Unit 9: Database Security LH 5

• Issues regarding the right to access information

• System related issues: system levels: physical hardware, Operating
system, DBMS level, Multiple security level.
• Categorization of data and users
• Loss of integrity, Loss of availability, Loss of confidentiality
• Access control, Inference control, flow control, data encryption.
Database Security

• Database security is the technique that protects and secures the

database against intentional or accidental threats. It includes a
multitude of processes, tools and methodologies that ensure security
within a database environment.

It enforces security on all aspects and components of databases.

• Data stored in database
• Database server
• Database management system (DBMS)
• Other database workflow applications
Issues regarding the right to access information
• Information access is the freedom or ability to identify, obtain and
make use of data or information effectively.
• Information access covers many issues including copyright, open
source, privacy, and security.
• Freedom of information is a fundamental human right .
• Private Information should be provided on the basis of
authorization and authentication.
• Public Information should be available to everyone.

• What kind of information should be make and should not be make

public.
• Social Networking Policies.
System Related Issues

• Databases are a key target for cybercriminals due to the often

valuable nature of sensitive information locked away inside.

• Whether the data is financial or holds intellectual property and

corporate secrets, hackers worldwide can profit from breaching a
businesses' servers and plundering databases.

• The top ten vulnerabilities often found in database-driven systems,

whether during the creation phase, through the integration of
applications or when updating and patching,

• System Related issue mainly arise at physical hardware level,

operating system or the DBMS level.
Physical hardware:
• Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events.
• This includes protection from fire, flood, natural disasters, burglary,
theft, vandalism and terrorism.
• Physical security has three important components:
– Access control,
– Surveillance and
– Testing.
• Obstacles should be placed in the way of potential attackers and
physical sites should be hardened against accidents, attacks or
environmental disasters.
• Disaster recovery policies and procedures should be tested on a
regular basis to ensure safety and to reduce the time it takes to
recover from disruptive man-made or natural disasters.
Operating System:
• No matter how secure the other part of the system is, weakness in
operating system security may serve as a means of unauthorized
access to the system.
• Each operating system provides security measures that you can use
to protect your database.
• But, if the operating system itself is non secure, then there is a
possibility for violation of security of database.
• Thus, security of operating system also plays vital role for
protecting the database.
• OS security may be approached in many ways, including the
following:
– Performing regular OS patch updates.
– Installing updated antivirus engines and software.
– Inspecting all incoming and outgoing network traffic through a
firewall.
– Creating secure accounts with required privileges only (i.e., user
management)
Multiple Security Level:
• Multilevel security or multiple levels of security (MLS) is the
application of a computer system to process information with
classifications (i.e., at different security levels).

• In MLS, users are cleared at different clearance levels such as

– Unclassified, Confidential, Secret and TopSecret.

• Multilevel security provides the capability to prevent

unauthorized users from accessing information at a higher
classification than their authorization, and prevents users from
declassifying information.

Multilevel security offers the following advantages:

– Multilevel security enforcement is mandatory and automatic.
– Multilevel security can use methods that are difficult to express
through traditional views or queries.
– Multilevel security does not rely on special views or database
variables to provide security control.
– Multilevel security controls are consistent and integrated across the
system.
• DBMS Level
• This architecture has three levels:
1. External level
2. Conceptual level
3. Internal level

1. External level
• It is also called view level. The reason this level is called “view” is
because several users can view their desired data from this level
which is internally fetched from database with the help of
conceptual and internal level mapping.

• The user doesn’t need to know the database schema details such as
data structure, table definition etc. user is only concerned about data
which is what returned back to the view level after it has been
fetched from database (present at the internal level).

• External level is the “top level” of the Three Level DBMS

Architecture.
2. Conceptual level
• It is also called logical level. The whole design of the database such
as relationship among data, schema of data etc. are described in this
level.
• Database constraints and security are also implemented in this level
of architecture. This level is maintained by DBA (database
administrator).

3. Internal level
• This level is also known as physical level. This level describes how
the data is actually stored in the storage devices. This level is also
responsible for allocating space to the data. This is the lowest level
of the architecture.
Categorization of data and users

Data classification is an important step in establishing a cyber security

management program.
It allows an organization to make managerial decisions about resource
allocation to secure data from unauthorized access.
This is generally done through a database or business intelligence
software that provides the ability to scan, identify and separate data.

Some examples and applications of data classification include:

• Separating customer data based on gender
• Identifying and keeping frequently used data in disk/memory cache
• Data sorting based on content/file type, size and time of data
• Sorting for security reasons by classifying data into restricted, public
or private data types.
• To be effective, a classification scheme should be simple enough that
all employees can execute it properly.
• Category 4: Highly sensitive corporate and customer data that if
disclosed could put the organization at financial or legal risk. o
Example: Employee social security numbers, customer credit card
numbers
•
• Category 3: Sensitive internal data that if disclosed could negatively
affect operations. o Example: Contracts with third-party suppliers,
employee reviews

• Category 2: Internal data that is not meant for public disclosure. o

Example: Sales rules, organizational charts

• Category 1: Data that may be freely disclosed with the public. o

Example: Contact information, price lists
Categorization of Database users:
There are two classes of DBMS users:
Actors on the Scene: Person whose job involves daily use of a large
database are:
➢Database administrator
➢Database designer
➢End users
➢System Analysts
➢Application programmers.

Workers behind the scene:

Persons whose job involves design, development, operation and
maintenance of the DBMS software are:
➢DBMS designers and implementers
➢Tool developers
➢Operator and maintenance personnel
Threats in a Database: Availability loss , Integrity loss, Confidentiality
Loss
• Availability loss − Availability loss refers to non-availability of database objects by
legitimate users.

• Primary methods that organizations use to protect against loss of availability are
fault tolerant systems, redundancies, and backups.

– Fault tolerance refers to the ability of a system (computer, network, cloud

cluster, etc.) to continue operating without interruption when one or more of
its components fail. It should be able to handle hardware failure, OS failure and
Database Failure

– Distributed Database: A distributed database is a database that consists of

two or more files located in different sites either on the same network
or on entirely different networks.

– Backups: Important data is backed up and can be restored if the original data
becomes corrupt.
Integrity loss:
Integrity loss occurs when unacceptable operations are performed upon
the database either accidentally or maliciously. This may happen while
creating, inserting, updating or deleting data. It results in corrupted data
leading to incorrect decisions.

Data integrity may be compromised through:

• Human error, whether malicious or unintentional
• Transfer errors, including unintended alterations or data compromise
during transfer from one device to another
• Bugs, viruses/malware, hacking, and other cyber threats
• Compromised hardware, such as a device or disk crash
• Physical compromise to devices
Use the following checklist to preserve data integrity and minimize risk
for your organization:

• Validate Input: When your data set is supplied by a known or

unknown source (an end-user, another application, a malicious user,
or any number of other sources) you should require input validation.
That data should be verified and validated to ensure that the input is
accurate.

• Validate Data: It’s critical to certify that your data processes

haven’t been corrupted. Identify specifications and key attributes
that are important to your organization before you validate the data.

• Remove Duplicate Data: Sensitive data from a secure database can

easily find a home on a document, spreadsheet, email, or in shared
folders where employees without proper access can see it. It’s
prudent to clean up stray data and remove duplicates.
• Confidentiality loss − Confidentiality loss occurs due to
unauthorized or unintentional disclosure of confidential information.
It may result in illegal actions, security threats and loss in public
confidence.

We can secure Confidentiality by following methods

• Encrypt sensitive files.
• Manage data access.
• Physically secure devices and paper documents.
• Securely dispose of data, devices, and paper records.
• Manage data utilization, acquisition and devices.
• There are four main control measures used to provide security of
data in databases.
Access Control:
• Access control is a way of limiting access to a system or to physical
or virtual resources.
• In DBMS, access control is a process by which database users are
granted access and certain privileges to systems, resources or
information.
• Users must present credentials before they can be granted access.
• The security mechanism of a DBMS must include provisions for
restricting access to the database as a whole.
• This function is handled by creating user accounts and passwords to
control the login process by the DBMS
Inference Control:
• Inference is a database system technique used to attack databases
where malicious users seek sensitive information from complex
databases.

• In basic terms, inference is a technique used to find information

hidden from normal users.

• The more complex the database is, the greater the security
implemented in association with it should be.

• Two inference vulnerabilities that appear in databases are data

association and data aggregation.
– An data association defines a relationship between two entity
objects based on common attributes.

– Aggregation refers to the process by which entities are

combined to form a single meaningful entity
Flow Control
• Flow control is the mechanism that ensures the rate at
which a sender is transmitting is in proportion with the
receiver’s receiving capabilities.
• Too much data arriving before a device can handle it
causes data overflow, meaning the data is either lost
or must be retransmitted.
• It prevents information from flowing in such a way that
it reaches unauthorized users
Data Encryption
• It is used to protect sensitive data that is transmitted via some type
communication network.
• Encryption can be used to provide additional protection for sensitive
portions of database.
• The data is encoded using some cryptographic algorithm.
• An unauthorized user who access encoded data will have difficulty
deciphering it, but authorized users are given decoding or
decryption algorithms to decipher data.