Recent Trends In Database Security | Database Management System
Recent Trends In Database Security | Database Management System
Recent Trends In Database Security : Threats on database security can be grouped into two different categories, physical and logical. Physical threats consist of (but are not limited to) forced disclosure of passwords, destruction of Storage devices, power failures, and theft. The most Common way to prevent this type of threat is limit the access to the storage devices and put backup and recover procedures in place. Logical threats are unauthorized logical access to information. This is usually through software. Logical threats can result in denial of service, disclosure of information, and modification of data.
One of the largest threats to a database is a corrupt authorized user. This user can legitimately access confidential information. This information can then be leaked electronically or by some other means such as print out or by word of mouth. There is very little that can be done to prevent this from within the database management System. Mandatory access controls can help a little bit by not allowing a user logged in with classified access to Save or copy the data to a location with unclassified access. This type of threat is usually handled by limiting the number of users with that level of access and other complicated procedures. In our Sample database application, a manager could give or sell this information to other companies or use it unfairly to determine employee performance.
Another way to compromise a database is to successfully log in as a legitimate user. This can be done by physically stealing the information or monitoring network traffic for login information. Another attack could involve accessing password lists stored in an operating system. And of course, login information can only be as Secure as the password used. If it is easy to Crack, there is not much that can be done. Restrictions on the type and form of passwords can help, but does not solve the problem. The database must employ authentication and encryption to ensure that this type of attack is less likely. The web server could be set up to either pass the user authentication information directly to the database or authenticate the user and then use the web server’s own authentication information to log into the database. The latter method provides an optimization in that the Connection can be cached. This results in an even more vulnerable System because if the web server is compromised then the database is also compromised. In our example we assumed that the web server passes the user’s authentication information to the database. Of course, protecting the user’s authentication information is important. In general, encryption or a one-time password system could be used. Also in our EERSS sample application, a manager could be watching network traffic to get an employee’s login information. The manager could make changes to the employee’s data such that it could be grounds to reprimand or even fire the employee.
There are a multitude of possible attacks on a database if it is accessible over a network, even more so if that network is the internet. A number of precautions can be put in place such as a firewall to protect the database and possibly the Web server. The data sent over the network can be secured by a number of means. A common method on the internet is the secure socket layer. This would prevent an attacker from just gathering information by watching network traffic. A good method for authenticating with the database will also be necessary. Certificates can also be used in conjunction with databases to ensure authentication. An especially common attack has been the denial of service attack. This type of attack is related more to the Web server allowing access to the database, but can also be mounted against a database itself.
The users of a database can use information that they have access to and possibly some other supplementary (external) information to infer information that they do not have access to. In more explicit terms, data at a high Security level can be inferred from data at a lower security level. This can be a very difficult threat to prevent. This threat is usually associated with statistical databases. Information about individuals can be inferred from answers to allowed statistical queries on the data. A naive approach would be to move the lower level data to a higher level. Only the minimum amount of the lower level data needed to prevent the inference should be moved to the higher security level. Although, this usually results in much if not all of the lower level data being reclassified at a higher security level. This solution is usually not acceptable. Other techniques can be used such as query restriction, data perturbation, and output perturbation. Query restriction involves requiring a minimum number of rows to be part of the query. This does not really solve the problem but increases the number of queries necessary to infer any confidential information. A Common Solution is to audit such query patterns in hopes that such activity will be detected before the confidential information is compromised.
Trojan horses are Corrupt Software applications that leak confidential information. These applications are part of the normal use of a System, but have been modified to copy or send sensitive information to unauthorized locations or users. An application that has a Trojan Horse must be installed on the system. This could be done by the attacker or by an administrator that did not realize that there was a Trojan Horse in the application. The corrupted application will operate as expected for all practical purposes. But it will be doing some additional illegal functions as well. For example, An employee could create an application with a Trojan Horse in it. The employee could get the manager to use this application in his daily work. Unknowing to the manager, the application is copying all of the information that the manager is accessing to a location in the database that the employee has access to. Now the employee has access to information about other employees that he should not have had access to. If mandatory access controls instead of discretionary had been used this attack might have been averted. With mandatory access controls, the manager’s clearance level would not allow the classified data to be written to a lower Security level for the employee to access.
We found that there is no one complete solution to database security and that some issues will be hard to eliminate. Any organization that attempts to secure a database system, must consider the security of the overall environment including Communication channels, user access methods, the database itself, and any applications used to access the database. A well thought-out combination of hardware and software solutions needs to be implemented to make modern database systems more secure.