Bài giảng Database systems - 8. Functional dependencies & normalization

Challenges of Database Security (2)  Database Survivability: Database systems need to operate and continue their functions, even with reduced capabilities, despite disruptive events such as information warfare attacks.  Confinement.  Damage assessment.  Reconfiguration.  Repair.  Fault treatment.

pdf110 trang | Chia sẻ: vutrong32 | Lượt xem: 1338 | Lượt tải: 1download
Bạn đang xem trước 20 trang tài liệu Bài giảng Database systems - 8. Functional dependencies & normalization, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
DATABASE SYSTEMS Nguyen Ngoc Thien An FUNCTIONAL DEPENDENCIES & NORMALIZATION Spring 2014 Contents 2  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Reading Suggestion: [1] Chapter 24 Contents 3  Introduction to Database Security  Database Security Issues  Threats to Databases  Countermeasures  Database Security Mechanisms  Database Security and the DBA  Access Protection, User Accounts, and Database Audits  Sensitive Data Database Security Issues 4  Legal and ethical issues: privacy issues.  Policy issues: what a government or corporate entity allows or disallows.  System-related issues: handle a security issue at hardware, OS, DBMS level.  The need to identify multiple security levels: identify security levels and categorize the data and users based on these classifications (e.g.: top secret, secret, confidential, and unclassified). Threats to Databases 5  Threats: Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.  Threats to:  Computer systems.  Databases.  Threats to databases:  Loss of integrity.  Loss of availability.  Loss of confidentiality. 6 Threats to Computer Systems 7 Scope of Data Security Needs •Must protect databases & the servers on which they reside •Must administer & protect the rights of internal database users •Must guarantee the confidentiality of ecommerce customers as they access the database •With the Internet continually growing, the threat to data traveling over the network increases exponentially Contents 8  Introduction to Database Security  Database Security Issues  Threats to Databases  Countermeasures  Database Security Mechanisms  Database Security and the DBA  Access Protection, User Accounts, and Database Audits  Sensitive Data Countermeasures (1) 9  To protect databases against these types of threats, four main kinds of countermeasures (control measures) can be implemented:  Access control.  Inference control.  Flow control.  Data encryption. Countermeasures (2) 10  Access Control  The security mechanism of a DBMS which must include provisions for restricting access to the database as a whole.  Authentication: a mechanism that determines whether a user is who he or she claims to be.  Authorization: granting a right or privilege, which enables a subject to legitimately have access to a system or a system’s objects.  Access control is handled by creating user accounts and passwords to control login process by the DBMS. Countermeasures (3) 11  Inference Control  The countermeasures to statistical database security problem.  Statistical databases: used to provide statistical information or summaries of values based on various criteria.  Statistical database security must ensure:  Information about individuals cannot be accessed.  Cannot deduce or infer certain facts concerning individuals from queries that involve only summary statistics on groups. Countermeasures (4) 12  Flow control  Prevent information from flowing in such a way that it reaches unauthorized users.  Covert channels: channels that are pathways for information to flow implicitly in ways that violate the security policy of an organization. Countermeasures (5) 13  Data encryption  Protect sensitive data (e.g.: credit card numbers) that is being transmitted via some type communication network.  The data is encoded using some encoding algorithm.  An unauthorized user who access encoded data will have difficulty deciphering it, but authorized users are given decoding or decrypting algorithms (or keys) to decipher data. Contents 14  Introduction to Database Security  Database Security Issues  Threats to Databases  Countermeasures  Database Security Mechanisms  Database Security and the DBA  Access Protection, User Accounts, and Database Audits  Sensitive Data Database Security Mechanisms 15  A DBMS typically includes a database security and authorization subsystem that is responsible for ensuring the security portions of a database against unauthorized access.  Two types of database security mechanisms:  Discretionary security mechanisms.  Mandatory security mechanisms: users at certain classifications can access certain data. Database Security and the DBA (1) 16  The database administrator (DBA) is the central authority for managing a database system.  The DBA’s responsibilities include: Granting privileges to users who need to use the system.  Classifying users and data in accordance with the policy of the organization.  The DBA is responsible for the overall security of the database system. Database Security and the DBA (2) 17  The DBA has a DBA account in the DBMS.  Also called a system or superuser account.  These accounts provide powerful capabilities such as: 1. Account creation. 2. Privilege granting. 3. Privilege revocation. 4. Security level assignment.  Action 1 is access control, whereas 2 and 3 are discretionary and 4 is used to control mandatory authorization. Access Protection, User Accounts, and Database Audits (1) 18  Whenever a person or a group of persons needs to access a database system, the individual or group must first apply for a user account.  The DBA will then create a new account id and password for the user if if there is a legitimate need to access the database.  The user must log in to the DBMS by entering account id and password whenever database access is needed. Access Protection, User Accounts, and Database Audits (2) 19  The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session.  Modify system log to keep a record of all updates applied to the database and of the particular user who applied each update.  System log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash. Access Protection, User Accounts, and Database Audits (3) 20  If any tampering with the database is suspected, a database audit is performed.  A database audit consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period.  A database log that is used mainly for security purposes is sometimes called an audit trail. Sensitive Data (1) 21  Sensitivity of data is a measure of the importance assigned to the data by its owner for the purpose of denoting its need for protection.  Factors making data sensitive:  Inherently sensitive.  From a sensitive source.  Declared sensitive.  A sensitive attribute or sensitive record.  Sensitive in relation to previously disclosed data. Sensitive Data (2) 22  Information Security vs. Information Privacy:  Information Security: refer to many aspects of protecting a system from unauthorized use, including authentication of users, information encryption, access control, firewall policies, and intrusion detection.  Information Privacy: the ability of individuals to control the terms under which their personal information is acquired and used.  Privacy Issues and Privacy Preservation. Contents 23  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Contents 24  Discretionary Access Control  Account Level Privileges  Relation Level Privileges  Use Views  Propagation of Privileges  Trojan Horse Example DAC 25  Discretionary Access Control (DAC)  The typical method of enforcing discretionary access control in a database system is based on the granting and revoking privileges.  User can protect what they own.  Owners, DBA or selected users may grant access to others.  Owners, DBA or selected users can define the types of access (read/write/execute/) given to others.  In SQL:  Use GRANT statement for granting privileges.  Use REVOKE statement for revoking privileges. DAC - Types of Privileges 26  Types of discretionary privileges:  The account level (or system level)  At this level, the DBA specifies the particular privileges that each account holds independently of the relations in the database.  The relation level (or table level)  At this level, the DBA can control the privilege to access each individual relation or view in the database. DAC - Account Level 27  The privileges at the account level apply to the capabilities provided to the account itself.  E.g.:  The CREATE SCHEMA or CREATE TABLE privilege, to create a schema or base relation.  The CREATE VIEW privilege.  The ALTER privilege, to apply schema changes such adding or removing attributes from relations.  The DROP privilege, to delete relations or views.  The MODIFY privilege, to insert, delete, or update tuples.  The SELECT privilege, to retrieve information from the database by using a SELECT query. DAC - Relation Level (1) 28  Privileges at the relation level specify for each user the individual relations on which each type of command can be applied.  Some privileges also refer to individual columns (attributes) of relations.  Access Matrix Model: an authorization model for discretionary privileges.  The rows of a matrix M represent subjects (users, accounts, programs).  The columns represent objects (relations, records, columns, views, operations).  Each position M(i,j) in the matrix represents the types of privileges (read, write, update,) that subject i holds on object j. DAC - Relation Level (2) 29 O1 Oi Om S1 A[s1,o1] A[s1,oi] A[s1,om] Si A[si,o1] A[si,oi] A[si,om] Sn A[sn,o1] A[sn,oi] A[sn,om] DAC - Relation Level (3) 30  To control the granting and revoking of relation privileges, for each relation R in a database:  Its owner is given all privileges on that relation.  The owner account holder can pass privileges on any of the owned relation to other users by granting privileges to their accounts.  The owner account holder can also take back the privileges by revoking privileges from their accounts. DAC - Relation Level (4) 31  Types of privileges can be granted on each relation R:  SELECT (retrieval or read) privilege:  Give the retrieval privilege to the account .  The SELECT statement is used to retrieve tuples from R.  MODIFY privileges on R:  Give the account the capability to modify tuples of R.  Divided into UPDATE, DELETE, and INSERT privileges to apply the corresponding SQL command to R.  INSERT and UPDATE privileges can be granted on only certain attributes. DAC - Relation Level (5) 32  Types of privileges can be granted on each relation R (cont.):  REFERENCES privilege on R: Give the account the capability to reference relation R when specifying integrity constraints.  The privilege can also be restricted to specific attributes.  Notice: to create a view, the account must have SELECT privilege on all relations involved in the view definition. Contents 33  Discretionary Access Control  Account Level Privileges  Relation Level Privileges  Use Views  Propagation of Privileges  Trojan Horse Example DAC - Use Views 34  Specifying privileges through the use of views is an important discretionary authorization mechanism in its own right.  E.g.:  If the owner A of a relation R wants another account B to be able to retrieve only some fields of R,then A can create a view V of R that includes only those attributes and then grant SELECT on V to B.  The same applies to limiting B to retrieving only certain tuples of R. A view V’ can be created by defining the view by means of a query that selects only those tuples from R that A wants to allow B to access. Contents 35  Discretionary Access Control  Account Level Privileges  Relation Level Privileges  Use Views  Propagation of Privileges  Trojan Horse Example DAC - Propagation of Privileges (1) 36  Propagation of account level privileges:  Whenever an authorized user A grants an account level privilege to a user B, this privilege can be given to B with or without the ADMIN OPTION.  If the ADMIN OPTION is given, this means that B can also grant that privilege to other accounts with or without ADMIN OPTION. User A does not know about the propagation of that privilege to other users.  If the privilege is revoked from B, then accounts who have received that privilege from B still hold that privilge. DAC - Propagation of Privileges (2) 37  Propagation of relation level privileges:  Whenever an authorized user A grants a privilege on a relation R to a user B, this privilege can be given to B with or without the GRANT OPTION.  If the GRANT OPTION is given, this means that B can also grant that privilege on R to other accounts with or without GRANT OPTION. User A does not know about the propagation of that privilege on R to other users.  If the privilege on R is revoked from B, then that privilege on R is also revoked automatically from accounts who have received it from B. DAC - Propagation of Privileges (3) 38 DAC - Propagation of Privileges (4) 39  Techniques to limit the propagation of privileges have been developed, although they have not yet been implemented in most DBMSs and are not a part of SQL.  Limiting horizontal propagation to an integer number i means that an account B given the GRANT OPTION can grant the privilege to at most i other accounts.  Limiting vertical propagation is more complicated. It limits the depth of the granting of privileges. DAC - Propagation of Privileges (5) 40 Limit horizontal propagation DAC - Propagation of Privileges (6) 41 Limit vertical propagation DAC - An Example (1) 42  Suppose that the DBA creates 4 accounts: A1, A2, A3, A4.  For only A1 to be able to create base relations, DBA must issue the following GRANT command in SQL: GRANT CREATETAB TO A1;  DBA creates schema EXAMPLE and grants privileges on it to A1: CREATE SCHEMA EXAMPLE AUTHORIZATION A1; DAC - An Example (2) 43  A1 can create tables under the schema EXAMPLE.  A1 creates the 2 relations EMPLOYEE and DEPARTMENT so that A1 is the owner of these relations and hence have all the relation privileges on each of them. DAC - An Example (3) 44  A1 wants to grant A2 the privilegea to insert and delete tuples in both of these relations but does not want A2 to be able to propagate these privileges to other accounts: GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;  A1 wants to allow A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts. GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION; DAC - An Example (4) 45  A3 can grant the SELECT privilege on the EMPLOYEE relation to A4: GRANT SELECT ON EMPLOYEE TO A4;  Notice that A4 cannnot propagate the SELECT privilege because GRANT OPTION was not given to A4. DAC - An Example (5) 46  A1 decides to revoke the SELECT privilege on EMPLOYEE from A3: REVOKE SELECT ON EMPLOYEE FROM A3;  The DBMS must now automatically revoke the SELECT privilege on EMPLOYEE from A4, because A3 granted that privilege to A4 and A3 does not have the privilege any more. DAC - An Example (6) 47  A1 wants to give back A3 a limited capability to SELECT from the EMPLOYEE relation and allow A3 to be able to propagate the privilege.  The limitation is to retrieve only the NAME, BDATE, and ADDRESS attributes and only for the tuples with DNO = 5.  A1 then creates the view: CREATE VIEW A3_EMPLOYEE AS SELECT NAME, BDATE, ADDRESS FROM EMPLOYEE WHERE DNO = 5;  After the view is created, A1 can grant SELECT on the view A3_EMPLOYEE to A3 as follows: GRANT SELECT ON A3_EMPLOYEE TO A3 WITH GRANT OPTION; DAC - An Example (7) 48  A1 wants to allow A4 to update only the SALARY attribute of EMPLOYEE: GRANT UPDATE ON EMPLOYEE (SALARY) TO A4;  The UPDATE and INSERT privileges can specify particular attributes that may be updated or inserted in a relation.  Other privileges (SELECT, DELETE) are not attribute specific. Contents 49  Discretionary Access Control  Account Level Privileges  Relation Level Privileges  Use Views  Propagation of Privileges  Trojan Horse Example DAC 50  Advantages  Govern the access to the information on the basic of discretionary protection policies  flexible.  Suitable for various types of systems and applications.  Be widely used in a variety of implementations, especially in the commercial and industrial environments.  Disadvantages  The main drawback is vulnerability to malicious attacks:  Allow information from an object which can be read by a subject to be written to any other objects.  E.g.: Bob is denied access to file A, so he asks cohort Alice to copy A to B that he can access.  Suppose the users are trusted not to do this deliberately, it is still possible for Trojan Horses to copy information from one object to another. Trojan Horse Example (1) 51 Trojan Horse Example (2) 52 Trojan Horse Example (3) 53 Contents 54  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Contents 55  Mandatory Access Control  Bell-LaPadula Model  Multilevel Relation  Comparing DAC and MAC MAC - Introduction 56  DAC has traditionally been the main security mechanism for relational database systems.  All-or-nothing method: A user either has or does not have a certain privilege.  Mandatory Access Control (MAC)  Applied to large amounts of information requiring strong protect in environments where both the system data and users can be classified clearly.  A mechanism for enforcing multiple level of security: classify data and users based on security classes.  It would typically be combined with the DAC. MAC - Bell-LaPadula Model 57  Bell-LaPadula Model  Common multilevel security model.  Classify each subject (user, account, program) and object (relation, tuple, column, view, operation) into one security classification.  Class(S): clearance (classification) of a subject S.  Reflect the user’s degree of trust.  Class(O): classification of an object O.  Reflect the sensitivity of the information.  Grant access to data based on subject clearance and object classification.  Principles: no read-up & no write-down secrecy. MAC - Classification Levels 58  Typical classification levels are:  Top secret (TS)  Secret (S)  Confidential (C)  Unclassified (U) Where TS is the highest level and U is the lowest: TS ≥ S ≥ C ≥ U MAC - Properties 59  Simple security property (ss-property): A subject S is not allowed to read an object O unless class(S) ≥ class(O)  No read-up  Star property (or * property): A subject S is not allowed to write an object O unless class(S) ≤ class(O)  No write-down  These restrictions together ensure that there is no direct flow of information from high secure objects to low ones!!! MAC - Why Star Property? (1) 60 MAC - Why Star Property? (2) 61 MAC - Why Star Property? (3) 62 Contents 63  Mandatory Access Control  Bell-LaPadula Model  Multilevel Relation  Comparing DAC and MAC MAC - Multilevel Relation (1)  Multilevel relation: MAC + relational database model  Deal with multilevel data.  Data objects: attributes, tuples.  A multilevel relation is represented by a schema: R (A1,C1,A2,C2, , An,Cn,TC)  Each data attribute Ai is associated with a classification attribute Ci .  Each tuple is associated with a tuple classification attribute TC.  TC is equal to the highest of all attribute classification values.  The apparent key of a multilevel relation is the set of attributes that would have formed the primary key in a regular (single-level) relation. 64 MAC - Multilevel Relation (2) 65  Subjects with different classes may retrieve data from a multilevel relation but will see different versions that data. EMPLOYEE S > C > U Name Salary JobPerformance TC Smith U 40000 C Fair S S Brown C 80000 S Good C S MAC - Multilevel Relation (3) 66  A user with security level S EMPLOYEE S > C > U Name Salary JobPerformance TC Smith U 40000 C Fair S S Brown C 80000 S Good C S SELECT * FROM EMPLOYEE Smith U 40000 C Fair S S Brown C 80000 S Good C S MAC - Multilevel Relation (4) 67  A user with security level C EMPLOYEE S > C > U Name Salary JobPerformance TC Smith U 40000 C Fair S S Brown C 80000 S Good C S SELECT * FROM EMPLOYEE Smith U 40000 C Null C C Brown C Null C Good C C MAC - Multilevel Relation (5) 68  A user with security level U EMPLOYEE S > C > U Name Salary JobPerformance TC Smith U 40000 C Fair S S Brown C 80000 S Good C S SELECT * FROM EMPLOYEE Smith U Null U Null U U MAC - Multilevel Relation (6)  A multilevel relation appears to contain different data to subjects with different clearance levels.  It may store a single tuple at a higher classification level and produce the corresponding tuples at lower-level classifications through a process known as filtering.  Sometimes it must store two or more tuples at different classification levels with the same apparent key value. 69 MAC - Multilevel Relation (7) 70  Integrity rules for multilevel relation:  Entity integrity.  Null integrity and interinstance integrity.  Polyinstantiation. MAC - Multilevel Relation (8) 71  Entity integrity  All attributes that are members of the apparent key:  Must not be null.  And must have the same security classification within each individual tuple.  All the other attribute values in the tuple:  Must have a security classification greater than or equal to that of the apparent key.  This constraint ensures that a user can see the key if the user is permitted to see any part of the tuple at all. MAC - Multilevel Relation (9) 72  Null integrity and interinstance integrity  Ensure that if a tuple value at some security level can be filtered (derived) from a higher-classified tuple, then it is sufficient to store the higher- classified tuple in the multilevel relation.  Polyinstantiation  Where several tuples can have the same apparent key value but have different attribute values for users at different classification levels. MAC - Multilevel Relation (10) 73  A user with security level C Name Salary JobPerformance TC Smith U 40000 C Fair S S Brown C 80000 S Good C S Smith U 40000 C Null C C Brown C Null C Good C C  A user with security level C tries to update the value of JobPerformance of Smith to ‘Excellent’: UPDATE EMPLOYEE SET JobPerformance = ‘Excellent’ WHERE Name = ‘Smith’; Errors? MAC - Multilevel Relation (11) 74 Name Salary JobPerformance TC Smith U 40000 C Fair S S Smith U 40000 C Excellent C C Brown C 80000 S Good C S Contents 75  Mandatory Access Control  Bell-LaPadula Model  Multilevel Relation  Comparing DAC and MAC DAC vs. MAC 76  Mandatory policies:  Ensure a high protection degree by preventing any illegal flow of information.  Being too rigid  Only applicable in limited environments.  Discretionary policies:  Offer a better trade-off between security and applicability.  Be preferred in many practical situations. Contents 77  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security RBAC (1) 78  Role-Based Access Control (RBAC)  A viable alternative to traditional DAC and MAC.  Emerged rapidly in the 1990s as a proven technology for managing and enforcing security in large-scale enterprisewide systems.  Many DBMSs have allowed the concept of roles, where privileges can be assigned to roles. RBAC (2) 79  Role-Based Access Control (RBAC)  Permissions are associated with roles, and users are assigned to appropriate roles.  Roles can be created using the CREATE ROLE and DESTROY ROLE commands.  The GRANT and REVOKE commands are used to assign and revoke privileges from roles.  Role hierarchy in RBAC is a natural way of organizing roles to reflect the organization’s lines of authority and responsibility. Contents 80  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Contents 81  Encryption & Public Key Infrastructure (PKI)  Terminology  Classification  DES, AES, RSA  Digital Signatures  Public Key Infrastructure Encryption - Terminology 82  Encryption / Decryption: the process of the making / breaking of “secret codes”.  Cipher: an algorithm for performing encryption or decryption.  Plaintext: a message input needing protecting. It may or may not be intelligible.  Ciphertext: the result of encryption performed on plaintext.  Cryptosystem = encryption + decryption algorithms.  Encryption and decryption processes need keys. Encryption - Classification (1)  Symmetric cryptosystems: 𝐾𝐸 = 𝐾𝐷  Asymmetric cryptosystems: 𝐾𝐸 ≠ 𝐾𝐷 83 Cryptosystem Hello, This content is confidential ................... 01000100.. . À¿¾«§¶   .. Encryption Decryption KE KD Plaintext Ciphertext Encryption - Classification (2) 84  Asymmetric cryptosystems  Also called Public-key cryptosystems.  Use two different keys for (en/de)cryption algorithms.  Public key & Private key.  More secure but expensive in terms of computational costs.  Symmetric cryptosystems  Use the same key for (en/de)cryption algorithms.  Symmetric key = Shared-secret-key.  Faster than encryption and decryption in public-key cryptosystems.  Less security comparing to encryption and decryption in public-key cryptosystems. Encryption - Classification (3)  Symmetric cryptosystems:  Stream ciphers: A5/1, RC4.  Block ciphers: DES, Triple DES, AES.  Asymmetric cryptosystems:  RSA, DSA.  Secret Key Establishment.  Digital Signatures.  Digital Certificate. 85 Contents 86  Encryption & Public Key Infrastructure (PKI)  Terminology  Classification  DES, AES, RSA  Digital Signatures  Public Key Infrastructure Encryption - DES 87  DES (Data Encryption Standard)  Published by the USA’s National Bureau of Standards (NBS).  Be used as the encryption standard for unclassified data (information not concerned with national security).  A message is divided into 64-bit blocks.  Key: 56 bits  Brute-force (exhaustive key search) attack in some hours  Today, it’s too small.  Triple DES: run the DES algorithm a multiple number of times using different keys  Encryption: 𝒄 ← 𝓔𝒌𝟏(𝓓𝒌𝟐(𝓔𝒌𝟏(𝒎)))  Decryption: 𝒎 ← 𝓓𝒌𝟏(𝓔𝒌𝟐(𝓓𝒌𝟏(𝒄)))  The triple DES can also use three different keys. Encryption - AES 88  AES (Advanced Encryption Standard / Rijndael)  Chosen and introduced by the National Institute of Standards and Technology (NIST) (known as NBS before).  Be secure and can be implemented efficiently.  The new encryption standard to replace for DES and multiple encryption (as Triple DES) Reduce the cost of managing keys. Simplify the design of security protocols and systems.  A block cipher with a variable block size and variable key size.  The key size and the block size can be independently specified to 128, 192 or 256 bits  The enlarged and variable key and data-block sizes can accommodate a wide spectrum of security strengths for various application needs. Encryption - RSA 89  RSA (named after 3 inventors Rivest, Shamir and Adleman)  Public key is used for encrytion.  Private key is used for decrytion. Encryption - Hybrid Scheme 90  Hybrid scheme  Asymmetric technique: establish a symmetric key.  Symmetric technique: encrypt data by that symmetric key. Sender Receiver Encrypted message using a symmetric key Use public key of receiver to encrypt the message encryption key Contents 91  Encryption & Public Key Infrastructure (PKI)  Terminology  Classification  DES, AES, RSA  Digital Signatures  Public Key Infrastructure Digital Signatures (1) 92  Digital Signature: a message signed with a user's private key and can be verified by anyone who has access to the user's public key.  Thus:  Authentication: Anyone with the user’s public key can verify his digital signature  Easy to verify who is the owner of the message.  Data integrity: The message cannot be modified without being detected during decryption time  Verify whether the message is modified or not.  Non-repudiation: Only the holder of the private key can digitally sign  Prevent the sender from claiming that he did not actually send the information. Digital Signatures (2) 93 Simple Digital Signatures Digital Signatures (3) 94 Secure Digital Signatures Contents 95  Encryption & Public Key Infrastructure (PKI)  Terminology  Classification  DES, AES, RSA  Digital Signatures  Public Key Infrastructure Public Key Infrastructure (1) 96  Public Key Infrastructure (PKI)  The sum total of everything required to securely use public key crypto.  Digital Certificate  Also called Identity Certificate, or Public Key Certificate.  An electronic document which is used to verify that a public key belongs to an individual.  Use a digital signature to bind a public key with an identity.  In most situations the certificate must be signed by a Certificate Authority (CA), which acts as a trusted third party. Public Key Infrastructure (2) 97  Each digital certificate contains basic information:  The owner’s identity: information such as the name of a person or an organization, their address or their server address, and so forth.  The owner’s public key.  The date of issue of the certificate.  Valid time (‘Valid From’ and ‘Valid To’ dates).  Name and URL of the CA.  The digital signature of the issuing CA. CA Public Key Infrastructure (3) 98 Sender S Receiver R Certificate Authority (CA) Encrypted message using a symmetric key Use R’s public key to encrypt the message encryption key 3 - Send data 4 - Receive data & decrypt it TRUSTED How does PKI work? Public Key Infrastructure (4) 99  A digital certificate can be revoked if:  Its private key is compromised.  The relationship of the public key and the owner is changed.  A certificate was issued in error.  Use the Certificate Revocation List.  The largest commercial source for certificates is VeriSign. Contents 100  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Common Attacks on Databases 101  Some of quite frequent attacks on databases:  Unauthorized Privilege Escalation.  Privilege Abuse.  Denial of Service (DOS attack).  Weak Authentication.  SQL Injection. Contents 102  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security SQL Injection (1) 103  SQL Injection Attack  Web programs and applications that access a database can send commands and data to the database.  The attacker injects a string input through the application, which changes or manipulates the SQL statement to the attacker’s advantage. Most commonly done directly through web forms, but can be directed through URL hacking. SQL Injection (2) 104  SQL Injection  Exploit a security vulnerability in application.  Authentication bypass, information disclosure, compromised data integrity.  Harm the database  Unauthorized manipulation of the database, or retrieval of sensitive data.  Execute system level commands that may cause the system to deny service to the application. SQL Injection (3) 105  Consider an embedded code: $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘ “$_INPUT(‘prod_search’)” ’ ”  User enters the following: blah’ OR ‘x’ = ‘x’  SQL statement created: SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’ OR ‘x’ = ‘x’; SQL Injection (4) 106  A more serious problem, a user enters: blah'; DROP TABLE prodinfo;  SQL statement created: SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’; DROP TABLE prodtable;  Another example: SELECT * FROM Users WHERE username = ‘John’ and (PASSWORD = ‘JohnPass’ or ‘x’ = ‘x’); Contents 107  Introduction to Database Security  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC)  Encryption & Public Key Infrastructure (PKI)  Common Attacks on Databases  SQL Injection  Challenges of Database Security Challenges of Database Security (1) 108  Data Quality  Need techniques and organizational solutions to assess and attest the quality of data.  Need techniques providing more effective integrity semantics verification.  Need tools for the assessment of data quality.  Intellectual Property Rights  Digital watermarking techniques. Challenges of Database Security (2) 109  Database Survivability: Database systems need to operate and continue their functions, even with reduced capabilities, despite disruptive events such as information warfare attacks.  Confinement.  Damage assessment.  Reconfiguration.  Repair.  Fault treatment. Q & A 110

Các file đính kèm theo tài liệu này:

  • pdf8_database_security_861.pdf