Chapter 5 - Database_38ab1f2b76aacfe294c0119da86ff0a5.pdf

Full Transcript

Computer Security: Principles and Practice
Fifth Edition

Chapter 5
Database and Data Center
Security

Copyright © 2024, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Databases
Structured collection of data Database management
stored for use by one or more system (DBMS)
applications Suite of programs for
Contains the relationships constructing and
between data items and maintaining the
groups of data items database
Can sometimes contain Offers ad hoc query
sensitive data that needs to be facilities to multiple
secured users and applications
Query language
Provides a uniform
interface to the database
for users and applications
Figure 5.1
DBMS Architecture
Relational Databases
Table of data consisting of rows and columns
Each column holds a particular type of data
Each row contains a specific value for each column
Ideally has one column where all values are unique,
forming an identifier/key for that row
Enables the creation of multiple tables linked together by
a unique identifier that is present in all tables
Use a relational query language to access the database
Allows the user to request data that fit a given set of
criteria
Figure 5.2
Example Relational Database Model
A relational database uses multiple tables related to one another by a
designated key; in this case, the key is the PhoneNumber field.
Relational Database Elements
Relation Primary key
Table/file Uniquely identifies a row
Tuple Consists of one or more column
Row/record names
Attribute Foreign key
Column/field Links one table to attributes in
another
View/virtual table
Result of a query that returns
selected rows and columns from one
or more tables
Views are often used for security
purposes
Table 5.1
Basic Terminology for Relational Databases

Formal Name Common Name Also Known As
Relation Table File
Tuple Row Record
Attribute Column Field
Figure 5.4
Relational Database Example
 Database Security
Reasons database security has not kept pace with the increased
reliance on databases are:
There is imbalance between the complexity of modern database
management systems (DBMS) and the security technique used
to protect these critical systems
Databases have a sophisticated interaction protocol, Structured
Query Language (SQL), which is complex
Effective database security requires a strategy based on a full
understanding of the security vulnerabilities of SQL
The typical organization lacks full-time database security
personnel
Most enterprise environments consist of a heterogeneous mixture
of database platforms, enterprise platforms, and OS platforms,
creating an additional complexity hurdle for security personnel
The increasing reliance on cloud technology to host part or all of
the corporate database
Structured Query Language (SQL)
Standardized language to define schema, manipulate, and
query data in a relational database
Several similar versions of ANSI/ISO standard
All follow the same basic syntax and semantics
SQL statements can be used to:
Create tables
Insert and delete data in tables
Create views
Retrieve data with query statements
SQL Injection Attacks (SQLi)
One of the most Most common attack goal is
prevalent and bulk extraction of data
dangerous network- Depending on the
based security threats environment SQL injection
Designed to exploit the can also be exploited to:
nature of Web Modify or delete data
application pages Execute arbitrary
Sends malicious SQL operating system
commands to the commands
database server Launch denial-of-service
(DoS) attacks
Figure 5.5
Typical SQL Injection Attack
Injection Technique
The SQLi attack typically works by prematurely
terminating a text string and appending a new command
Because the inserted command may have additional
strings appended to it before it is executed the
attacker terminates the injected string with a comment
mark “- -”
Subsequent text is ignored at execution time
 SQLi Example

Try it yourself
Visit the Altoro Mutual Banking (Note:
this is a test application and not an actual bank website):

1. Try to log in first using any username
and password, you will receive a typical
2. Try to log in again and enter the
following for the username: ‘ or 1=1 - -
3. Enter any password for the Password
field.
SQLi Attack Avenues (1 of 2)
User input
Attackers inject SQL commands by providing suitable
crafted user input
Server variables
Attackers can forge the values that are placed in HTTP
and network headers and exploit this vulnerability by
placing data directly into the headers
Second-order injection
A malicious user could rely on data already present in
the system or database to trigger an SQL injection
attack, so when the attack occurs, the input that
modifies the query to cause an attack does not come
from the user, but from within the system itself
SQLi Attack Avenues (2 of 2)
Cookies
An attacker could alter cookies such that when the
application server builds an SQL query based on the
cookie’s content, the structure and function of the
query is modified
Physical user input
Applying user input that constructs an attack outside
the realm of web requests
Inband Attacks
Uses the same communication channel for injecting SQL code and
retrieving results
The retrieved data are presented directly in application webpage
Include:
Tautology
▪ This form of attack injects code in one or more conditional
statements so that they always evaluate to true
End-of-line comment
▪ After injecting code into a particular field, legitimate code that
follows is nullified through the use of end of line comments
Piggybacked queries
▪ The attacker adds additional queries beyond the intended
query, piggybacking the attack on top of a legitimate request
Inferential Attack
There is no actual transfer of data, but the attacker is able to reconstruct the
information by sending particular requests and observing the resulting
behavior of the Website/database server
Include:
Illegal/logically incorrect queries
▪ This attack lets an attacker gather important information about the
type and structure of the backend database of a Web application
▪ The attack is considered a preliminary, information-gathering step for
other attacks
Blind SQL injection
▪ Allows attackers to infer the data present in a database system even
when the system is sufficiently secure to not display any erroneous
information back to the attacker
Out-of-Band Attack
Data are retrieved using a different channel
This can be used when there are limitations on
information retrieval but outbound connectivity from the
database server is lax
SQLi Countermeasures
Three types:
Defensive coding
▪ Manual defensive coding practices
▪ Parameterized query insertion
▪ SQL D OM
Detection
▪ Signature based
▪ Anomaly based
▪ Code analysis
Run-time prevention
▪ Check queries at runtime to see if they conform to a model of
expected queries
Database Access Control
Database access control Can support a range of administrative policies
system determines: Centralized administration
If the user has access ▪ Small number of privileged users
to the entire database may grant and revoke access rights
or just portions of it
Ownership-based administration
What access rights
the user has (create, ▪ The creator of a table may grant and
insert, delete, update, revoke access rights to the table
read, write) Decentralized administration
▪ The owner of the table may grant
and revoke authorization rights to
other users, allowing them to grant
and revoke access rights to the table
SQL Access Controls
Two commands for managing access rights:
Grant
▪ Used to grant one or more access rights or can be used
to assign a user to a role
Revoke
▪ Revokes the access rights
Typical access rights are:
Select
Insert
Update
Delete
References
Figure 5.6
Bob Revokes Privilege From David
Role-Based Access Control (RBAC) (1 of 2)
Role-based access control eases administrative burden
and improves security
A database RBAC needs to provide the following
capabilities:
Create and delete roles
Define permissions for a role
Assign and cancel assignment of users to roles
Role-Based Access Control (RBAC) (2 of 2)
Categories of database users:
Application owner
▪ An end user who owns database objects as part of
an application
End user
▪ An end user who operates on database objects via
a particular application but does not own any of the
database objects
Administrator
▪ User who has administrative responsibility for part
or all of the database
Table 5.2
Fixed Roles in Microsoft SQL Server
Figure 5.7
Indirect Information Access Via Inference Channel
Figure 5.8 (1 of 2)
Inference Example
(a) Inventory table
Item Availability Cost ($) Department
Shelf support in-store/online 7.99 hardware
Lid support online only 5.49 hardware
Decorative chain in-store/online 104.99 hardware
Cake pan online only 12.99 housewares
Shower/tub cleaner in-store/online 11.99 housewares
Rolling pin in-store/online 10.99 housewares

(b) Two views
Availability Cost ($) Item Department
in-store/online 7.99 Shelf support hardware
online only 5.49 Lid support hardware
in-store/online 104.99 Decorative chain hardware
Figure 5.8 (2 of 2)
Inference Example
(c) Table derived from combining query answers
Item Availability Cost ($) Department
Shelf support in-store/online 7.99 hardware
Lid support online only 5.49 hardware
Decorative chain in-store/online 104.99 hardware
Inference Detection

Two approaches
Inference detection during database design
▪ Approach removes an inference channel by altering the database
structure or by changing the access control regime to prevent
inference
▪ Techniques in this category often result in unnecessarily stricter
access controls that reduce availability
Inference detection at query time
▪ Approach seeks to eliminate an inference channel violation during a
query or series of queries
▪ If an inference channel is detected, the query is denied or altered
Database Encryption (1 of 2)
The database is typically the most valuable information
resource for any organization
Protected by multiple layers of security
▪ Firewalls, authentication, general access control
systems, DB access control systems, database
encryption
▪ Encryption becomes the last line of defense in
database security
Can be applied to the entire database, at the record
level, the attribute level, or level of the individual field
Database Encryption (2 of 2)

Disadvantages to encryption:
Key management
▪ Authorized users must have access to the
decryption key for the data for which they have
access
Inflexibility
▪ When part or all of the database is encrypted it
becomes more difficult to perform record searching
Figure 5.9
A Database Encryption Scheme
Figure 5.10
Encryption Scheme for Database of Figure 5.3
Table 5.3
Encrypted Database Example
(a) Employee Table
eid ename salary addr did
23 Tom 70K Maple 45
860 Mary 60K Main 83
320 John 50K River 50
875 Jerry 55K Hopewell 92

(b) Encrypted Employee Table with Indexes
E(k, B) I(eid) I(ename) I(salary) I(addr) I(did)
1100110011001011... 1 10 3 7 4
0111000111001010... 5 7 2 7 8
1100010010001101... 2 5 1 9 5
0011010011111101... 5 5 2 4 9
Data Center Security
Data center:
An enterprise facility that houses a large number of servers, storage
devices, and network switches and equipment
The number of servers and storage devices can run into the tens of
thousands in one facility
Generally includes redundant or backup power supplies, redundant
network connections, environmental controls, and various security
devices
Can occupy one room of a building, one or more floors, or an entire
building
Examples of uses include:
Cloud service providers
Search engines
Large scientific research facilities
IT facilities for large enterprises
Figure 5.11
Key Data Center Elements
Figure 5.12
Data Center Security Model

Data Encryption, Password policy, Secure IDs, Data Protection
Security (ISO 27002), Data masking, Data retention, etc.

Network Firewalls, Anti-virus, Intrusion detection/prevention,
Security Authentication, etc.

Physical Surveillance, Mantraps, Two/three factor authentication,
Security Security zones, ISO 27001/27002, etc.

Site Setbacks, Redundant utilities Landscaping, Buffer zones,
Security Crash barriers, Entry points, etc.
TIA-492 (1 of 2)

The Telecommunications Industry Association (TIA)
TIA-492 (Telecommunications Infrastructure Standard
for Data Centers) specifies the minimum requirements
for telecommunications infrastructure of data centers
TIA-492 (2 of 2)

Includes topics such as:
Network architecture
Electrical design
File storage, backup, and archiving
System redundancy
Network access control and security
Database management
Protection against physical hazards
Power management
Summary
The need for database security Database access control
Database management systems SQL-based access
Relational databases definition
Elements of a relational Cascading authorizations
database system Role-based access control
Structured Query Language Inference
SQL injection attacks Database encryption
A typical SQLi attack Data center security
The injection technique Data center elements
SQLi attack avenues and Data center security
types considerations
SQLi countermeasures TIA-492