Database Management System Security Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Data, is an extremely valuable resource, private companies and government institutions know this best of all, but as they develop their reliance on distributed data management systems, they become more and more vulnerable to breaches of security. A number of techniques exist, such as digital signatures, and encryption which aims to protect data when transmitted OTA, but a more robust approach for protecting data should also include a mechanism to secure data at local level, such as enforcing access control, which is also the responsibility of the DBMS. This document particularly focuses on not just malicious threats to DBMS, but also how insider misuse of the system intentional or otherwise, poses just as big a threat if not properly managed. The document also focuses on what can be achieved at DBMS level to enforce security.

Current Threats to Database Systems:

A recent list compiled by "Imperva Security Data-Centre" (2006) shows that there is a wide array of well known threats to database security, ranging from insider misuse of the system to the more recent edition of SQL injection and denial of service external attacks

[3] the main threats are listed below:

Excessive Privilege Abuse

Legitimate Privilege Abuse

Forced Privilege Elevation

Database Platform Vulnerabilities

Weak Authentication

SQL Injection

Denial of Service

Database Communication Protocol Vulnerabilities

Backup Data Exposure

The various threats are explained in more detail later in the document

A Secure database system requires 3 components: Security, Integrity and Availability.

Security - involves monitoring disclosure of certain information. This is extremely important in environments that deal with sensitive information (e.g. Forces, Intelligence agencies etc).

Integrity - Involves detecting, preventing, and deterring unauthorised changes of data. Effective security measures can ensure that the integrity of the data is not compromised. [9]

Availability - having a robust security policy will ensure that denial of service attacks cannot take place and enable the system to remain active. [9]

To enforce a robust security policy, consideration needs to be given to the applications that interface with the system and what a DBMS can do at local level to secure against the threats listed above.

Excessive & Legitimate Privilege Misuse:

When users or indeed applications are granted access privilege rights to a database, certain privilege levels must be defined and checked for. If privileges are incorrectly assigned to a user or system that would normally exceed the requirement for their role, use of the system could start to be abused, not only for intentionally malicious purposes, but also a lack of technical knowledge and access to sensitive data would enable an unwitting individual the ability to accidentally or intentionally cause damage to an entire system. [2, 4] To put this into context, an employee in a payroll office could use their needlessly excessive privilege level to access and manipulate financial information, or even change their access level, or indeed create other users, when they should only have access to address information. [3] A common reason for staff to have an excessively high privilege level is that the database administrator has not restricted the necessary account from the default setting, which could be abnormally higher than that required by a particular user. The whole concept of securing a system is bigger than the human user to database relationship alone, companies have various programs that form the basis of the system, and entities from distributed systems are respectively allowed access, a threat may come from anything that can interface with the system from anywhere. [5]

Access Controls/Authentication:

The usual way to enable access control for a database system is centred on the granting and revoking of privileges. A privilege allows a user the ability to control certain functionality of the system i.e. (Create, Read, Write and modify data) [5] A DBA has the ability to solve the privilege level issues as discussed previous, by implementing what is known as query-level access control. [5] This provides a mechanism that can restrict database user privileges to the minimum required, i.e. simple functionality such as (UPDATE, SELECT, etc.) With a sufficient access control mechanism in place it will prevent abuse of the system. By permitting or denying access to specific functionality, and reporting the attempt of misuse or violation, Query-level access control offers an extremely useful solution to detect privilege abuse legitimate or excessive by malicious employees. [5, 3] For larger organisations the prospect of granular altering of individual access roles as they constantly change over the years is too time consuming, so various application frameworks are available that provide an automated solution for enforcing query-level access control policies. [3] Certain features such as "Dynamic Profiling technology" and "learning algorithms" can create query-level usage profiles, each of these profiles stores usage patterns of a particular user. [2] Having correct privilege level policies in place can secure against intentional or accidental misuse of the system. There is a range of access controls and DBMS enforce the policies in different ways:

Discretionary Access Control (DAC)

Most well known database management systems offer a solution to managing privileges which use structured query language DAC supports full SQL and enables privileges to be issued to users by the GRANT and REVOKE SQL commands. DAC however has certain vulnerabilities; these are in the way that DAC enforces privileges. [5, 8] For example an unauthorised user of the system could gain access and manipulate or copy of a dataset by appending the ownership to an authorised user, the unauthorised user can then modify the data back to the original state without the knowledge of the authorised user.

Mandatory Access Control (MAC)

MAC is based on global system policies that ensure that the privilege level cannot be changed by individual users. Using this approach a database object is assigned a class and, each user is assigned a clearance level for a security class, rules are defined on writing and reading of database objects by users. [5] The database management system can determine whether a specific user has the necessary clearance to read or write to an object based on rules that involve the object security level and the clearance of the user. [9] This method makes the system much more secure and less prone to devious use.

Common Database Platform Vulnerabilities:

Vulnerabilities can be found in operating systems such as Windows etc and any additional services installed on a database server may lead to data loss, corruption, unauthorized access, or a denial of service. There are different native vulnerabilities in each DBMS and it is advisable to fully research each systems weaknesses and how to secure against existing internal and external threats, if planning to use a well known product. [8]

Preventing Vulnerabilities by Software Updates:

Protection of database assets requires a combination of regular software updates and the use of Intrusion Prevention Systems or (IPS). Vendors of certain DBMS software release updates periodically, which can eliminate vulnerabilities found over time. [8] But compatibility problems can sometimes prevent software updates altogether. This leaves certain systems and applications unsecure, and provide a backdoor into the system where malicious activity can take place. To address these problems, intrusion prevention systems can be implemented. IPS identifies attacks which are targeting known vulnerabilities. And inspects database traffic [9]

Threats to Web Data Centric Systems:

Most organisations now have a web database system of some kind that is accessible via a web front end, whether it is a shop or a magazine publication, it will usually be supported by a database hosted from a server. [9] There are many threats to consider when opting for a web system that communicates with a centralised database; one significant threat is SQL Injection. Using SQL injection an attacker could insert or (Inject) unauthorized statements into a vulnerable area of a web page (usually a form) [10]. Typically these vulnerable channels allow injected statements to be sent to the database where they are executed. Using this method, attackers can gain access to an entire database, and potentially access to the entire system.

Preventing an SQL Injection attack:

There are a number of techniques that can be used to effectively combat SQL injection, these are:

Intrusion prevention Systems (IPS)

Query-level access control

Event correlation

Carefully crafted Frameworks

Intrusion prevention systems are able to identify vulnerable stored procedures, but IPS on its own will not provide reliability because SQL injection strings are known for false positives. This means that without a method of correlation a security manager who relies on IPS alone would be continuously alerted to "possible" SQL injection attacks. [12] Using correlation it is possible to tie an SQL injection signature with a violation such as a query-level access control violation; this allows a real attack to be identified with pinpoint accuracy. [12] As discussed previous dynamic profiling will indentify a query (such as a SQL injection attack query) that does not match previously established user or application patterns and immediately flag it. (CAV) or correlated attack violation, groups' security violations originating from multiple detection layers in the system. By grouping multiple violations from the same user, the system is able to detect SQL injection with a degree of accuracy the process of preventing an SQL injection attack is dependent on all of the fore mentioned precautions being considered, neither one will work efficiently without the other. [12]

Denial of Service (DDOS)

Any organisation with databases attached to web centric system needs to properly secure it against the possibility of a denial of service attack. [9] A DDOS or distributed denial of service attack uses Bot-nets, which is a pool of thousands of compromised PCs that can be rented cheaply for malicious purposes. These Bot-nets run specific software that can send a bombardment of traffic to a desired location thus rendering any target system unusable. [9]


Backup & Recovery:


[1] T. Chumash "Detection and Prevention of Insider Threats in Database

Driven Web Services" Rutgers University, 2009, pp. 3-16

[2] P G. Neumann "Combating Internal Threats in Cyber Security"

Springer, 2010, pp. 10-29

[3] A. Shulman "Top Ten Database Security Threats" Imperva Data-centre

Whitepaper, 2006, pp. 3-14

[4] B.Jones "Security Threat Report 2012" Sophos Group Ltd.

2012, pp 9-31

[5] T. Connolly & C. Begg "Database Systems, a practical approach to design

Implementation and management" 2005, pp. 543-573

[6] P. Ward "Database Management Systems 2nd edition" Middlesex

University Press" 2008, pp. 206-230

[7] Multiple Authors "Database Security Tips for 2012" Application Security

Inc, 2012, pp.1-3

[8] C. Wilshusen, "Cyber-security Threats Impacting the Nation"

United States Government Accountability Office, 2012, pp. 5-20

[9] A. Silberschatz & F.Korth "Database system concepts, sixth edition"

McGraw Hill, 2011, pp. 284-312

[10] C. Coronel & S. Morris "Database systems, Design Implementation and

Management 9th Edition" 2011, SQL Injection pp. 608-610

[11] R. Elmasri & B. Navathe "Fundamentals of database management

Systems, Addison Wesley, 2003, pp. 748-760

[12] V. Venkateswaramma "An Effective Approach for Protecting Web

Databases from SQL Injection Attacks" International Journal of Scientific

& Engineering Research, 2012, pp. 1-5