CS317 File and Database Systemsmercury.pr.erau.edu/~siewerts/cs317/documents/Lectures/... · 2016....

November 14, 2016 Sam Siewert

CS317 File and Database Systems

Lecture 12 – DBMS Security Considerations

http://dilbert.com/strips/comic/2009-02-21/

http://dilbert.com/strips/comic/2009-02-21/

Reminders Assignment #4 Grading Now

Assignment #5, Physical DB Design – Reviewing TEAMS Assignment #6, DBMS Project of Your Interest – POSTED – Combine File System with DBMS (Unstructured, Structured) – Work with Dr. Haas’ Cybersecurity Students on BLOB DBMS – Combine Network Applications with DBMS in C/C++, JDBC, or

Python - http://www.mysql.com/products/connector/ – Explore ORDBMS and SQL:2011 Features – Use in DreamHome – Design Logical DBMS and Client Application (C/C++) – Build Your Own DBMS – B-Tree – Compare RDBMS (MySQL) to OODBMS (EyeDB, joodbms,

Ozone) – On VB-Linux Personal Install – Google BigQuery Alternative – Google Account for Big Data – *NoSQL Alternatives – MongoDB [* not all available open source]

on VB-Linux

Sam Siewert 2

http://www.mysql.com/products/connector/http://www.mysql.com/products/connector/http://www.eyedb.org/http://code.google.com/p/joodbms/https://cloud.google.com/bigquery/docs/reference/v2/http://nosql-database.org/http://www.mongodb.org/

GENERAL PLATFORM SECURITY

Security Primer

Sam Siewert 3

Authorization and Access Control By Session Login By File (permissions) By Directory Host to Network (Known host Ethernet address, WWID) By Execution Privilege Level (root or user) – “sudo” Authorized Users, Computers, and Applications Require Authentication – Proving you are who you claim you are – Producing a pass phrase, an answer to a challenge question – Key or smartcard – Providing biometric scan

Sam Siewert 4

Attacks on Security Cryptanalysis – Capture Encrypted Data (“Man in the middle”) – Capture Encryption code, key, or mechanism – Capture Decryption code, key, or mechanism – Analyze Examples to Deduce the Substitution and Transposition

Cypher Code mappings – Inverse Function

Defense – Very Large Cryptographic Hashing Functions – 128-bit, 256-bit or larger random number generators – Frequent Key Updates

Sam Siewert 5

Denial of Service Rather than Gaining Unauthorized Access, Deny Other Authorized Users Access – Bug System with 1000’s or Millions of Invalid Requests Per

Second – Flood Network with Bad Protocol or Packets – Cause Routing Loops, Crash Services Remotely on Purpose

Reason for Maximum Login Attempts – Withdraw Prompt for Password to A Particular Network Client or

Terminal – Invalidate a Username

Reason for Network Authentication of Clients – Block All Traffic for a Specific IP or Ethernet Address – Secure Physical Network Switches and Gateway Machines

Sam Siewert 6

http://en.wikipedia.org/wiki/Denial_of_service

Malware Software Designed to Harm a Client or Exploit a Known Bug – Trojan Horse – Present Free Software, an E-mail Application, Plug-In, or

other Method to Deliver an Application with Bad Intent User Agrees to Download without Authentication of Source or Verification of Code Data Digest (Unique Signature for Tested and Authentic Code) Beware of Free Software from Unknown Sources

– Virus – Application Code that Installs Itself on a Computer in Key Operating

System and Shared Data Locations Boot Code Commonly Used File system Code Transfer Malware via Shared Files, Networks, Disks (e.g. USB stick)

– Exploit – Find Buffer Overflow on Widely Used Operating System or

Networking Service to Exploit Buffer Overflow Provides Doorway to Modify Code Perfect Exploit in Private Lab, Release as Trojan Horse or Virus

– Rootkit – Gain Access and Install Monitoring Software or Create Second Administrator Prviliege Password and Account

Sam Siewert 7

http://en.wikipedia.org/wiki/Malware

Phishing Write A Program that Asks for a Password – Run this on a Public Computing System – Spoofing a Well-

known and Trusted Server – Collect Login Credentials from Users (Produce Error Messages)

Fake E-mail Requesting Credentials Fake Service or Business Front Impersonation of a Web Service (Re-direction of Traffic) E-mail Indicating your Are Over E-mail Quota Limits, Credit has Been Frozen, Etc. Followed by Request for Credentials Sam Siewert 8

http://en.wikipedia.org/wiki/Phishing

Newer Threats Continue to Emerge … Character Defamation – Impersonation of Web Presence to Defame a User Identity Theft – Creation of Accounts Using False Credentials Ransomware - http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx Cyber Attacks and Cyber Warfare – Malware Designed to Harm or Deny Service to Physical Systems

Using Process Control (Water, Power, Traffic Management, etc.) – Financial Sector Attacks – Discrediting a Company, Service

Disruption of Exchanges and Banking – Discrediting Governments, Spoofing, Replay Attacks

Sam Siewert 9

http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspxhttp://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

White-hat Sites, Historic Attacks https://www.defcon.org/, Wikipedia Overview on DEF CON https://www.eff.org/, Wikipedia on EFF http://www.kali.org/ , BackTrack, Security Admin Tool for Analyzing Networks Alleged Cyber-warfare attack – Stuxnet Motor Vehicle Attack Analysis – Wired and Wireless – http://www.autosec.org/pubs/cars-oakland2010.pdf – https://www.youtube.com/watch?v=oqe6S6m73Zw – https://www.youtube.com/watch?v=bHfOziIwXic

Database Attacks – Typically Stolen Account Information – Playstation Attack April 17-19, 2011- Sony Blamed Anonymous, but

Not Clear Who did it! – JP Morgan Database Breach – Home Depot Breach – Many More …

Sam Siewert 10

http://en.wikipedia.org/wiki/White_hat_%28computer_security%29http://en.wikipedia.org/wiki/White_hat_%28computer_security%29http://en.wikipedia.org/wiki/White_hat_%28computer_security%29https://www.defcon.org/http://en.wikipedia.org/wiki/DEF_CONhttps://www.eff.org/http://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://www.kali.org/http://en.wikipedia.org/wiki/BackTrackhttp://en.wikipedia.org/wiki/Security_Administrator_Tool_for_Analyzing_Networkshttp://en.wikipedia.org/wiki/Security_Administrator_Tool_for_Analyzing_Networkshttp://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnethttp://www.autosec.org/pubs/cars-oakland2010.pdfhttps://www.youtube.com/watch?v=oqe6S6m73Zwhttps://www.youtube.com/watch?v=bHfOziIwXichttp://en.wikipedia.org/wiki/PlayStation_Network_outagehttp://www.wired.com/2011/04/playstation_hack/http://spectrum.ieee.org/riskfactor/telecom/security/jp-morgan-chase-contact-data-of-76-million-households-and-7-million-small-businesses-compromised-http://spectrum.ieee.org/riskfactor/computing/it/home-depot-finally-admits-us-and-canadian-data-breach-compromised-56-million-payment-cards

Biggest Data Breaches

Sam Siewert 11

2014

Current (2016)

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Cybersecurity Some Databases for SOA (Service Oriented Architecture) with Cyberphysical Systems – Growing Trend for Intelligent Transportation and Vechicle

Telematics – E.g. On-Star System uses Oracle – DBMS Security not Just Records or Information Breaches

http://cybersecurity.ieee.org/ http://dev.mysql.com/doc/refman/5.0/en/security.html http://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html

Sam Siewert 12

http://www.oracle.com/us/corporate/profit/features/091610-onstar-176385.htmlhttp://cybersecurity.ieee.org/http://dev.mysql.com/doc/refman/5.0/en/security.htmlhttp://dev.mysql.com/doc/refman/5.0/en/security-against-attack.htmlhttp://dev.mysql.com/doc/refman/5.0/en/security-against-attack.html

Best General Defenses Encryption Used for Authentication, Data Exchange (e.g Secure Sockets), and to Sign and Verify All Updates and Upgrades Public Services, Ports, and Terminals Should be Limited – Only Necessary Services – SSH, SFTP – No Plaintext Services – FTP, Telnet

Routine Monitoring and Logging – Review all Connection Attempts and Login Attempts – Review Logs for Services that Crash and Restart – Installations, Updates, Upgrades – Signed Drivers – Modifications to Boot Code or CMOS/UEFI (Firmware)

Security Patches and Updates from Trusted Sources

Sam Siewert 13

Inside Threats Insiders with Physical Access to Machines and Networking Equipment – Log all Entry / Exit to/from Data center and labs – Cross-checks and Need-to-Know Limited Distributions of

Sensitive Data – No Password Sharing, Guest or Anonymous Accounts – Delete Access and Accounts for Severed Relationships – VPN – Virtual Private Network Remote Access (Encrypted and

Tunnels for Data from Authenticated Client to Host over SSL)

Limit Data Removal on Media File Permission and ACL (Access Control List) Maintenance Sam Siewert 14

Extreme Protection Private Network, No Public LAN Limited Physical Access (Vault) Strong Encryption (E.g. AES 256 – FIPS-197, or Larger Keys) AES Validation, Validation List Multi-method Authentication (Smartcard, Pass phrase, and Fingerprint) Compartmentalization - Limit Knowledge of Why Work is Being Done (Hide Global Purpose) Require Multiple Independent User Authentication – Combined Key or Pass Phrase Access that Requires Two Logins [E.g. mysql-workbench SSH tunnel] Quotas on Bandwidth, Storage, Download, Session Time, Intrusion Detection Monitors, Port Monitors

Sam Siewert 15

https://www.aescrypt.com/aes_information.htmlhttp://csrc.nist.gov/publications/fips/fips197/fips-197.pdfhttp://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdfhttp://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html

Encryption Methods Mathematical Hashing Functions

– One Way Hash Functions – Digital Signatures, Authentication codes, Hash tables, Fingerprints

– Not Reversible, but Valuable in Protocol 1 to 1 Transposition and Substitution Mapping Functions Reversible Mathematical Transforms Y=f(X), X=f(Y) Security Based on:

1. Algorithm – E.g. AES, Rijndael, RSA, PGP, DES, Triple-DES, … 2. Key Length (Bits), Cypher Block Chaining 3. Key Exchange Protocol (Public or Private)

Sam Siewert 16 http://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdf

http://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdfhttp://csrc.nist.gov/archive/aes/rijndael/wsdindex.htmlhttp://www.pgpi.org/doc/pgpintro/http://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdf

Basic Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function)

Sam Siewert 17

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

ssiewert@ssiewert-VirtualBox:~/a320/crypto$ ./a.out A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N A S I J K C M Q R F B D G H E L O P W T Z Y V U X TRANSLATE THIS! WONGPBNWJ WMQP! BETA>INTRODUCTION TO COMPUTERS QGWOHITSWQHG WH SHDETWJOP INTRODUCTION TO COMPUTERS BETA>abcdefghijklmnopqrstuvwxyz NASIJKCMQRFBDGHELOPWTZYVUX ABCDEFGHIJKLMNOPQRSTUVWXYZ BETA>exit JVQW EXIT

Basic Encryption - Transposition Permute Text Block (e.g. up to 10 characters at a time)

Sam Siewert 18

0 1 2 3 4 5 6 7 8 9

0 1 2 3 4 5 6 7 8 9

ssiewert@ssiewert-VirtualBox:~/a320/crypto$ ./a.out 0123456789ABCD 6275134908ABCD TRAN>introduction to computers utcdnroiitc o ntopomuters introduction to computers TRAN>abcdefghijklmnopqrstuvwxyz gchfbdejaiqmrplnotksuvwxyz abcdefghijklmnopqrstuvwxyz TRAN>exit exit exit

Basic Encryption – Early Automation Substitution with transposition – Enigma Code, U571

Sam Siewert 19

ssiewert@ssiewert-VirtualBox:~/a320/crypto$ ./crypt A B C D E F G H I J K L M N O P Q R S T U V W X Y Z N A S I J K C M Q R F B D G H E L O P W T Z Y V U X TRANSLATE THIS! WONGPBNWJ WMQP! NNWBOGP WJWMQP! CRYPT>abcdefghijklmnopqrstuvwxyz NASIJKCMQRFBDGHELOPWTZYVUX CSMKAIJRNQLDOEBGHWFPTZYVUX CRYPT>introduction to computers QGWOHITSWQHG WH SHDETWJOP TWSIGOHQQWS H GWHEHDTWJOP CRYPT>exit JVQW JVQW

http://en.wikipedia.org/wiki/Enigma_machinehttp://en.wikipedia.org/wiki/U-571_%28film%29#Historical_events

Symmetric Key Concepts Encryption Keys Can I encrypt and decrypt with the same key? With the substitution Key, Yes With the transposition Key, Yes This is a Symmetric Key System Sam Siewert 20

struct charmap submap[ALPHABET] = { {'A','N'}, {'B','A'}, {'C','S'}, {'D','I'}, {'E','J'}, {'F','K'}, {'G','C'}, {'H','M'}, {'I','Q'}, {'J','R'}, {'K','F'}, {'L','B'}, {'M','D'}, {'N','G'}, {'O','H'}, {'P','E'}, {'Q','L'}, {'R','O'}, {'S','P'}, {'T','W'}, {'U','T'}, {'V','Z'}, {'W','Y'}, {'X','V'}, {'Y','U'}, {'Z','X'} };

// 0 1 2 3 4 5 6 7 8 9 int transmap[BLOCK_SIZE]= {6, 2, 7, 5, 1, 3, 4, 9, 0, 8}; int detransmap[BLOCK_SIZE]={8, 4, 1, 5, 6, 3, 0, 2, 9, 7};

http://en.wikipedia.org/wiki/Symmetric-key_algorithm

Better Key Management? One Time Stack of Keys Exchanged in Private by Sender and Receiver in Advance – Agree to Use Different Symmetric Keys Based on

Day of Year or some Universal Coordination – Cycle Through 365 Different Keys

Attacker Can Still Capture Stack of Keys Better Approach is a Public-Private Key System, E.g. PGP Public Key Shared Public Key Used to Encrypt Only (Digital Signature) Private Key Used to Decrypt Only (Authentication, Plaintext Recovery) Key Exchange Protocol and Key Rings

Sam Siewert 21

http://en.wikipedia.org/wiki/Public-key_encryption

http://en.wikipedia.org/wiki/Public-key_encryptionhttp://en.wikipedia.org/wiki/Public-key_encryptionhttp://www.pgpi.org/

Summary Take a Cybersecurity Class – E.g. CI311 (Operations) and CS303 (Design/Implementation) Tutorial Papers – Big Iron Lessons 5 & 6 – http://www.snellgroup.com/documents/white-papers/white-paper-Good-

Old-Mathematics.pdf

In Practice Used by Egypt to Present Day – Cryptanalysis Time Should be Larger than the Time the Information is “Sensitive” or Private Assume All Codes Can Eventually Be Broken with Sufficient Computing and Man-in-Middle Samples [Change Keys, Pass Phrases, Passwords, etc. Often] Critical for Secure Military Communications – Considered a Munition, Export Controlled Security Features Should Be Designed In and Patched Often as Threats Emerge

Sam Siewert 22

http://catalog.erau.edu/prescott/security-intelligence/bachelors/cyber-intelligence-security/http://www.cse.uaa.alaska.edu/%7Essiewert/archive/IBM-Out-of-print/big-iron-5.pdfhttp://www.cse.uaa.alaska.edu/%7Essiewert/archive/IBM-Out-of-print/big-iron-6.pdfhttp://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdfhttp://www.snellgroup.com/documents/white-papers/white-paper-Good-Old-Mathematics.pdf

Embry Riddle Courses to Go Deeper

Sam Siewert 23

Take Away Encryption – Substitution – Transposition – cypher blocks – Mathematical Basis (mapping functions, random

number generation, large hashing functions, one-way and reversible)

Secure Systems – Authorization – Authentication and Access Control – Denial of Service – Trojan Horses, Malware, Exploits [E.g. Buffer

Overflow] Sam Siewert 24

DBMS SECURITY Chapter 20 - Security

Sam Siewert 25

26

Chapter - Objectives

The scope of database security. Why database security is a serious concern for an organization. The type of threats that can affect a database system.

27

Chapter - Objectives

How to protect a computer system using computer-based controls. The security measures provided by Microsoft Office Access and Oracle DBMSs. Approaches for securing a DBMS on the Web.

28

Database Security

Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential.

29

Database Security

Mechanisms that protect the database against intentional or accidental threats. Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database.

30

Database Security

Involves measures to avoid: – Theft and fraud – Loss of confidentiality (secrecy) – Loss of privacy – Loss of integrity – Loss of availability

31

Database Security

Threat – Any situation or event, whether intentional or unintentional,

that will adversely affect a system and consequently an organization.

32

Summary of Threats to Computer Systems

33

Typical Multi-user Computer Environment

34

Countermeasures – Computer-Based Controls

Concerned with physical controls to administrative procedures and includes: – Authorization – Access controls – Views – Backup and recovery – Integrity – Encryption – RAID technology

35


Authorization – The granting of a right or privilege, which enables a subject

to legitimately have access to a system or a system’s object. – Authorization is a mechanism that determines whether a user

is, who he or she claims to be.

36


Access control – Based on the granting and revoking of privileges. – A privilege allows a user to create or access (that is read,

write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities.

– Privileges are granted to users to accomplish the tasks required for their jobs.

37


Most DBMS provide an approach called Discretionary Access Control (DAC). SQL standard supports DAC through the GRANT and REVOKE commands. The GRANT command gives privileges to users, and the REVOKE command takes away privileges.

38


DAC while effective has certain weaknesses. In particular an unauthorized user can trick an authorized user into disclosing sensitive data. An additional approach is required called Mandatory Access Control (MAC).

39


DAC based on system-wide policies that cannot be changed by individual users. Each database object is assigned a security class and each user is assigned a clearance for a security class, and rules are imposed on reading and writing of database objects by users.

40


DAC determines whether a user can read or write an object based on rules that involve the security level of the object and the clearance of the user. These rules ensure that sensitive data can never be ‘passed on’ to another user without the necessary clearance. The SQL standard does not include support for MAC.

41

Popular Model for MAC (Mandatory Access Control) called Bell-LaPadula

http://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_modelhttp://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_modelhttp://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model

42


View – Is the dynamic result of one or more relational operations

operating on the base relations to produce another relation. – A view is a virtual relation that does not actually exist in the

database, but is produced upon request by a particular user, at the time of request.

43


Backup – Process of periodically taking a copy of the database and

log file (and possibly programs) to offline storage media.

Journaling – Process of keeping and maintaining a log file (or journal)

of all changes made to database to enable effective recovery in event of failure.

44


Integrity – Prevents data from becoming invalid, and hence giving

misleading or incorrect results.

Encryption – The encoding of the data by a special algorithm that renders

the data unreadable by any program without the decryption key.

45

Security for MySQL on PRClab Level 1 – SSH Login and/or Tunnel Authentication Level 2 – MySQL Authentication Level 3 – MySQL Grants and Privileges by DB

E.g. SSH Tunnel Setup for mysql-workbench

Generate SSH Keys on PRClab for your account – In directory .ssh Copy and paste id_rsa contents into file on your

PC

– Start up mysql-workbench on your PC and set up SSH Tunnel using id_rsa private key on your PC

Sam Siewert 46

Truncated for security purposes

https://help.github.com/articles/generating-ssh-keys/

SSH Tunnel Configuration

Sam Siewert 47

SSH Tunnel

PRClab Account

PRClab id_rsa

PRClab MySQL username

SSH Tunnel Connection to DB Enter PRClab Password Enter MySQL PRClab Server Password Now workbench is connected to PRClab MySQL Server over Tunnel

Sam Siewert 48

49

Setting the Insert, Select, and Update privileges

50

DBMSs and Web Security

Internet communication relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.

51


Must ensure while transmitting information over the Internet that: – inaccessible to anyone but sender and receiver

(privacy); – not changed during transmission (integrity); – receiver can be sure it came from sender

(authenticity); – sender can be sure receiver is genuine (non-

fabrication); – sender cannot deny he or she sent it (non-

repudiation).

52


Measures include: – Proxy servers – Firewalls – Message digest algorithms and digital signatures – Digital certificates – Kerberos – Secure sockets layer (SSL) and Secure HTTP (S-

HTTP) – Secure Electronic Transactions (SET) and Secure

Transaction Technology (SST) – Java security – ActiveX security

53

How Secure Electronic Transactions (SET) Works

CS317�File and Database SystemsRemindersGeneral Platform SecurityAuthorization and Access ControlAttacks on SecurityDenial of ServiceMalwarePhishingNewer Threats Continue to Emerge …White-hat Sites, Historic AttacksBiggest Data BreachesCybersecurityBest General DefensesInside ThreatsExtreme ProtectionEncryption MethodsBasic Encryption - SubstitutionBasic Encryption - TranspositionBasic Encryption – Early AutomationSymmetric Key ConceptsBetter Key Management?SummaryEmbry Riddle Courses to Go DeeperTake AwayDBMS SecurityChapter - ObjectivesChapter - ObjectivesDatabase SecurityDatabase SecurityDatabase SecurityDatabase SecuritySummary of Threats to Computer SystemsTypical Multi-user Computer EnvironmentCountermeasures – Computer-Based ControlsCountermeasures – Computer-Based Controls Countermeasures – Computer-Based Controls Countermeasures – Computer-Based Controls Countermeasures – Computer-Based Controls Countermeasures – Computer-Based Controls Countermeasures – Computer-Based Controls Popular Model for MAC (Mandatory Access Control) called Bell-LaPadulaCountermeasures – Computer-Based ControlsCountermeasures – Computer-Based ControlsCountermeasures – Computer-Based ControlsSecurity for MySQL on PRClabE.g. SSH Tunnel Setup for mysql-workbenchSSH Tunnel ConfigurationSSH Tunnel Connection to DBSetting the Insert, Select, and Update privilegesDBMSs and Web SecurityDBMSs and Web SecurityDBMSs and Web SecurityHow Secure Electronic Transactions (SET) Works

CS317 File and Database Systemsmercury.pr.erau.edu/~siewerts/cs317/documents/Lectures/... · 2016....

Documents

Transcript of CS317 File and Database Systemsmercury.pr.erau.edu/~siewerts/cs317/documents/Lectures/... · 2016....