3C13/D6

Security and Other Technology

DCM Shriram Consolidated Kota

II.I Selected Database Issues: 1 - Security Slide 1/24

 1. Content

Content
1.1 Objectives
1.2 Scope of database security: why take threats seriously?
– 1.2.1 Situations related to database security
– 1.2.2 Threats
1.3 Countermeasures: computer-based controls (BRAVE)
– 1.3.1 Backup and recovery
– 1.3.2 RAID technology
– 1.3.3 Authorization
– 1.3.4 Views
– (1.3.5 Encryption – will be covered in next lecture)
1.4 Summary

II.I Selected Database Issues: 1 - Security Slide 2/24

 1.1 Objectives

Objectives
In this Lecture you will learn:
1. The scope of database security

2. Why database security is a serious concern for any organization

3. The types of threat that can affect a database system

4. Which computer-based controls to use for protection

II.I Selected Database Issues: 1 - Security Slide 3/24

 1.2 Scope of database security

Scope of database security:

why take threats seriously?

•“Database security”:
• The mechanisms that protect the database against
intentional or accidental threats.
• Includes:
• hardware
• software
• people
• data

II.I Selected Database Issues: 1 - Security Slide 4/24

 1.2 Scope of database security

Situations related to database

security
• theft or fraud
• loss of:
– confidentiality: secrecy related to organizations critical data. Breach may
lead to loss of competitiveness
– privacy: secrecy related to personal data. Breach may lead to legal action
against organization
– integrity: invalid or corrupted data. Breach affects operation of
organization
– availability: affects so called 24 x 7 availability, affects financial
performance, occasionally causes data corruption

II.I Selected Database Issues: 1 - Security Slide 5/24

 1.2 Scope of database security

Threats
• Threat:
– any situation or event (intentional or accidental) that may
adversely affect a system and thus the organization.

• Tangible threat:
– loss of hardware, software or data.

• Intangible threat:
– loss of credibility or client confidence.

II.I Selected Database Issues: 1 - Security Slide 6/24

 1.2 Scope of database security

Threats and Damage

Extent of damage depends on the existence of
• countermeasures, and
• contingency plans.

Example: A hard disk crash; all processing must stop until the
problem is solved. Recovery time depends on factors such as:
• when the last back-ups were taken, and
• how easy it is to restore the system.

Organization needs to:

• identify types of threats and their significance.
• develop appropriate, cost-effective plans and
countermeasures.

II.I Selected Database Issues: 1 - Security Slide 7/24

 1.2 Scope of database security

Threats

II.I Selected Database Issues: 1 - Security Slide 8/24

 1.3 Countermeasures: computer-based controls

Countermeasures: computer-
based controls

“BRAVE”
countermeasures

II.I Selected Database Issues: 1 - Security Slide 9/24

 1.3 Countermeasures: computer-based controls

Countermeasures: computer-
based controls
“BRAVE”
• B ackup and recovery
• R AID technology Types of countermeasures range
from:
• A uthorization –Physical controls to
–Administrative procedures
• V iews
• E ncryption NB: despite the wide range of
controls, generally a DBMS is only as
secure as its operating system!

II.I Selected Database Issues: 1 - Security Slide 10/24

 1.3 Countermeasures: computer-based controls

Backup and recovery

• Backup: the process of periodically (at frequent and regular
intervals) taking a copy of the database and log files (and possibly
programs) on to offline storage media kept in a secure location,
suitable for rapid recovery from a fault.
• Journaling: the process of keeping and maintaining online a log file
(journal) containing all the changes made to the database to enable
recovery to be undertaken effectively in the event of failure.
• Archiving: the process of periodically taking a copy of the database
and possibly programs on to offline secondary storage media, suitable
for infrequent reference.
• DBMSs provide backup facilities to assist with recovery of the
database in the event of failure.

II.I Selected Database Issues: 1 - Security Slide 11/24

 1.3 Countermeasures: computer-based controls

Backup and recovery

• In the event of a failure, the database can be recovered to its last
known consistent state using either:
1. The log file created by the journaling facility, or
2. The database backup file, or
3. Both.

• Without a log file the database would have to be recovered solely

from the database backup. This means that any changes made after
the last backup to the database will be lost.

• Details of how to restore the database from the log files are given in
II.II Transaction Management (lectures 3 & 4).

II.I Selected Database Issues: 1 - Security Slide 12/24

 1.3 Countermeasures: computer-based controls

Integrity
• Integrity constraints contribute to maintaining a secure
database by preventing the data from becoming invalid
and giving misleading or incorrect results.

• Integrity constraints were discussed in the prerequisite

course.

II.I Selected Database Issues: 1 - Security Slide 13/24

 1.3 Countermeasures: computer-based controls

RAID Technology
• DBMS hardware needs to be fault tolerant:
– Disk drives, disk controllers, CPU, power supplies and cooling fans.
– Disk drives are the most vulnerable.

• RAID (Redundant Array of Independent Disks)

– several independent unreliable disks “look like” one big reliable disk
– organized to increase performance and improve reliability.

• Performance is increased through data striping:

– Data is segmented into equal-size partitions (the striping unit).
– These are spread across multiple disks
– Striping improves overall I/O performance via parallelism.

II.I Selected Database Issues: 1 - Security Slide 14/24

 1.3 Countermeasures: computer-based controls

RAID Technology
• Reliability is increased through storing redundant information across
disks using a parity or error-correcting scheme, such as Reed-
Solomon codes (Pless, 1989).

1. Parity schemes:
– each byte may have a parity bit associated with it that records whether
the number of bits set to 1 is even or odd.
– If the number of bits get corrupted, the new parity bit will not match the
stored parity. Similarly, if the stored parity bit gets corrupted.

2. Error-correcting schemes
– store two or more additional bits, and can reconstruct the original data if
a single bit gets corrupted. These schemes can be used through striping
bytes across disks.

II.I Selected Database Issues: 1 - Security Slide 15/24

 RAID Technology
RAID stands for Redundant Array of Inexpensive (or sometimes
"Independent") Disks.

RAID is a method of combining several hard disk drives into one

logical unit (two or more disks grouped together to appear as a single
device to the host system). RAID technology was developed to
address the fault-tolerance and performance limitations of
conventional disk storage. It can offer fault tolerance and higher
throughput levels than a single hard drive or group of independent
hard drives. While arrays were once considered complex and
relatively specialized storage solutions, today they are easy to use and
essential for a broad spectrum of client/server applications.

II.I Selected Database Issues: 1 - Security Slide 16/24

 The driving factors behind RAID
Number of factors are responsible for the growing adoption of arrays for
critical network storage.
More and more organizations have created enterprise-wide networks to
improve productivity and streamline information flow. While the
distributed data stored on network servers provides substantial cost
benefits, these savings can be quickly offset if information is frequently
lost or becomes inaccessible. As today's applications create larger files,
network storage needs have increased proportionately. In addition,
accelerating CPU speeds have outstripped data transfer rates to storage
media, creating bottlenecks in today's systems.
RAID storage solutions overcome these challenges by providing a
combination of outstanding data availability, extraordinary and highly
scalable performance, high capacity, and recovery with no loss of data or
interruption of user access.
By integrating multiple drives into a single array -- which is viewed by
the network operating system as a single disk drive -- organizations can
create cost-effective, minicomputersized solutions of up to a terabyte or
more of storage.
II.I Selected Database Issues: 1 - Security Slide 17/24
 RAID Levels
There are several different RAID "levels" or redundancy
schemes, each with inherent cost, performance, and availability
(fault-tolerance) characteristics designed to meet different
storage needs. No individual RAID level is inherently superior
to any other. Each of the five array architectures is well-suited
for certain types of applications and computing environments.
For client/server applications, storage systems based on RAID
levels 1, 0/1, and 5 have been the most widely used. This is
because popular NOSs such as Windows NT® Server and
NetWare manage data in ways similar to how these RAID
architectures perform.

II.I Selected Database Issues: 1 - Security Slide 18/24

 RAID 0
• Data striping without redundancy (no protection).
• Minimum number of drives: 2
• Strengths: Highest performance.
• Weaknesses: No data protection; One drive fails, all data is lost.
DRIVE1 DRIVE2
Data A Data A
Data B Data B
Data C Data C

II.I Selected Database Issues: 1 - Security Slide 19/24

 RAID 1
• Disk mirroring.
• Minimum number of drives: 2
Strengths: Very high performance; Very high data protection; Very minimal
penalty on write performance.
• Weaknesses: High redundancy cost overhead; Because all data is duplicated,
twice the storage capacity is required.
Mirroring
Standard Host Adapter
DRIVE 1 DRIVE 2
Data A Data A
Data B Data B
Data C Data C
Original Data Mirrored Data

II.I Selected Database Issues: 1 - Security Slide 20/24

 Duplexing
Standard Host Adapter1 Standard Host Adapter 2
DRIVE 1
DRIVE 2
Data A Data A
Data B Data B
Data C Data C
Original Data Mirrored Data

II.I Selected Database Issues: 1 - Security Slide 21/24

 RAID 2
• No practical use.
• Minimum number of drives: Not used in LAN

• Strengths: Previously used for RAM error

environments correction (known as Hamming Code )
and in disk drives before he use of embedded error
correction.
• Weaknesses: No practical use; Same performance can
be achieved by RAID 3 at lower cost.

II.I Selected Database Issues: 1 - Security Slide 22/24

 RAID 3
• Byte-level data striping with dedicated parity drive.
• Minimum number of drives: 3

• Strengths: Excellent performance for large, sequential

data requests.
• Weaknesses: Not well-suited for transaction-oriented
network applications; Single parity drive does not
support multiple, simultaneous read and write requests.

II.I Selected Database Issues: 1 - Security Slide 23/24

 RAID 4
• Block-level data striping with dedicated parity drive.
• Minimum number of drives: 3 (Not widely used)

• Strengths: Data striping supports multiple

simultaneous read requests.
• Weaknesses: Write requests suffer from same single
parity-drive bottleneck as RAID 3; RAID 5 offers
equal data protection and better performance at same
cost.

II.I Selected Database Issues: 1 - Security Slide 24/24

 RAID 5
• Block-level data striping with distributed parity.
• Minimum number of drives: 3

• Strengths: Best cost/performance for transaction-

oriented networks; Very high performance, very high
data protection; Supports multiple simultaneous reads
and writes; Can also be optimized for large, sequential
requests.
• Weaknesses: Write performance is slower than RAID
0 or RAID 1.

II.I Selected Database Issues: 1 - Security Slide 25/24

 DRIVE DRIVE DRIVE
1 2 3
Parity A Data A Data A

Data B Parity B Data B

Data C Data C Parity C

II.I Selected Database Issues: 1 - Security Slide 26/24

 RAID 0/1 - RAID 10
• Combination of RAID 0 (data striping) and RAID 1
(mirroring).
Note that RAID 10 is another name for RAID (0+1) or
RAID 0/1.
• Minimum number of drives: 4

• Strengths: Highest performance, highest data

protection (can tolerate multiple drive failures).
• Weaknesses: High redundancy cost overhead;
Because all data is duplicated, twice the storage
capacity is required; Requires minimum of four drives.

II.I Selected Database Issues: 1 - Security Slide 27/24

 DRIVE 1 DRIVE 2 DRIVE 3 DRIVE 4

Data A Data A mA mA

Data B Data B mB mB

Data C Data C mC mC

Original Data Original Data Mirrored Data Mirrored Data

II.I Selected Database Issues: 1 - Security Slide 28/24

 Types Of RAID
• There are three primary array implementations: software-based
arrays, bus-based array adapters/controllers, and subsystem-
based external array controllers. As with the various RAID
levels, no one implementation is clearly better than another --
although software-based arrays are rapidly losing favor as high-
performance, low-cost array adapters become increasingly
available. Each array solution meets different server and
network requirements, depending on the number of users,
applications, and storage requirements.
• It is important to note that all RAID code is based on software.
The difference among the solutions is where that software code
is executed -- on the host CPU (software-based arrays) or
offloaded to an on-board processor (bus-based and external
array controllers).

II.I Selected Database Issues: 1 - Security Slide 29/24

 Parity
• The concept behind RAID is relatively simple. The fundamental
premise is to be able to recover data on-line in the event of a
disk failure by using a form of redundancy called parity. In its
simplest form, parity is an addition of all the drives used in an
array. Recovery from a drive failure is achieved by reading the
remaining good data and checking it against parity data stored
by the array. Parity is used by RAID levels 2, 3, 4, and 5. RAID
1 does not use parity because all data is completely duplicated
(mirrored). RAID 0, used only to increase performance, offers
no data redundancy at all.

II.I Selected Database Issues: 1 - Security Slide 30/24

 A + B + C + D = PARITY

1 + 2 + 3 + 4 = 10
1 + 2 + X + 4 = 10

7+X = 10
-7 + = -7
--------- ----------
X 3
MISSING RECOVERED
DATA DATA

II.I Selected Database Issues: 1 - Security Slide 31/24

 1.3 Countermeasures: computer-based controls

•
RAID Technology
RAID 0 –Non redundant. Maintains no redundant data. Has the best write performance since updates do
not have to be replicated. Data striping performed at level of blocks.
• RAID 1 -Mirrored. Maintains two identical copies of the data across different disks ( mirrors). Writes not
performed simultaneously to maintain consistency in the event of disk failure. Most expensive and slowest
storage solution, but very safe.
• RAID 0+1 –Non redundant and Mirrored. combines striping and mirroring.
• RAID 2 -Memory-Style Error-Correcting Codes. The striping unit is a single bit, redundancy scheme used
are hamming codes.
• RAID 3 -Bit-Interleaved Parity. Redundancy provided by storing parity information on a single disk. This
can be used to recover the data on the other disks should they fail. Parity disk can become a bottleneck
though the overall level uses less storage space than RAID 1.
• RAID 4 -Block-Interleaved Parity. Striping unit is a disk block. A parity block is maintained on a separate
disk for corresponding blocks from a number of other disks. If one of the disks fails, the parity block is used
with the corresponding blocks from other disks to restore the blocks on the failed disk.
• RAID 5 -Block-Interleaved Distributed Parity. Parity data for redundancy is used similarly to RAID 3.
The parity data is striped across all disks. Alleviating the bottleneck.
• RAID 6 -P+Q Redundancy. Similar to RAID 5. Additional redundant data is maintained to protect against
multiple disk failures. Error-correcting codes are used instead of parity.

II.I Selected Database Issues: 1 - Security Slide 32/24

 1.3 Countermeasures: computer-based controls

Authorization
Authorization: the granting of a right or privilege that enables a subject to have
legitimate access to a system or a systems object.

Authorization controls (access controls) are built into the software. They govern:
• what systems or objects a specified user can access (e.g. database tables, views,
procedures, triggers) and
• what the user may do with them.
Authorization involves authentication of the subjects (potential user or program)
requesting access to objects.

Authentication: a mechanism that determines whether a user is who he or she claims to

be. A system administrator is usually responsible for allowing users access by creating
user accounts. Each user is given a unique identifier The identifier has a password
associated with it, chosen by the user and known to the operating system.

II.I Selected Database Issues: 1 - Security Slide 33/24

 1.3 Countermeasures: computer-based controls

Authorization
Procedure allows access to the computer system but not necessarily to the DBMS or other
applications. A separate but similar procedure may be associated with gaining access to
these further applications.

The database administrator (DBA) is responsible for authorizing users.

The DBA sets up individual user accounts and passwords using the DBMS itself.

Some DBMSs maintain a list of user identifiers and password distinct from those in the
operating systems list.

Others have entries which are validated against the operating systems list based on the
current user's identifier. This prevents a user logging on to the DBMS with a different
name to that used when logging on to the operating system.

II.I Selected Database Issues: 1 - Security Slide 34/24

 1.3 Countermeasures: computer-based controls

Authorization
Privileges
Certain Privileges may be associated with Permission to use a DBMS. For
example, the right to access or create certain database objects or relations or to
run certain DBMS utilities.

Privileges are granted specific to the requirements of the users job. Excessive
granting of privileges can compromise security.

Closed systems: though authorized to use the DBMS, authorization is needed to

access specific objects, granted by either the DBA or the owners of the specific
objects.

Open systems: users are allowed complete access to all objects within the
database. Privileges will have to be explicitly removed to control access.

II.I Selected Database Issues: 1 - Security Slide 35/24

 1.3 Countermeasures: computer-based controls

Authorization
Ownership & Privileges
• The DBMS owns some objects, usually in the form of a specific superuser such
as the DBA.

•Ownership gives the owner all appropriate privileges on the object owned.

•The creator of an object owns the object, and can assign the appropriate
privileges.

For example: though the owner owns a view they may be only authorized to
query it. (owners set the privileges allowed, and are also subjected to them).
Privileges can be passed on to other authorized users.

•In SQL, when a user passes on a privilege, they can indicate whether the
recipient can pass it on.

II.I Selected Database Issues: 1 - Security Slide 36/24

 1.3 Countermeasures: computer-based controls

Authorization
Ownership & Privileges
•Different types of identifier may have different associated priorities. For example
a DBMS may permit both individual and group user identifiers, and the individual
user may have higher priority than the group.

Privileges (Select, Update, Insert, Delete or All) usually have a binary value
associated with them (differs from one system to another)

e.g. Select = 0100, Update = 0010, All = 1111. Summing them, for a particular
object, indicates the privileges for that user type.

•The different privileges for the different types of user specific to each database
object are stored in an access control matrix.

II.I Selected Database Issues: 1 - Security Slide 37/24

 1.3 Countermeasures: computer-based controls

Authorization
Ownership & Privileges
Example:

User group identifiers

User Identifier Type Group Member Identifier
SG37 User Sales SG37
SG14 User Sales SG14
SG5 User
Sales Group

Access Control Matrix

User Identifier PropertyNo type price ownerNo staffNo branchNo Query Row Limit
Sales 0001 0001 0001 0000 0000 0000 15
SG37 0101 0101 0111 0101 0111 0000 100
SG5 1111 1111 1111 1111 1111 1111 none

II.I Selected Database Issues: 1 - Security Slide 38/24

 1.3 Countermeasures: computer-based controls

Views
• View: a view is the dynamic result of the interaction of
one or more relational operations with the base relations,
which produce another relation. It is a virtual relation in
that it does not exist in the database but is produced
upon request by a given user at a particular time.

• The view is a powerful and flexible security mechanism as

it hides parts of the databases from certain users.

II.I Selected Database Issues: 1 - Security Slide 39/24

 1.4 Summary

Summary
• The Scope of database security:
 Why take threats seriously?
 Situations related to database security
 The different types of threat
• 1.3 Countermeasures: computer-based controls
 Backup and recovery
 RAID technology
 Authorization
 Views
 Encryption – will be covered in the next lecture

II.I Selected Database Issues: 1 - Security Slide 40/24

 Thank You

II.I Selected Database Issues: 1 - Security Slide 41/24