statement of problem
- A major feature of the database is that data can be shared
- Data sharing will inevitably bring about security issues database
- Data sharing database system can not be shared unconditional
Computer Security Overview
First, the computer security
Computer system security
to establish a computer system and a variety of security measures to protect computer systems hardware, software and data to prevent their accidental or malicious reasons the system has been damaged, leaks and other data have been changed or .
Three types of computer system security issues
- Technical Safety class
- Security management class
- Policy, Law
Second, safety standards Introduction
1. TCSEC / TDI basic content standards
from four indicators to describe the level of security division
➢ security policy
➢ responsibility
➢ ensure
➢ Documents
2.TCSEC / TDI security level divided
➢ system reliability by gradually increasing the credibility or
➢ among security levels: partial order downward compatibility
System above B2: still in the theoretical stage
CC
➢ statements made internationally recognized IT security structure
➢ the security requirements into information products: security functional requirements, security assurance requirements
CC text composition
➢ Introduction and general model
➢ security functional requirements
➢ Security assurance requirements
Database Security Control
Outline
1. illegal use of database
➢ legitimate users write a program to bypass the DBMS and authorization mechanisms, through direct access to the operating system, or modify data in the database backup;
➢ direct write applications or perform unauthorized operations
➢ by multiple times legitimate query the database from which to derive some confidential data
➢ undermine security behavior may be unintentional, intentional, malicious
Common methods of controlling the security database 2.
➢ user identification and authentication
➢ access control
➢ view
➢ Audit
➢ password storage
First, identify the user ID and
the outermost layer of security protection provided by the system
The basic method
➢ systems provide a way for users to identify his name or identity;
➢ internal system records the identity of all legitimate users;
➢ Each time a user requests access to the system by the system to check identity provided by the user;
➢ through the identification of the it provides the right to use the machine.
➢ user identification and authentication can be repeated
Users identify themselves by name or identity
- Username / password
➢ simple, easy to steal people - Each user pre-agreed good a procedure or function calculation
➢ The system provides a random number
➢ user is calculated according to the calculation procedure or function own pre-agreed
➢ correctly identify the user identity system based on user results
Second, access control
1. Access control mechanisms composed
➢ define user rights
➢ legal authority check
2. The composition of the DBMS security subsystem with defined user rights and lawful authority checking mechanism
3. The access control method used
➢ customize access control (Discretionary Access Control, abbreviated DAC): C2 level; flexible
➢ Mandatory Access Control (Mandatory Access Control, abbreviated MAC): B1 level; stringent
4. Autonomous access control method
- Same users have different access rights for different data objects
- Different users have different rights to the same object
- Users can also access their own delegated to other users
The mandatory access control method
- Each data object is marked with a certain dense
- Each user is granted a certain level of license
- For any object, only users with a legitimate license before it can access
Third, the access control method of autonomous
- Achieved through the SQL statements GRANT and REVOKE statements
- User permissions that
➢ data object
➢ operation type - Defining user access rights: the user can define what types of operations on the database objects which
- The definition of access authorization referred to
Fourth, the authorized recycling
1.GRANT
. 1) general format:
GRANT <权限>[,<权限>]...
[ON <对象类型> <对象名>]
TO <用户>[,<用户>]...
[WITH GRANT OPTION];
2) Semantics:
specify the operating authority will be granted to the specified operation target specified user
Issue GRANT:
➢DBA
➢ database object creator (ie, owner Owner)
user ➢ owns the rights
according to user rights-of
➢ one or more specific users
➢PUBLIC (all users)
the WITH GRANT OPTION clause:
➢ specify: can then grant
➢ not specified: can not spread
does not allow circulation authorized
2.REVOKE
1) may withdraw permission granted by REVOKE statement by the DBA or other authorized person
2) REVOKE statements general format is:
REVOKE <权限>[,<权限>]...
[ON <对象类型> <对象名>]
FROM <用户>[,<用户>]...;
SQL flexible licensing mechanism
- DBA: all objects have all permissions
different permissions to different users ➢ - User: Objects has established its own full operating authority
➢ GRANT: grant other users - Authorized users
➢ "continue to authorize the" License: then grant - All the powers granted to go out in the necessary time and REVOKE statements are available to recover
3. Create a database schema permissions
1) DBA achieve when creating a user
2) CREATE USER statement format
CREATE USER <username>
[WITH][DBA | RESOURCE | CONNECT]
Fifth, the database role
A set of permissions associated with the operation of the database named
➢ role is a set of permissions
➢ can create a role for a group of users with the same rights
➢ to simplify the authorization process
1. Create a role
CREATE ROLE <角色名>
2. Authorization to roles
GRANT <权限>[,<权限>]…
ON <对象类型>对象名
TO <角色>[,<角色>]
3. Place a role granted to other roles or users
GRANT <角色1>[,<角色2>]…
TO <角色3>[,<用户1>]…
[WITH ADMIN OPTION]
4. Role withdraw permission
REVOKE <权限>[,<权限>]…
ON <对象类型> <对象名>
FROM <角色>[,<角色>]…
Six, forcibly access control method for
autonomously controlling access drawbacks
- There may be data of "no intention of disclosing"
- Cause: This mechanism only by access to the data security control, and the data itself has no security tag
- Resolution: mandatory access control policy for all objects in the main control system
1. Mandatory Access Control (the MAC)
➢ ensure a higher degree of security
➢ You can not directly perceive or control
➢ suitable for strict data security classification and classification of fixed sectors: military; government departments
2. The main activities of the entity in the system is
the actual user ➢ DBMS manages
the processes ➢ behalf of the user
3. The system object is a passive entity, it is operated by the main
➢ file
➢ yl table
➢ index
➢ view
4. sensitivity marker (the Label)
➢ top-secret (Top Secret)
➢ secret (Secret)
➢ credible (Confidential,)
➢ public (Public)
the sensitivity of the subject mark called the license level (Clearance Level)
the sensitivity of said object markers for the security classification (Classification Level)
The mandatory access control rule
(1) only when the body is equal to or greater than the level of the license dense object,
the subject can read the corresponding object
(2) only if the secret level is equal to the level of the main objects of the license, the subject
to write the corresponding object
amend the rules of
the main license level <= dense objects subject to write object →
Common rules
prohibit a license with a high level of security classification of low body update data objects
6.MAC the DAC
1) DAC and MAC together constitute the security mechanisms of the DBMS
2) To achieve the first DAC implementing MAC
➢ reasons: security higher level of security provided to include all lower-level protection
DAC + MAC schematic security check
View mechanism
- The confidential data of users do not have access to these data are hidden, the data provide a degree of security protection
➢ main function is to provide data independence, not fully meet the requirements of
➢ indirect support to achieve a user-defined access rights predicate
Audit (Audit)
First, what is the audit
➢ audit log (Audit Log)
user database records all operations in the above
➢ DBA use audit logs
to identify unauthorized access to data, people, time and content
➢ C2 level of security than DBMS must have
Second, the audit classification
1. User-level audit
➢ against a database table or view that you create audit
➢ record all users of all these table or view success and (or) unsuccessful access requirements and various types of SQL operations
2. system-level auditing
➢DBA set
➢ monitor the success or failure of the login request
operation in monitoring ➢ GRANT and REVOKE operations and other database-level permissions
Third, the audit function is optional
➢ audit is time-consuming and space
➢ DBA depending on the application requirements for safety, the flexibility to open or close the audit function.
AUDIT statement: Set the audit function
NOAUDIT statement: cancel audit function
data encryption
Data in the database has been compromised in the storage and transport of preventing
effective means of
an encrypted basic idea
➢ according to certain algorithms to the raw data (the term plaintext, Plain text) is converted into the format can not be directly recognized (the term ciphertext, Cipher text )
who do not know the decryption algorithm ➢ not know the content data
Second, encryption method
1. Alternatively Method
• using a key (Encryption Key) converting each character to a character in the plaintext to ciphertext
2. The method of replacing
the plaintext characters are rearranged in a different order
3. The mixing method
USA 1977 enacted official encryption standard: data encryption standard (data encryption standard, referred to as DES)
Third, the data in the DBMS encryption
➢ Some database products provide data encryption routines
➢ Some database product itself does not provide encryption program, but provides
an interface
Data encryption is often used as an optional feature that allows users to choose
➢ data encryption and decryption is relatively time-consuming operation
➢ data encryption and decryption program will take up a lot of system resources
➢ should only encrypt highly confidential data
Statistical Database Security
First, the characteristics of the statistical database
➢ allow users to query the type of aggregate information (such as total, average
value, etc.)
➢ not allow a single query record information
Second, the statistical database specific security issues
➢ covert channels of information
➢ derived from legitimate queries illegal information
Rule 1: Any query relates to at least N (N is sufficiently large) than a recording
Rule 2: intersection data items of any two queries can not exceed the M
Rule 3: the number of any user query can not exceed 1+ (N-2 ) / M
Designed database security mechanisms:
trying to undermine the security of people it takes to get the expense of the interests >>