Introduction to Database Systems - Security

I. Security Overview

1.1 of insecurity

Unauthorized access and malicious destruction of database
database important or sensitive data being leaked
secure environment vulnerability

1.2 Introduction to Safety Standards

1.2.1 TCSEC / TDI standard

Backward compatible to have a partial order relationship between the level of security that the security provided by a higher level of security protection requirements to include all the lower level, while providing more or better protection

1.2.2 CC standard

1.3 Security Controls

A computer system, a security layer is disposed a

database management system security control model

common database security system control method comprising: a user identification and authentication, access control, view, auditing, data encryption

Second, access control

composition

• Define user permissions and the user rights registered in the dictionary data

1. User rights called for authority to operate a data object
2. DBMS provide the appropriate language to define user permissions, stored in the data dictionary, called safety rules or authorization rules

• Check the lawful authority

1. Database access request issued by a user operation
2. DBMS data dictionary lookup, legitimate authority check

2.1 customize access control

Achieved through SQL statements of grant and revoke statements
user permissions that

• Data Objects
• Action Type

Defining user access rights: the user can define what types of operations on the database objects which
define access authorization referred to
access relational database systems

Granting privileges and recycling 2.1.1

1, awarded grant

grant <权限列表> on <对象名> to <用户/角色列表>
/*
权限列表可以是 all privileges，或者如下
    select：查询
    delete：删除元组
    insert [(<属性列>,...,<属性列>)]：插入
    update [(<属性列>,...,<属性列>)]：修改
    references [(<属性列>,...,<属性列>)]：赋予用户创建关系时定义外码的能力
*/

2, recovery revoke

grant <权限列表> on <对象名> to <用户/角色列表>
{cascade | retrict}

2.1.2 Create a database schema permission

--数据库管理员在创建用户时实现
create user <username>
[with][dba | resource | connect];

create user statement Format Description

1. Only the super user of the system have the right to create a new database user
2. The newly created database users, there are three rights: connect, resource and DBA
3. Absence create a new user permissions by default the user has permission to connect

2.1.3 database role

Definition: named a group associated with the operation of the database permissions

• Roles are collections of permissions
• You can create a role for a group of users with the same permissions
• Simplify the process of authorization

--创建角色
create role <角色名>

--角色授权
grant <权限列表> on <对象名> to <角色名>

--使用角色授权
grant <角色列表> to <用户/角色列表>

--收回授予角色的权限
revoke <权限列表> on <对象名> from <角色名>

--收回角色
revoke <角色列表> from <用户/角色列表> {cascade | restrict}

--通过角色来实现将一组权限授予一个用户。步骤如下：
--首先创建一个角色 R1
    create role R1;

--然后使用grant语句，使角色R1拥有Student表的  select、update、insert权限
    grant select,update,insert
    on table Student
    to R1;

--将这个角色授予王平，张明，赵玲。使他们具有角色R1所包含的全部权限
    grant R1
    to 王平,张明，赵玲;

--可以一次性通过R1来回收王平的这3个权限
    revoke R1
    from 王平;

2.2 Mandatory Access Control Method

In mandatory access control, all of the entities managed by the database management system is divided into two major categories of subject and object
body is a mobile body system

• Database management system managed by the actual user
• On behalf of the user process

The object is a passive entity in the system, by manipulation body

• Documents, basic tables, indexes, views

Tag sensitivity
for subject and object, DBMS them each instance (value) is assigned a marker Sensitivity
Sensitivity mark into several levels

• Top-secret
• confidential
• secret
• public

Body tag called a license sensitivity level
sensitivity dense object called a marker
Mandatory Access Control rules

1. Only when the body is equal to or greater than the level of the license dense object, the subject can read the corresponding objects
2. Only when the license subject level less than or equal dense object, the subject can write the corresponding object

First, to achieve self-control to achieve access Mandatory Access Control

• The reason: The security higher level of security provided to include all lower-level protection

Independent access control and mandatory access control security mechanism together constitute a database management system

Third, other security measures

3.1 view mechanism

First define a view, shielded part of the data needed for some users confidential; then in view of the definition of access rights, it will grant access to the apostle of these users, but does not allow direct access to their relationship that defines the view

3.2 Audit Techniques

Auditing technology is a surveillance measures, it tracks database access activity, detect possible illegal conduct
audits to enable a dedicated audit log automatically records all users to update the database (insert, delete, modify)
audit logging part

1. Type of operation (insertion, deletion, modification)
2. Operation terminal identifier and the operator identifier
3. Operating dates and times
4. Data involved in the operation (relationship, tuple attributes, etc.)
5. Before and after images of data

3.3 Data Encryption

According to some encryption algorithm, the original data (plaintext) into a format not directly recognizable (ciphertext)
encrypted secret algorithm should not depend on modes, but is dependent on algorithm parameters, i.e. the key