1 / 0

ACCESS CONTROL AND ENCRYPTİON

ACCESS CONTROL AND ENCRYPTİON. Betül Arı 2007101336. Access control overview. Access Controls: The security features that control how users and systems communicate and interact with one another. Access: The flow of information between subject and object

dacia
Download Presentation

ACCESS CONTROL AND ENCRYPTİON

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ACCESS CONTROL AND ENCRYPTİON

    Betül Arı 2007101336
  2. Access controloverview Access Controls: The security features that control how users and systems communicate and interact with one another. Access: The flow of information between subject and object Subject: An active entity that requests access to an object or the data in an object Object: A passive entity that contains information
  3. What is accesscontrol? Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.
  4. Access controltypes Discretionary Access Control Mandatory Access Control Role-Based Access Control
  5. Individuals Resources Server 1 Server 2 Server 3 Discretionary AC Restricts access to objects based solely on the identity of users who are trying to access them. Applicationaccesslist Name Access Tom Yes John No Cindy Yes
  6. Mandatoryaccesscontrol MAC mechanisms assign a security level to all information, assign a security clearance to each user, and ensure that all users only have access to that data for which they have a clearance. Itprovidesbettersecuritythandiscretionaryaccesscontrol.
  7. Mandatoryaccesscontrol Individuals Resources Server 1 “Top Secret” Server 2 “Secret” Server 3 “Classified”
  8. Role basedaccesscontrol A user has access to an object based on the assigned role. Roles are defined based on job functions. Permissions are defined based on job authority and responsibilities within a job function. Operations on an object are invocated based on the permissions. The object is concerned with the user’s role and not the user.
  9. Role 1 Role 2 Role 3 Role basedaccesscontrol Individuals Roles Resources Server 1 Server 2 Server 3 User’s change frequently, Roles don’t
  10. Access controlfordatabases Challenges: Multiple operations: select (read), insert/update/delete (write), reference, create trigger, execute stored procedure, create tables, ... Table-level access control is too coarse-grained, cell-level access control is too tedious (more on that later) SQL has standardized access control policy definition language Security model developed by Griffiths and Wade in 1976
  11. Application b Access Control Rules Database User a b Targetsforattack Database applications often need to serve multiple users Programmers often give their applications elevated privileges
  12. Quick SQL overview Creating tables: createtabletable_name ( column1 type1, column2 type2, ... ); Deleting tables: droptabletable_name;
  13. Quick SQL overview Querying tables: select column1, column2 fromtable_name; or select * fromtable_name; Conditions: select columns fromtable_namewhere condition;
  14. Quick SQL overview Inserting new rows: insertintotable_namevalues (value1, value2); or insertintotable_nameset column1=value1, column2=value2, ...; Updating rows: updatetable_nameset column1=value1 where condition;
  15. Quick SQL overview Deleting rows: deletefromtable_namewhere condition; Set values in conditions: select * fromtable_namewhere column in (select_statement); or select * fromtable_namewhere column in (value1, value2, ...);
  16. Quick SQL overview Joining tables: select * from table1, table2 where table1.attribute1 = table2.attribute2;
  17. SQL grantsyntax grantprivilege_liston resource touser_list; Privileges include select, insert, etc. Resource may be a table, a database, a function, etc. User list may be individual users, or may be a user group
  18. Exampleapplication Alice owns a database table of company employees: name varchar(50), ssnint, salary int, email varchar(50) Some information (ssn, salary) should be confidential, others can be viewed by any employee.
  19. Simpleaccesscontrolrules Suppose Bob needs access to the whole table (but doesn’t need to make changes): grant select on employee to bob; Suppose Carol is another employee, who should only access public information: grant select(name,email) on employee to carol;
  20. Creatingviews Careful with definitions! A subset of the database to which a user has access, or: A virtual table created as a “shortcut” query of other tables View syntax: createviewview_nameasquery_definition; Querying views is nearly identical to querying regular tables
  21. Viewbasedaccesscontrol Alternative method to grant Carol access to name and email columns: createviewemployee_publicasselectname,emailfrom employee; grantselectonemployee_publicto carol;
  22. Rowlevelaccesscontrol Suppose we also allow employees to view their own ssn, salary: createviewemployee_Carolasselect * from employee where name='Carol'; grantselectonemployee_Carolto carol; And we allow them to update their e-mail addresses: grantupdate(email) onemployee_Carolto carol; (Or create yet another new view…)
  23. “Withgrantoption” grantprivilege_liston resource touser_listwithgrantoption; Allows other users to grant privileges, including “with grant option” privileges Can grant subset privileges too Alice: grantselecton table1 to bob withgrantoption; Bob: grantselect(column1) on table1 to carol withgrantoption;
  24. SQL revokesyntax revokeprivilege_liston resource fromuser_list; If you revoke from user the privilege that you granted using the WITH GRANT OPTION keyword, you sever the chain of privileges. That is, when you revoke privileges from user, you automatically revoke the privileges of all users who received privileges from user or from the chain that user created (unless user, or the users who received privileges from user, were granted the same set of privileges by someone else).
  25. Disadvantages to SQL Model Too many views to create Tedious for many users, each with their own view View redefinitions that change the view schema require dropping the view, redefining, then reissuing privileges
  26. Disadvantages (cont) Complicated policy logic can be difficult to express and to update Update anomalies Updates need to be made in multiple places If any steps are forgotten, the database is in an inconsistent state e.g. Suppose we have an employees table, and all managers in this table get special update privileges.
  27. Database Query Table policy function VPD function evaluator User name Other data App-defined context Rewritten query Virtual Private Databases Security model for Oracle A virtual private database or VPD masks data in a larger dartabaseso that security allows only the use of apparently private data. Separate departments and/or individuals transparently see and manipulate data specific to their needs and to their securityclassifications. Policies are user-defined functions that return a condition for an SQL whereclause Oracle 05
  28. Why VPD? Scalability Table Customers contains 1,000 customer records. Suppose we want customers to access their own records only. Using views, we need to create 1,000 views. Using VPD, it can be done with a single policy function. Simplicity Say, we have a table T and many views are based on T. Suppose we want to restrict access to some information in T. Without VPD, all view definitions have to be changed. Using VPD, it can be done by attaching a policy function to T; as the policy is enforced in T, the policy is also enforced for all the views that are based on T.
  29. Oracle VPD How does it work? When a user accesses a table (or view or synonym) which is protected by a VPD policy (function), The Oracle server invokes the policy function. The policy function returns a predicate, based on session attributes or database contents. The server dynamically rewrites the submitted query by appending the returned predicate to the WHERE clause. The modified SQL query is executed.
  30. Features Functions are executed each time the table is accessed. Multiple functions can be attached to a table. Different functions can be defined depending on: Operation (read vs. write) Columns being accessed
  31. Key Points Access control for databases requires scalability SQL standard: grant, revoke with grant option view-based access control Oracle VPD policy functions
  32. Databasesecurity Database system security must worry about DB + … Secure Database Secure applications Secure DBMS Secure operating system in relation to database system Secure web server in relation to database system Secure network environment in relation to database system
  33. Types of informationcontrol Access control Auditing Authentication Encryption Integrity controls Backups Application security
  34. Threats External Threats Hackers breach a software company’s website, stealing credit card information. Internal Threats A disgruntled employee accesses confidential salary information and distributes it. Physical threats Thieves strike a data center.
  35. Example Of Threats Stolen 55,000 credit card records from the database of CreditCards.com by Mexus.
  36. Encryption Encryption is theprocess of transforminginformation using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process isencrypted information. DB Encryption can be divided into Data-in-transit and Data-at-rest Encryption is useful as a last layer of defense (defense in depth). Should never be used as an alternative solution. Encryption should be used only when needed
  37. Database encryption What is Database encryption? Protect data from compromise and abuse. How does it work? Credit Card Number 011112345677999 1234567890123456 Encrypted Credit Card Number + 04wØ×1ve Encryption Algorithm Encryption Key +
  38. Inside DBMS Advantages and Disadvantages Least impact on application Security vulnerability-encryption key stored in database table. Performance degradation To separate keys, additional hardware is required like HSM. Outside DBMS Advantages and Disadvantages Remove computational overhead from DBMS and application servers. Separate encrypted data from encrypted key. Communication overhead. Must administer more servers. Encryption Strategy
  39. Is database encryption enough? Compromising with web server. Hacking while transfer(MITM) Solution Additional security practices such as SSL and proper configuration of firewall.
  40. Encryption Encrypting Data-in-transit as it is transmitted between client-server. Encrypting Data-at-rest Storing data in the database as encrypted.
  41. Encrypting Data-in-transit Almost all modern encryption methods rely on a key − a particular number or string ofcharacterswhich are used to encrypt, decrypt, or both. 1)Privatekeyencryption 2)Publickeyencryption
  42. Privatekeyencryption Private key encryption is the standard form. Both parties share an encryption key, and the encryption key isalso the one used to decrypt the message. The difficulty is sharing the key before you start encrypting themessage − how do you safely transmit it? Many private key encryption methods use public key encryption to transmit the private key for each datatransfer session. If clientand server want to use private key encryption to share a secret message, they would each use a copy ofthe same key. Client writes his message to server and uses their shared private key to encrypt the message. Themessage is then sent to server. Server uses her copy of the private key to decrypt the message. Private keyencryption is like making copies of a key. Anyone with a copy can open the lock. In the case of clientand server, their keys would be guarded closely because they can both encrypt and decrypt messages.
  43. PublicKeyencryption Public key encryption uses two keys − one to encrypt, and one to decrypt. The sender asks the receiver for theencryption key, encrypts the message, and sends the encrypted message to the receiver. Only the receiver canthen decrypt the message − even the sender cannot read the encrypted message. When oneparty wants to share a secret with anotherparty using public key encryption, it first asks anotherparty for her public key. Next, it uses otherparties public key to encrypt the message. In public key encryption, only otherparties privatekey can unlock the message encrypted withits public key. It sends his message to otherparty. Otherparty uses itsownprivate key to decrypt its message. The things that make public key encryption work is that otherparty very closely guards own private key and freelydistributes its public key. Theparty knows that it will unlock any message encrypted with its public key
  44. Encrypting Data-at-rest Encrypting Data-at-rest There are two reasons to do this Protect it from DBAs. Protect from File or Disk Theft.
  45. Encrypting Data-at-rest Encrypting at Application Layer Must do it at multiple locations from within app. Data can only be used from within application Encrypting at File System/Operating System Layerless flexible. Requires you to encrypteverything. Performance degrades Weak for handling Disk Theft problem. Protects data as long as it is on the filesystem that supports encryption: once the data is copied, the protection is lost.  For example, if a DBA copies backups to optical media than they become cleartext and unprotected. Encrypting within Database Usually, most practical option
  46. Limitations of encryption The process of attempting to read the encrypted message without the key, is very mucheasier with modern computers than it has ever been before. Modern computers are fast enough to allow for'brute force' methods of cryptanalysis − or using every possible key in turn until the 'plain text' version of themessage is found. The longer the key, the longer it takes to use the 'brute force' method of cryptanalysis − but it also makes theprocess of encrypting and decrypting the message slower. Key length is very important to the security of theencryption method − but the 'safe' key length changes every time CPU manufacturers bring out a newprocessor. Encryption does not make your data secure. Not using encryption, however, means that any data in transit isas easy to read as the contents of a postcard, sent in regular mail. Encryption at least ensures that anyone whodoes read your messages has worked hard at it.
  47. Thankyouforlistening….
  48. References http://tldp.org/REF/INTRO/SecuringData-INTRO.pdf http://www.cs.uiuc.edu/class/fa07/cs461/slides/DBSecurity.ppt http://homes.cerias.purdue.edu/~bhargav/cs526/security-12.ppt http://www.cs.uiuc.edu/class/sp07/cs498cag/slides/463.5.1%20DB%20Access%20Co http://webcache.googleusercontent.com/search?q=cache:5xor07WaifoJ:www.dba-oracle.com/security/vpd_policy.htm+logging+policy+vpd&cd=7&hl=tr&ct=clnk&gl=tr
More Related