Bài giảng Bảo mật cơ sở dữ liệu: Security models trình bày các nội dung: Access control, types of Access control, mandatory access control, rules based access control, authentication methods, operating system authentication,... Mời các bạn cùng tham khảo.
Trang 2d Database Application Security Models
Discretionary/mandatory access control
Trang 3© FPT Software 3
Access control
• Access control is a security technique that can
be used to regulate who or what can view or use resources in a computing environment.
• Access control systems perform authorization
identification, authentication, access approval,
and accountability of entities through login
credentials includingpasswords, personal
identification numbers (PINs), biometric scans,
and physical or electronic keys.
Trang 4© FPT Software 4
Types of Access control
• There are two main types of access control:
– Physical,
– logical
• Physical access control limits access to campuses, buildings, rooms and physical IT assets
• Logical access limits connections to computer networks, system files and data.
Trang 5© FPT Software 5
Types of Access control
The four main categories of access control are:
• Mandatory access control
• Discretionary access control
• Role-based access control
• Rule-based access control
Trang 6© FPT Software 6
Mandatory access control (MAC)
system-controlled policy restricting access to resource
objects (such as data files, devices, systems,
etc.) based on the level of authorization or
clearance of the accessing entity, be it person,
process, or device.
• http://
searchsecurity.techtarget.com/definition/mandatory-access-control-MAC
Trang 7© FPT Software 7
Discretionary access control (DAC)
• Discretionary access control (DAC) is a type of
access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control )".
• Discretionary access control is commonly discussed in contrast to mandatory access control (MAC, sometimes
termed non-discretionary access control)
Trang 8© FPT Software 8
Role-based access control (RBAC)
• Role-based access control (RBAC) is a method of
regulating access to computer or network resources
based on the roles of individual users within an
Trang 9© FPT Software 9
Rules Based Access Control
• Rules Based Access Control is a strategy for managing
user access to one or more systems, where business
changes trigger the application of Rules, which specify
access changes.
• Implementation of Rules Based Access Control systems
is feasible so long as the number of triggering business
events and the set of possible actions that follow those
events are both small.
• - See more at:
http://hitachi-id.com/concepts/rules_based_access_control.html#sthas h.TJMhLiGM.dpuf
Trang 10© FPT Software 10
Authentication Methods
– Verifies user identity
– Permits access to the operating system
– Allows physical entrance to company property
– Magnetic cards and biometric measures
means
Trang 11© FPT Software 11
Authentication Methods
verifies holder of certificate
– Small electronic device
– Displays a number unique to the token holder; used with the
holder’s PIN as a password
– Uses a different password each time
Trang 12© FPT Software 12
Authentication Methods
– Also known as a security card or smart card
– Similar to a credit card; uses an electronic circuit instead of a
Trang 13© FPT Software 13
Authentication Methods
– Developed by the University of Michigan
– A centralized directory database stores:
• Users (user name and user ID)
Trang 14© FPT Software 14
Authentication Methods
– Developed and used by Microsoft
– Employs a challenge/response authentication protocol
– User keeps a private key
– Authentication firm holds a public key
– Encrypt and decrypt data using both keys
Trang 15© FPT Software 15
Authentication Methods
centralized authentication mechanism
information is transmitted over the network in an
encrypted form
– Password is not stored locally
– Invulnerable to brute force or dictionary attacks
Trang 16© FPT Software 16
Authorization
perform the functions they request
authenticated
Trang 17© FPT Software 17
Operating System Authentication
Microsoft SQL Server 2000)
depend on OS to
authenticate users
– Once an intruder is inside the
OS, it is easier to access the
Trang 18© FPT Software 18
User Administration
– Use a consistent naming convention
– Always provide a password to an account and force the user to
change it at the first logon
– Protect passwords
– Do not use default passwords
Trang 19© FPT Software 19
Creating a SQL Server User
system
SECURITYADMIN)
– Windows Integrated (trusted) login
– SQL Server login
Trang 20© FPT Software 20
Creating Windows Integrated Logins
– SP_GRANTLOGIN system stored procedure
– Can be associated local, domain, group usernames
– Use the Security container
– Logins -> New Login
Trang 21© FPT Software 21
Creating Windows Integrated Logins
Trang 22© FPT Software 22
Creating SQL Server Logins
– SP_ADDLOGIN system stored procedure
– Password is encrypted by default
– Specify a default database
– Security container
– Logins -> New Login
– SQL Server Authentication option
Trang 24© FPT Software 24
Removing Users
Trang 25– Highlight the desired login
– Choose Delete from the Action menu
Trang 26– Increasing a storage quota
Trang 27© FPT Software 27
SQL Server: Modifying Windows
Integrated Login Attributes
– SP_DEFAULTDB system stored procedure
– SP_DEFAULTLANGUAGE stored procedure
– Expand the security container
– Select desired login
– Properties (on the Action Menu)
Trang 28© FPT Software 28
Default Users
– SYS, owner of the data dictionary
– SYSTEM, performs almost all database tasks
– ORAPWD, creates a password file
– SA, system administrator
– BUILT_IN\Administrators
Trang 29© FPT Software 29
Remote Users
Trang 32© FPT Software 32
Linked Servers
– Object Linking and Embedding Database (OLEDB)
– Open Database Connectivity (ODBC)
the linked database
Trang 34© FPT Software 34
Best Practices
Trang 35© FPT Software 35
Best Practices
– Mimic Oracle’s recommended installation for UNIX
– Use local Windows or domain Windows accounts
Trang 36© FPT Software 36
Best Practices
– Mimic Oracle’s recommended installation for UNIX
– Use local Windows or domain Windows accounts
Trang 39© FPT Software 39
Password Policies
– Matches your company missions
– Enforced at all level of the organization
Trang 40© FPT Software 40
Defining and Using Profiles
– Describes limitation of database resources
– Defines database users behavior
– Prevents users from wasting resources
– Oracle does
– Microsoft SQL Server 2000 does not
Trang 41© FPT Software 41
Creating Profiles in SQL Server
2000 or 2005
application level within OLEDB
Trang 42© FPT Software 42
Designing and Implementing
Password Policies
passwords are harder to break
– Training
– Education
Trang 43© FPT Software 43
What Is a Password Policy?
– Enhances the robustness of a password
– Reduces the likelihood of password breaking
– Complexity
– Change frequency
– Reuse
Trang 44© FPT Software 44
Importance of Password Policies
strengthen authentication by adopting technological
measures that protect their assets
the company and raises employee awareness of
password protection
Trang 45© FPT Software 45
Designing Password Policies
Trang 46© FPT Software 46
Implementing Password Policies
– Integrated server system
– Windows authentication mode
– Challenge/response methodology
– Challenge is eight bytes of random data
– Response is a 24-byte DES-encrypted hash
Trang 47© FPT Software 47
Implementing Password Policies
– Integrated server system
– Windows authentication mode
– Challenge/response methodology
– Challenge is eight bytes of random data
– Response is a 24-byte DES-encrypted hash
Trang 48© FPT Software 48
Implementing Password Policies
– A key known by client and server encrypts handshake data
– Requires a Key Distribution Center (KDC)
– Tickets
– Time must be synchronized networkwide
Trang 49© FPT Software 49
Implementing Password Policies
Trang 51© FPT Software 51
Granting and Revoking User Privileges
operations
– System privileges:
• Granted only by a database administrator
• Granted by a user with administration privileges
– Object privileges:
• Granted to a user by the schema owner
• Granted by a user with GRANT privileges
Trang 52© FPT Software 52
Granting and Revoking User Privileges
Trang 53– Grant permission using the GRANT statement
– Revoke permission using the REVOKE statement
– Enterprise Manager
– Deny permission using the DENY statement
Trang 54© FPT Software 54
Granting and Revoking User Privileges
Trang 55© FPT Software 55
Granting and Revoking User Privileges
Trang 56© FPT Software 56
Granting and Revoking User Privileges
Trang 57© FPT Software 57
Granting and Revoking User Privileges
– Table and database objects privileges:
• GRANT, REVOKE, and DENY
• EXECUTE permission
• Enterprise Manager (3 methods)
– Column privileges:
• GRANT, REVOKE, and DENY
• Enterprise Manager (2 methods)
Trang 58© FPT Software 58
Creating, Assigning, and Revoking User
Roles
– Used to organize and administer privileges
– It is like a user, except it cannot own object
– Can be assigned privileges
– Can be assigned to users
Trang 59© FPT Software 59
Creating, Assigning, and Revoking User
Roles
– Standard and application
– Create roles using SP_ADDROLE system-stored procedure
– Add members to a role using SP_ADDROLEMEMBER stored
procedure
– Drop members from a role using SP_DROPROLEMEMBER
stored procedure
Trang 60© FPT Software 60
Creating, Assigning, and Revoking User
Roles
– User-defined roles (continued):
• Drop roles using SP_DROPROLE stored procedure
• Use Enterprise Manager
– Fixed server roles:
• Cannot be modified or created
• Add member to a role using SP_ADDSRVROLEMEMBER stored procedure
Trang 61© FPT Software 61
Creating, Assigning, and Revoking User
Roles
Trang 62© FPT Software 62
Creating, Assigning, and Revoking User
Roles
– Fixed server roles (continued):
• Drop members from a role using SP_DROPSRVROLEMEMBER stored procedure
• Use Enterprise Manager
– Fixed database roles:
• Cannot be modified
• Give access to database administrative tasks
• Add members to a role using SP_ADDROLEMEMBER stored procedure
Trang 63© FPT Software 63
Creating, Assigning, and Revoking User
Roles
Trang 64© FPT Software 64
Creating, Assigning, and Revoking User
Roles
– Fixed database roles (continued):
• Drop members from a role using SP_DROPROLEMEMBER stored procedure
• Use Enterprise Manager
– Public database role:
• Cannot be dropped
• Users automatically belong to this role
• Users cannot be dropped
Trang 65© FPT Software 65
Best Practices
– Never store passwords for an application in plaintext
– Change passwords frequently
– Use passwords at least eight characters long
– Pick a password that you can remember
– Use roles to control and administer privileges
– Report compromise or loss of a password
– Report any violation of company guidelines
Trang 66© FPT Software 66
Best Practices
– Never give your password to anyone
– Never share your password with anyone
– Never give your password over the phone
– Never type your password in an e-mail
– Make sure your password is complex enough
– Use Windows integrated security mode
– In Windows 2000/3 domain use domain users and take
advantage of Kerberos
Trang 67© FPT Software 67
Best Practices
– Require complex passwords with special characters in the first
seven bytes
– Require a password length of at least eight
– Set an account lockout threshold
– Do not allow passwords to automatically reset
– Expire end-user passwords
– Do not expire application-user passwords
– Enforce a password history
Trang 68– Enhances password robustness
– Reduces likelihood of password breaking
Trang 70© FPT Software 70
Best Practices
– Organize and administer privileges in an easy manner
– Role is like a user but cannot own objects
– Role can be assigned privileges
– GRANT and REVOKE
Trang 71© FPT Software 71
E-mail Security
Trang 72– Do not configure e-mail server on the same machine were
sensitive data resides
– Do not disclose technical details about the
e-mail server
Trang 73and writing actions
protects data
Trang 74the Security tab on a
file’s Properties dialog
box
– Allow indicates grant
– Deny indicates revoke
Trang 75© FPT Software 75
File Permissions
– Three permission settings: owner; group to which owner
belongs; all other users
– Each setting consist of rwx
• r for reading, w for writing, and x for executing
– CHMOD command used to change file permissions
Trang 76© FPT Software 76
File Transfer
– Internet service for transferring files from one computer to
another
– Transmits usernames and passwords in plaintext
– Root account cannot be used with FTP
– Anonymous FTP: ability to log on to the FTP server without
being authenticated
Trang 77© FPT Software 77
File Transfer
– Use Secure FTP utility if possible
– Make two FTP directories:
• One for uploads with write permissions only
• One for downloads with read permissions only
– Use specific accounts with limited permissions
– Log and scan FTP activities
– Allow only authorized operators
Trang 78© FPT Software 78
Sharing Files
over the Internet
– Malicious code
– Adware and spyware
– Privacy and confidentiality
– Pornography
– Copyright issues
Trang 79© FPT Software 79
Memory
– Stop using the program
– Apply a patch (service pack) to fix it
Trang 80© FPT Software 80
Covert channels
• MLS designed to restrict legitimate channels of
communication
• May be other ways for information to flow
• For example, resources shared at different
levels may signal information
• Covert channel : “communication path not
intended as such by system’s designers”
Trang 81© FPT Software 81
Covert Channel Example
• Alice has TOP SECRET clearance, Bob has
CONFIDENTIAL clearance
• Suppose the file space shared by all users
• Alice creates file FileXYzW to signal “1” to
Bob, and removes file to signal “0”
• Once each minute Bob lists the files
– If file FileXYzW does not exist, Alice sent 0
– If file FileXYzW exists, Alice sent 1
• Alice can leak TOP SECRET info to Bob!
Trang 82© FPT Software 82
Covert Channel Example
Alice:
Time:
Create file Delete file Create file Delete file
Bob: Check file Check file Check file Check file Check file
Data: 1 0 1 1 0
Trang 83© FPT Software 83
Covert Channel Example
• Other examples of covert channels
– Print queue
– ACK messages
– Network traffic, etc., etc., etc.
• When does a covert channel exist?
1. Sender and receiver have a shared resource
2. Sender able to vary property of resource that
receiver can observe
3. Communication between sender and receiver can
be synchronized
Trang 84© FPT Software 84
Covert Channel Example
• Covert channels exist almost everywhere
• Easy to eliminate covert channels…
– Provided you eliminate all shared resources and all
communication
• Virtually impossible to eliminate all covert
channels in any useful system
– DoD guidelines: goal is to reduce covert channel
capacity to no more than 1 bit/second
– Implication is that DoD has given up trying to
eliminate covert channels!
Trang 85© FPT Software 85
Covert Channel Example
• Consider 100MB TOP SECRET file
– Plaintext version stored in TOP SECRET place
– Encrypted with AES using 256-bit key, ciphertext
stored in UNCLASSIFIED location
• Suppose we reduce covert channel capacity
to 1 bit per second
• It would take more than 25 years to leak
entire document thru a covert channel
• But it would take less than 5 minutes to leak
256-bit AES key thru covert channel!
Trang 86© FPT Software 86
Inference Control Example
• Suppose we query a database
– Question: What is average salary of female CS
• Specific information has leaked from
responses to general questions!