Database Security

Slide 1-1
Outline
⚫ Introduction to Database Security Issues
⚫ Discretionary Access Control
⚫ Mandatory Access Control
⚫ Data Encryption
Introduction
⚫ Threats to databases
◦ Loss of integrity
◦ Loss of confidentiality
◦ Loss of availability
◦ Repudation
 Introduction
⚫ Fundamental data security requirements

Protection of data from

unauthorized disclosure
The ability to prevent the
effective denial of an act.

Only authorized users

should be allowed to
modify data.

Making data available to the

authorized users & application programs
Slide 1-4
⚫ To protect databases against these types
of threats four kinds of
countermeasures can be implemented:
◦ Access control
◦ Inference control
◦ Flow control
◦ Encryption
⚫ Access control
⚫ The security mechanism of a DBMS for restricting
access to the database as a whole
◦ Handled by creating user accounts and passwords to
control login process by the DBMS.
⚫ Two types of database security mechanisms:
◦ Discretionary security mechanisms (DAC)
◦ Mandatory security mechanisms (MAC)
⚫ Inference control
⚫ The security problem associated with databases is that of
controlling the access to a statistical database, which is
used to provide statistical information or summaries of values
based on various criteria.
⚫ The countermeasures to statistical database security
problem is called inference control measures.
⚫ Flow control
⚫ Flow control prevents information from flowing in
such a way that it reaches unauthorized users.
⚫ Channels that are pathways for information to flow
implicitly in ways that violate the security policy of an
organization are called covert channels.

⚫ Data encryption
⚫ Data encryption is used to protect sensitive data
(such as credit card numbers) that is being
transmitted via some type communication network.
⚫ The data is encoded using some encoding
algorithm.
◦ An unauthorized user who access encoded data will have
difficulty deciphering it, but authorized users are given
decoding or decrypting algorithms (or keys) to decipher
data.
Database Security and the DBA

⚫ The database administrator (DBA) is the

central authority for managing a database
system.
◦ The DBA’s responsibilities include
● granting privileges to users who need to use the
system
● classifying users and data in accordance with the
policy of the organization
⚫ The DBA is responsible for the overall
security of the database system.
Slide 1-8
 Database Security and the DBA

⚫ The DBA has a DBA account in the DBMS

◦ Sometimes these are called a system or super
user account
◦ These accounts provide powerful capabilities
such as:
● Account creation
● Privilege granting
● Privilege revocation
● Security level assignment
 Discretionary Access Control
⚫ The typical method of enforcing discretionary
access control in a database system is based on the
granting and revoking privileges.

⚫ Types of Discretionary Privileges

⚫ The account level:
◦ At this level, the DBA specifies the particular
privileges that each account holds independently of
the relations in the database.
⚫ The relation level (or table level):
◦ At this level, the DBA can control the privilege to
access each individual relation or view in the
database.
Slide 1-10
Types of Discretionary Privileges
⚫ SQL standard supports DAC through the GRANT
and REVOKE commands:
◦ The GRANT command gives privileges to users
◦ The REVOKE command takes away privileges
Types of Discretionary Privileges
⚫ The privileges at the account level apply can include
◦ the CREATE SCHEMA or CREATE TABLE
privilege, to create a schema or base relation;
◦ the CREATE VIEW privilege;
◦ the ALTER privilege, to apply schema changes such
adding or removing attributes from relations;
◦ the DROP privilege, to delete relations or views;
◦ the MODIFY privilege, to insert, delete, or update
tuples;
◦ the SELECT privilege, to retrieve information from
the database by using a SELECT query.
Slid
e
1-12
Types of Discretionary Privileges
⚫ The relation level of privileges applies to base
relations and virtual (view) relations.
⚫ Notice that to create a view, the account must have
SELECT privilege on all relations involved in the view
definition.
Types of Discretionary Privileges

⚫ To control the granting and revoking of relation privileges,

for each relation R in a database:
◦ The owner of a relation is given all privileges on that
relation.
◦ The owner account holder can pass privileges on any of
the owned relation to other users by granting
privileges to their accounts.
◦ The owner account holder can also take back the
privileges by revoking privileges from their accounts.
Types of Discretionary Privileges
⚫ In SQL the following types of privileges can be granted on
each individual relation R:
◦ SELECT (retrieval or read) privilege on R
◦ MODIFY privileges on R
● UPDATE, DELETE, and INSERT privileges
● INSERT and UPDATE privileges can specify that
only certain attributes can be updated by the account.
◦ REFERENCES privilege on R
● This gives the account the capability to reference
relation R when specifying integrity constraints.
● The privilege can also be restricted to specific
attributes of R.
Specifying Privileges Using Views

⚫ The mechanism of views is an important

discretionary authorization mechanism in
its own right.
◦ Column level security
● Owner A (of R) can create a view V of R that includes
several attributes and then grant SELECT on V to B.
◦ Row level security
● Owner A (of R) can create a view V’ which selects several
tuples from R and then grant SELECT on V’ to B.
Propagation of Privileges using the
GRANT OPTION
⚫ Whenever the owner A of a relation R grants a privilege
on R to another account B, privilege can be given to B
with or without the GRANT OPTION.

⚫ B can also grant that privilege on R to other accounts.

⚫ If B grants the privilege on R to C with GRANT OPTION

⚫ Privileges on R can propagate to other accounts

without the knowledge of the owner of R
Propagation of Privileges using the
GRANT OPTION
⚫ If the owner account A now revokes the privilege
granted to B, all the privileges that B propagated based
on that privilege should automatically be revoked by the
system.
 An Example
⚫ Suppose that the DBA creates four accounts
◦ A1, A2, A3, A4
⚫ A1: Create table privilege
GRANT CREATE TABLE TO A1;
□ Suppose that A1 creates the two base relations
EMPLOYEE and DEPARTMENT
□ A1 is then owner of these two relations and
hence all the relation privileges on each of them.
 An Example

⚫ A1 wants to grant A2 the privilege to insert and

delete tuples in both of these relations, but A1
does not want A2 to be able to propagate these
privileges to additional accounts:
GRANT INSERT, DELETE ON
EMPLOYEE, DEPARTMENT TO A2;
 An Example
⚫ A1 wants to allow A3 to retrieve information from either of
the two tables and also to be able to propagate the SELECT
privilege to other accounts.
GRANT SELECT ON EMPLOYEE, DEPARTMENT TO
A3
WITH GRANT OPTION;
⚫ A3 can grant SELECT privilege to A4 to retrieve information
from the Employee relation
GRANT SELECT ON EMPLOYEE TO A4;
Notice that A4 can’t propagate the SELECT privilege
because GRANT OPTION was not given to A4
 An Example
⚫ A1 decides to revoke the SELECT privilege on the
EMPLOYEE relation from A3
REVOKE SELECT ON EMPLOYEE FROM A3;
⚫ The DBMS must now automatically revoke the
SELECT privilege on EMPLOYEE from A4, too,
because A3 granted that privilege to A4 and A3
does not have the privilege any more.
 An Example
⚫ A1 wants to give back to A3 a limited capability to SELECT
from the EMPLOYEE relation and wants to allow A3 to be
able to propagate the privilege.
◦ The limitation is to retrieve only the NAME, BDATE,
and ADDRESS attributes and only for the tuples with
DNO=5.
⚫ A1 then create the view:
CREATE VIEW A3EMPLOYEE AS
SELECT NAME, BDATE, ADDRESS
FROM EMPLOYEE
WHERE DNO = 5;
⚫ And then,
GRANT SELECT ON A3EMPLOYEE TO A3
WITH GRANT OPTION;
An Example
⚫ A1 wants to allow A4 to update only the SALARY
attribute of EMPLOYEE;
⚫ A1 can issue:
GRANT UPDATE ON EMPLOYEE (SALARY) TO
A4;

Slid
e
1-24
Mandatory Access Control
⚫ Mandatory Access Control (MAC):
◦ MAC applies to large amounts of information
requiring strong protect in environments where both
the system data and users can be classified clearly.
◦ MAC is a mechanism for enforcing multiple
level of security.
⚫ The commonly used model for multilevel security,
known as the Bell-LaPadula model

Slid
e
1-25
Data Encryption
⚫ Encryption is a means of maintaining secure data in an
insecure environment.
⚫ Encryption consists of applying an encryption
algorithm to data using some prespecified
encryption key.
⚫ The resulting data has to be decrypted using a
decryption key to recover the original data.

Slid
e
1-26
The Data and Advanced Encryption
Standards
⚫ The Data Encryption Standard (DES) is a system
developed by the U.S. government for use by the
general public.
◦ It has been widely accepted as a cryptographic
standard both in the United States and abroad.
⚫ DES can provide end-to-end encryption on the channel
between the sender A and receiver B.

Slid
e
1-27
 The Data and Advanced Encryption
Standards(2)
⚫ DES algorithm is a careful and complex combination of
two of the fundamental building blocks of encryption:
◦ substitution and permutation (transposition).
⚫ The DES algorithm derives its strength from repeated
application of these two techniques for a total of 16 cycles.
◦ Plaintext (the original form of the message) is
encrypted as blocks of 64 bits.
⚫ After questioning the adequacy of DES, the National
Institute of Standards (NIST) introduced the Advanced
Encryption Standards (AES).
◦ This algorithm has a block size of 128 bits and thus takes
longer time to crack. Slid
e
1-28
MUST READ
https://www.ekransystem.com/en/blog/mac-
vs-dac

https://www.w3schools.in/dbms/database-se
curity

Slid
e
1-29