Database Security means keeping sensitive information safe and prevent the loss of data.

Security of data
base is controlled by Database Administrator (DBA).
The following are the main control measures are used to provide security of data in databases:
1. Authentication
2. Access control
3. Inference control
4. Flow control
5. Database Security applying Statistical Method
6. Encryption
These are explained as following below.
1. Authentication :
Authentication is the process of confirmation that whether the user log in only according to the
rights provided to him to perform the activities of data base. A particular user can login only up
to his privilege but he can’t access the other sensitive data. The privilege of accessing sensitive
data is restricted by using Authentication.
By using these authentication tools for biometrics such as retina and figure prints can prevent
the data base from unauthorized/malicious users.
2. Access Control :
The security mechanism of DBMS must include some provisions for restricting access to the
data base by unauthorized users. Access control is done by creating user accounts and to control
login process by the DBMS. So, that database access of sensitive data is possible only to those
people (database users) who are allowed to access such data and to restrict access to
unauthorized persons.
The database system must also keep the track of all operations performed by certain user
throughout the entire login time.
3. Inference Control :
This method is known as the countermeasures to statistical database security problem. It is used
to prevent the user from completing any inference channel. This method protect sensitive
information from indirect disclosure.
Inferences are of two types, identity disclosure or attribute disclosure.
4. Flow Control :
This prevents information from flowing in a way that it reaches unauthorized users. Channels
are the pathways for information to flow implicitly in ways that violate the privacy policy of a
company are called convert channels.
5. Database Security applying Statistical Method :
Statistical database security focuses on the protection of confidential individual values stored in
and used for statistical purposes and used to retrieve the summaries of values based on
categories. They do not permit to retrieve the individual information.
This allows to access the database to get statistical information about the number of employees
in the company but not to access the detailed confidential/personal information about the
specific individual employee.
6. Encryption :
This method is mainly used to protect sensitive data (such as credit card numbers, OTP
numbers) and other sensitive numbers. The data is encoded using some encoding algorithms.
 An unauthorized user who tries to access this encoded data will face difficulty in decoding it,
but authorized users are given decoding keys to decode data.

MANDATORY ACCESS CONTROL

Mandatory access controls prevent some types of Trojan horse attacks by imposing access restrictions
that cannot be bypassed, even indirectly. Under mandatory controls, the system assigns both subjects and
objects special security attributes that cannot be changed on request as can discretionary access control
attributes such as access control lists. The system decides whether a subject can access an object by
comparing their security attributes. A program operating on behalf of a user cannot change the security
attributes of itself or of any object-including objects that the user owns. A program may therefore be unable
to give away a file simply by giving other users access to it. Mandatory controls can also prevent one process
from creating a shared file and passing information to another process through that file.
Many different mandatory access control schemes can be defined, but nearly all that have been
proposed are variants of the U.S. Department of Defense's multilevel security policy. Consequently, it is
difficult to discuss mandatory controls apart from multilevel security. A few general concepts, however,
apply to all mandatory policies. Mandatory controls are used in conjunction with discretionary controls and
serve as an additional (and stronger) restriction on access. A subject may have access to an object only if the
subject passes both discretionary and mandatory checks. Since users cannot directly manipulate mandatory
access control attributes, users employ discretionary controls for their own protection from other users.
Mandatory controls come into play automatically as a stronger level of protection that cannot be bypassed
by users through accidental or intentional misuse of discretionary controls.

MULTILEVEL SECURITY
The idea of multilevel security originated in the late 1960s when the U.S. Department of Defense decided it
needed to develop some way of protecting classified information stored in computers (Ware 1970). Until
that time it was against regulations to process classified information on a system to which uncleared people
had access, because no machine was trusted to protect the classified data. Today the situation is not much
different, but it should change as systems supporting mandatory controls become more widely available.
Military Security Policy
The Department of Defense has a strict policy for manually handling and storing classified information,
which we will call the military security policy. All information (usually in the form of a
document) possesses a classification, and every person possesses a clearance. In order to determine whether
a person should be allowed to read a document, the person's clearance is compared
to the document's classification.
A classification or clearance is made up of two components:
• A security level (also called sensitivity level or just level), consisting of one of a handful of
names such as UNCLASSIFIED, CONFIDENTIAL, SECRET, and Top SECRET
• A set of one or more categories (also called compartments), consisting of names such as
NATO and NUCLEAR from among a very large number of possible choices used within the
Department of Defense
A classification contains a single security level, while its category set may contain an arbitrary
number of categories. We will write a classification as a security level name followed by a list of
category names: {SECRET; NATO,NUCLEAR,CRYPTO}. In practice the category set is often
empty, and it is rarely larger than a handful of names.
The purpose of the multilevel security policy is to prevent compromise, whereby a user is able
to read information classified at a level for which he or she is not cleared. In particular, the policy
says nothing about the modification or destruction of information.
The military classification scheme has many parallels in industry, even though the terms used
in industry are different (Clark and Wilson 1987; Lipner 1982). Although industry does not usually employ
the concept of hierarchical security levels, most of the theory and practice for handling classified information
in a computer are directly applicable to techniques for handling
commercially sensitive or “privacy” information. Because a great deal of research has gone into
automating the military security policy, and because the concepts are well-defined, we will continue to use
terms such as SECRET and TOP SECRET. You can directly map these onto terms
used in industry such as PRIVILEGED and COMPANY CONFIDENTIAL. An industry parallel
to categories might be the division of a company into departments (ACCOUNTING, PAYROLL,
PERSONNEL, and so on), subsidiaries, and various product development groups.

Database users are categorized based up on their interaction with the data base.
These are seven types of data base users in DBMS.
1. Database Administrator (DBA) :
Database Administrator (DBA) is a person/team who defines the schema and also controls the 3 levels
of database.
The DBA will then create a new account id and password for the user if he/she need to access the data
base.
DBA is also responsible for providing security to the data base and he allows only the authorized users
to access/modify the data base.
• DBA also monitors the recovery and back up and provide technical support.
• The DBA has a DBA account in the DBMS which called a system or superuser account.
• DBA repairs damage caused due to hardware and/or software failures.

2. Naive / Parametric End Users :

Parametric End Users are the unsophisticated who don’t have any DBMS knowledge but they
frequently use the data base applications in their daily life to get the desired results.
For examples, Railway’s ticket booking users are naive users. Clerks in any bank is a naive user
because they don’t have any DBMS knowledge but they still use the database and perform their given
task.
3. System Analyst :
System Analyst is a user who analyzes the requirements of parametric end users. They check whether
all the requirements of end users are satisfied.
4. Sophisticated Users :
Sophisticated users can be engineers, scientists, business analyst, who are familiar with the database.
They can develop their own data base applications according to their requirement. They don’t write the
program code but they interact the data base by writing SQL queries directly through the query
processor.
5. Data Base Designers :
Data Base Designers are the users who design the structure of data base which includes tables, indexes,
views, constraints, triggers, stored procedures. He/she controls what data must be stored and how the
data items to be related.
6. Application Program :
Application Program are the back end programmers who writes the code for the application
[Link] are the computer professionals. These programs could be written in Programming
languages such as Visual Basic, Developer, C, FORTRAN, COBOL etc.
7. Casual Users / Temporary Users :
Casual Users are the users who occasionally use/access the data base but each time when they access
the data base they require the new information, for example, Middle or higher level manager.

Certain databases may contain confidential or secret data of individuals of country like (Aadhar numbers,
PAN card numbers) and this database should not be accessed by attackers. So, therefore it should be
protected from user access.
The database which contains details of huge population is called Statistical databases and it is used mainly
to produce statistics on various populations. But Users are allowed to retrieve certain statistical
information of population like averages of population of particular state/district etc and their sum, count,
maximum, minimum, and standard deviations, etc.
It is the responsibility of ethical hackers to monitor Statistical Database security statistical users are not
permitted to access individual data, such as income of specific person, phone number, Debit card numbers
of specified person in database because Statistical database security techniques prohibit retrieval of
individual data. It is also responsibility of DBMS to provide confidentiality of data about individuals.
Statistical Queries :
The queries which allow only aggregate functions such as COUNT, SUM, MIN, MAX, AVERAGE, and
STANDARD DEVIATION are called statistical queries. Statistical queries are mainly used for knowing
population statistics and in companies/industries to maintain their employees’ database etc.
Example –
Consider the following examples of statistical queries where EMP_SALARY is confidential database that
contains the income of each employee of company.
Query-1:
SELECT COUNT(*)
FROM EMP_SALARY
WHERE Emp-department = '3';
Query-2:
SELECT AVG(income)
FROM EMP_SALARY
WHERE Emp-id = '2';
Here, the “Where” condition can be manipulated by attacker and there is chance to access income of
individual employees or confidential data of employee if he knows id/name of particular employee.
The possibility of accessing individual information from statistical queries is reduced by using the
following measures –
1. Partitioning of Database – This means the records of database must be not be stored as bulk in
single record. It must be divided into groups of some minimum size according to confidentiality
of records.
 The advantage of Partitioning of database is queries can refer to any complete group or set of
groups, but queries cannot access the subsets of records within a group. So, attacker can access
at most one or two groups which are less private.
2. If no statistical queries are permitted whenever number of tuples in population specified by
selection condition falls below some threshold.
3. Prohibit sequences of queries that refer repeatedly to same population of tuples.

Embedded PL/SQL
The following example shows how you can embed PL/SQL in a high-level host language such as C and
demonstrates how a banking debit transaction might be done.

Input Table
SQL> SELECT * FROM accounts ORDER BY account_id;

ACCOUNT_ID BAL
---------- --------
1 1000
2 2000
3 1500
4 6500
5 500
PL/SQL Block in a C Program
/* available online in file 'sample5' */
#include <stdio.h>
char buf[20];
EXEC SQL BEGIN DECLARE SECTION;
int acct;
double debit;
double new_bal;
VARCHAR status[65];
VARCHAR uid[20];
VARCHAR pwd[20];
EXEC SQL END DECLARE SECTION;

EXEC SQL INCLUDE SQLCA;

main()
{
extern double atof();

strcpy ([Link],"scott");
[Link]=strlen([Link]);
strcpy ([Link],"tiger");
[Link]=strlen([Link]);

printf("\n\n\tEmbedded PL/SQL Debit Transaction Demo\n\n");

 printf("Trying to connect...");
EXEC SQL WHENEVER SQLERROR GOTO errprint;
EXEC SQL CONNECT :uid IDENTIFIED BY :pwd;
printf(" connected.\n");
for (;;) /* Loop infinitely */
{
printf("\n** Debit which account number? (-1 to end) ");
gets(buf);
acct = atoi(buf);
if (acct == -1) /* Need to disconnect from Oracle */
{ /* and exit loop if account is -1 */
EXEC SQL COMMIT RELEASE;
exit(0);
}

printf(" What is the debit amount? ");

gets(buf);
debit = atof(buf);

/* ---------------------------------- */
/* ----- Begin the PL/SQL block ----- */
/* ---------------------------------- */
EXEC SQL EXECUTE

DECLARE
insufficient_funds EXCEPTION;
old_bal NUMBER;
min_bal CONSTANT NUMBER := 500;
BEGIN
SELECT bal INTO old_bal FROM accounts
WHERE account_id = :acct;
-- If the account doesn't exist, the NO_DATA_FOUND
-- exception will be automatically raised.
:new_bal := old_bal - :debit;
IF :new_bal >= min_bal THEN
UPDATE accounts SET bal = :new_bal
WHERE account_id = :acct;
INSERT INTO journal
VALUES (:acct, 'Debit', :debit, SYSDATE);
:status := 'Transaction completed.';
ELSE
RAISE insufficient_funds;
END IF;
COMMIT;
EXCEPTION
WHEN NO_DATA_FOUND THEN
 :status := 'Account not found.';
:new_bal := -1;
WHEN insufficient_funds THEN
:status := 'Insufficient funds.';
:new_bal := old_bal;
WHEN OTHERS THEN
ROLLBACK;
:status := 'Error: ' || SQLERRM(SQLCODE);
:new_bal := -1;
END;

END-EXEC;
/* -------------------------------- */
/* ----- End the PL/SQL block ----- */
/* -------------------------------- */

[Link][[Link]] = '\0'; /* null-terminate */

/* the string */
printf("\n\n Status: %s\n", [Link]);
if (new_bal >= 0)
printf(" Balance is now: $%.2f\n", new_bal);
} /* End of loop */

errprint:
EXEC SQL WHENEVER SQLERROR CONTINUE;
printf("\n\n>>>>> Error during execution:\n");
printf("%s\n",[Link]);
EXEC SQL ROLLBACK RELEASE;
exit(1);
}
Interactive Session
Embedded PL/SQL Debit Transaction Demo

Trying to connect... connected.

** Debit which account number? (-1 to end) 1

What is the debit amount? 300

Status: Transaction completed.

Balance is now: $700.00

** Debit which account number? (-1 to end) 1

What is the debit amount? 900
Status: Insufficient funds.
Balance is now: $700.00
** Debit which account number? (-1 to end) 2
What is the debit amount? 500

Status: Transaction completed.

Balance is now: $1500.00

** Debit which account number? (-1 to end) 2

What is the debit amount? 100

Status: Transaction completed.

Balance is now: $1400.00

** Debit which account number? (-1 to end) 99

What is the debit amount? 100

Status: Account not found.

** Debit which account number? (-1 to end) -1

Output Tables
SQL> SELECT * FROM accounts ORDER BY account_id;

ACCOUNT_ID BAL
---------- ------
1 700
2 1400
3 1500
4 6500
5 500

SQL> SELECT * FROM journal ORDER BY date_tag;

ACCOUNT_ID ACTION AMOUNT DATE_TAG

---------- -------------------- --------- ---------
1 Debit 300 28-NOV-88
2 Debit 500 28-NOV-88
2 Debit 100 28-NOV-88