Computer Security:

Principles and Practice

Fourth Edition

By: William Stallings and Lawrie Brown

Chapter 5
Database and
Data Center Security
Database There is a dramatic
imbalance between the

Security complexity of modern

database management
systems (DBMS) and the
security technique used
to protect these critical
The increasing systems Databases have a
reliance on cloud sophisticated
technology to host interaction
part or all of the protocol,
Structured Query
corporate database Reasons
Language (SQL),
database security which is complex
has not kept pace
with the
increased
reliance on
Most enterprise environments databases are:
consist of a heterogeneous Effective database
mixture of database platforms, security requires a
enterprise platforms, and OS strategy based on a
platforms, creating an full understanding
additional complexity hurdle of the security
for security personnel vulnerabilities of
The typical SQL
organization lacks
full-time database
security personnel
 Databases
 Structured collection of data stored
for use by one or more applications
Database management system
 Contains the relationships between (DBMS)
data items and groups of data items • Suite of programs for
constructing and maintaining
 Can sometimes contain sensitive the database
• Offers ad hoc query facilities
data that needs to be secured
to multiple users and
applications
Query language
 Provides a uniform interface to the
database for users and applications
 Relational Databases
 Table of data consisting of rows and columns
 Each column holds a particular type of data
 Each row contains a specific value for each column
 Ideally has one column where all values are unique, forming an identifier/key for that
row

 Enables the creation of multiple tables linked together by a

unique identifier that is present in all tables
 Use a relational query language to access the database
 Allows the user to request data that fit a given set of criteria
 Relational Database
Elements
Primary key
• Uniquely identifies a row
 Relation • Consists of one or more column names
 Table/file
 Tuple Foreign key
 Row/record • Links one table to attributes in another
 Attribute
 Column/field View/virtual table
• Result of a query that returns selected
rows and columns from one or more
tables
• Views are often used for security
purposes
 Table 5.1
Basic Terminology for Relational Databases
 Structured Query Language
(SQL)
 Standardized language to define schema, manipulate, and
query data in a relational database
 Several similar versions of ANSI/ISO standard
 All follow the same basic syntax and semantics

SQL statements can be used to:

• Create tables
• Insert and delete data in tables
• Create views
• Retrieve data with query statements
 SQL Injection Attacks
(SQLi)
• One of the most prevalent • Most common attack goal is
and dangerous network- bulk extraction of data
based security threats

• Depending on the
• Designed to exploit the environment SQL injection
nature of Web application can also be exploited to:
pages o Modify or delete data
o Execute arbitrary operating system
commands
• Sends malicious SQL o Launch denial-of-service (DoS)
attacks
commands to the database
server
 Injection Technique

The SQLi attack typically works by prematurely

terminating a text string and appending a new command
Because the inserted command may have additional strings appended to
it before it is executed the attacker terminates the injected string with a
comment mark “- -”

Subsequent text is ignored at execution time

 SQLi Attack Avenues
User input
• Attackers inject SQL commands by providing suitable crafted user input

Server variables
• Attackers can forge the values that are placed in HTTP and network headers and exploit this
vulnerability by placing data directly into the headers

Second-order injection
• A malicious user could rely on data already present in the system or database to trigger an SQL
injection attack, so when the attack occurs, the input that modifies the query to cause an attack
does not come from the user, but from within the system itself

Cookies
• An attacker could alter cookies such that when the application server builds an SQL query based
on the cookie’s content, the structure and function of the query is modified

Physical user input

• Applying user input that constructs an attack outside the realm of web requests
 Inband Attacks
• Uses the same communication channel for injecting SQL code and
retrieving results
• The retrieved data are presented directly in application Web page
• Include:

End-of-line Piggybacked
Tautology
comment queries
After injecting code
The attacker adds
This form of attack into a particular
additional queries
injects code in one field, legitimate
beyond the
or more conditional code that follows
intended query,
statements so that are nullified
piggy-backing the
they always through usage of
attack on top of a
evaluate to true end of line
legitimate request
comments
 Inferential Attack
• There is no actual transfer of data, but the attacker is able to
reconstruct the information by sending particular requests and
observing the resulting behavior of the Website/database
server
• Include:
o Illegal/logically incorrect queries
• This attack lets an attacker gather important information about the type
and structure of the backend database of a Web application
• The attack is considered a preliminary, information-gathering step for
other attacks
o Blind SQL injection
• Allows attackers to infer the data present in a database system even
when the system is sufficiently secure to not display any erroneous
information back to the attacker
 Out-of-Band Attack
• Data are retrieved using a different channel

• This can be used when there are limitations on information

retrieval, but outbound connectivity from the database server
is lax
 SQLi Countermeasures
• Three types:

Detection
• Manual defensive • Check queries at
coding practices runtime to see if they
• Parameterized query • Signature based conform to a model of
insertion • Anomaly based expected queries
• SQL DOM • Code analysis

Defensive Run-time
coding prevention
 Database Access Control
Database access control Can support a range of
system determines: administrative policies

Centralized administration
If the user has access to the entire database • Small number of privileged users may grant and
or just portions of it revoke access rights

Ownership-based administration
What access rights the user has (create, • The creator of a table may grant and revoke access
insert, delete, update, read, write) rights to the table

Decentralized administration
• The owner of the table may grant and revoke
authorization rights to other users, allowing them to
grant and revoke access rights to the table
 SQL Access Controls
• Two commands for managing access rights:
• Grant
o Used to grant one or more access rights or can be used to assign a user
to a role
• Revoke
o Revokes the access rights

• Typical access rights are:

• Select
• Insert
• Update
• Delete
• References
Role-Based Access Control
(RBAC)
• Role-based access control eases administrative burden and improves security

• A database RBAC needs to provide the following capabilities:

• Create and delete roles
• Define permissions for a role
• Assign and cancel assignment of users to roles
• Categories of database users:

Application owner End user Administrator

• An end user who owns • An end user who operates on • User who has administrative
database objects as part of an database objects via a responsibility for part or all of
application particular application but does the database
not own any of the database
objects
Table 5.2

Fixed
Roles
in
Microsoft
SQL
Server

(Table is on page 165 in

the textbook)
 Inference Detection
Approach removes an inference
channel by altering the database
structure or by changing the
access control regime to prevent
inference
Inference detection
during database design

Techniques in this category often

result in unnecessarily stricter
access controls that reduce
availability

Two approaches

Approach seeks to eliminate an

inference channel violation
during a query or series of
queries

Inference detection
at query time

If an inference channel is
detected, the query is denied or
altered

• Some inference detection algorithm is needed for either of these approaches

• Progress has been made in devising specific inference detection techniques for multilevel secure
databases and statistical databases
 Database Encryption
The database is typically the most valuable information resource for any
organization
 Protected by multiple layers of security
Firewalls, authentication, general access control systems, DB access control systems, database
encryption
Encryption becomes the last line of defense in database security
 Can be applied to the entire database, at the record level, the attribute level, or level of
the individual field
Disadvantages to encryption:
 Key management
Authorized users must have access to the decryption key for the data for which they have access
 Inflexibility
When part or all of the database is encrypted it becomes more difficult to perform record
searching
Data Center Security
• Data center:
o An enterprise facility that houses a large number of servers, storage devices,
and network switches and equipment
o The number of servers and storage devices can run into the tens of thousands
in one facility
o Generally includes redundant or backup power supplies, redundant network
connections, environmental controls, and various security devices
o Can occupy one room of a building, one or more floors, or an entire building

• Examples of uses include:

o Cloud service providers
o Search engines
o Large scientific research facilities
o IT facilities for large enterprises
 TIA-492
• The Telecommunications Industry Association (TIA)
• TIA-492 (Telecommunications Infrastructure Standard for Data
Centers) specifies the minimum requirements for telecommunications
infrastructure of data centers
• Includes topics such as:
• Network architecture
• Electrical design
• File storage, backup, and archiving
• System redundancy
• Network access control and security
• Database management
• Web hosting
• Application hosting
• Content distribution
• Environmental control
• Protection against physical hazards
• Power management
Table 5.4

Data Center
Tiers
Defined in
TIA-942

(Table is on page 177 in textbook)

 Summary
• The need for database • Database access control
security • SQL-based access definition
• Database management • Cascading authorizations
• Role-based access control
systems
• Inference
• Relational databases
• Elements of a relational database • Database encryption
system
•
• Data center security
Structured Query Language
• Data center elements
• SQL injection attacks • Data center security considerations
• A typical SQLi attack • TIA-492
• The injection technique
• SQLi attack avenues and types
• SQLi countermeasures