C
• a statistical query is a query that produces
a value calculated over a query set

18
Statistical Database Example

19
Protecting
Against
Inference

20
 Tracker Attacks
• count(C.D) = 0/1; so this query is not permitted
• divide queries into parts
– C = C1.C2 such that query sets for C1 and T =
(C1.~C2) satisfy the query size restrictions
– count(C) = count(C1) - count (C1. ~C2)
= count(C1) – count (T)
• combination is called a tracker
• count (C.D) = count(T+C1.D) – count(T)

21
Other Query Restrictions

• query set overlap control

– limit overlap between new & previous queries
– has problems and overheads
• partitioning
– cluster records into exclusive groups
– only allow queries on entire groups
• query denial and information leakage
– denials can leak information
– to counter must track queries from user

22
Perturbation
• Add noise to statistics generated from data
– will result in differences in statistics
• Data perturbation techniques
– data swapping
– generate statistics from probability distribution
• Output perturbation techniques
– random-sample query
– statistic adjustment
• Must minimize loss of accuracy in results

23
Database Encryption

• Databases is a valuable information resource

– protected by multiple layers of security: firewalls,
authentication, O/S access control systems, DB access
control systems, and database encryption
• Can encrypt
– entire database - very inflexible and inefficient
– individual fields - simple but inflexible
– records (rows) or columns (attributes) - best
• also need attribute indexes to help data retrieval
• Varying trade-offs

24
Summary
• Introduced databases and DBMS
• Relational databases
• Database access control issues
– SQL, role-based
• Inference
• Statistical database security issues
• Database encryption
• Cloud security

25