Computer Security:

Principles and Practice

Fourth Edition

By: William Stallings and Lawrie Brown

Chapter 5
Database and
Data Center Security
Database There is a dramatic
imbalance between the

Security complexity of modern

database management
systems (DBMS) and the
security technique used
to protect these critical
The increasing systems Databases have a
reliance on cloud sophisticated
technology to host interaction
part or all of the protocol,
Structured Query
corporate database Reasons
Language (SQL),
database which is complex
security has not
kept pace with
the increased
reliance on
Most enterprise environments databases are:
consist of a heterogeneous Effective database
mixture of database platforms, security requires a
enterprise platforms, and OS strategy based on a
platforms, creating an full understanding
additional complexity hurdle for of the security
security personnel vulnerabilities of
The typical SQL
organization lacks
full-time database
security personnel
 Databases
● Structured collection of data
stored for use by one or more
applications
Database management
● Contains the relationships system (DBMS)
between data items and
groups of data items • Suite of programs for
constructing and
maintaining the
● Can sometimes contain database
sensitive data that needs to
be secured • Offers ad hoc query
facilities to multiple users
Query language and applications
● Provides a uniform interface
to the database for users
and applications
 Relational Databases
● Table of data consisting of rows and columns
● Each column holds a particular type of data
● Each row contains a specific value for each column
● Ideally has one column where all values are unique, forming an
identifier/key for that row

● Enables the creation of multiple tables linked

together by a unique identifier that is present in all
tables

● Use a relational query language to access the

database
● Allows the user to request data that fit a given set of criteria
 Relational Database
Elements
Primary key
• Uniquely identifies a row
● Relation • Consists of one or more column names
● Table/file
● Tuple Foreign key
● Row/record • Links one table to attributes in another
● Attribute
● Column/field View/virtual table
• Result of a query that returns selected
rows and columns from one or more
tables
• Views are often used for security
purposes
 Table 5.1
Basic Terminology for Relational Databases
 Structured Query Language
(SQL)
● Standardized language to define schema, manipulate,
and query data in a relational database

● Several similar versions of ANSI/ISO standard

● All follow the same basic syntax and semantics

SQL statements can be used to:

• Create tables
• Insert and delete data in tables
• Create views
• Retrieve data with query statements
 SQL Injection Attacks
(SQLi)
• One of the most • Most common attack
prevalent and goal is bulk extraction
dangerous of data
network-based security
threats
• Depending on the
environment SQL
• Designed to exploit the injection can also be
nature of Web exploited to:
application pages o Modify or delete data
o Execute arbitrary operating
system commands

• Sends malicious SQL o Launch denial-of-service (DoS)

attacks
 Injection Technique
The SQLi attack typically works by prematurely
terminating a text string and appending a new
command
Because the inserted command may have additional strings appended to
it before it is executed the attacker terminates the injected string with a
comment mark “- -”

Subsequent text is ignored at execution time

 SQLi Attack Avenues
User input
• Attackers inject SQL commands by providing suitable crafted user input

Server variables
• Attackers can forge the values that are placed in HTTP and network headers and exploit this
vulnerability by placing data directly into the headers

Second-order injection
• A malicious user could rely on data already present in the system or database to trigger an SQL
injection attack, so when the attack occurs, the input that modifies the query to cause an attack
does not come from the user, but from within the system itself

Cookies
• An attacker could alter cookies such that when the application server builds an SQL query based
on the cookie’s content, the structure and function of the query is modified

Physical user input

• Applying user input that constructs an attack outside the realm of web requests
 Inband Attacks
• Uses the same communication channel for injecting SQL
code and retrieving results
• The retrieved data are presented directly in application
Web page
• Include:

End-of-line Piggybacked
Tautology
comment queries
After injecting code
The attacker adds
This form of attack into a particular
additional queries
injects code in one field, legitimate
beyond the
or more conditional code that follows
intended query,
statements so that are nullified
piggy-backing the
they always through usage of
attack on top of a
evaluate to true end of line
legitimate request
comments
 Inferential Attack
• There is no actual transfer of data, but the attacker
is able to reconstruct the information by sending
particular requests and observing the resulting
behavior of the Website/database server
• Include:
o Illegal/logically incorrect queries
• This attack lets an attacker gather important information
about the type and structure of the backend database of
a Web application
• The attack is considered a preliminary,
information-gathering step for other attacks
o Blind SQL injection
• Allows attackers to infer the data present in a database
system even when the system is sufficiently secure to not
display any erroneous information back to the attacker
• The attacker ask the server True/ False questions
 Out-of-Band Attack
• Data are retrieved using a different channel

• This can be used when there are limitations on

information retrieval, but outbound connectivity
from the database server is lax
 SQLi Countermeasures
• Three types:

• Manual defensive coding

Detection • Check queries at runtime
practices to see if they conform to a
• Parameterized query • Signature based model of expected queries
insertion • Anomaly based
• SQL DOM: encapsulation • Code analysis
of queries

Defensive Run-time
coding prevention
 Database Access Control
Database access
Can support a range of
control system
administrative policies
determines:
Centralized administration
If the user has access to the entire • Small number of privileged users may grant and
database or just portions of it revoke access rights

Ownership-based administration
What access rights the user has (create, • The creator of a table may grant and revoke
insert, delete, update, read, write) access rights to the table

Decentralized administration
• The owner of the table may grant and revoke
authorization rights to other users, allowing them
to grant and revoke access rights to the table
 SQL Access Controls
• Two commands for managing access rights:
• Grant
o Used to grant one or more access rights or can be used
to assign a user to a role
• Revoke
o Revokes the access rights

• Typical access rights are:

• Select
• Insert
• Update
• Delete
• References
 Role-Based Access Control
(RBAC)
• Role-based access control eases administrative burden and improves
security

• A database RBAC needs to provide the following capabilities:

• Create and delete roles
• Define permissions for a role
• Assign and cancel assignment of users to roles
• Categories of database users:
Application owner End user Administrator

• An end user who owns • An end user who operates • User who has
database objects as part on database objects via a administrative
of an application particular application but responsibility for part or all
does not own any of the of the database
database objects
Table 5.2

Fixed
Roles
in
Microsoft
SQL
Server

(Table is on page 165 in

the textbook)
 Inference Detection
Approach removes an
inference channel by altering
the database structure or by
changing the access control
regime to prevent inference
Inference detection
during database design

Techniques in this category

often result in unnecessarily
stricter access controls that
reduce availability

Two approaches

Approach seeks to eliminate

an inference channel
violation during a query or
series of queries

Inference detection
at query time

If an inference channel is
detected, the query is denied
or altered

• Some inference detection algorithm is needed for either of these approaches

• Progress has been made in devising specific inference detection techniques for
multilevel secure databases and statistical databases
 Database Encryption
● The database is typically the most valuable information
resource for any organization
● Protected by multiple layers of security
● Firewalls, authentication, general access control systems, DB access control
systems, database encryption

● Encryption becomes the last line of defense in database security

● Can be applied to the entire database, at the record level, the

attribute level, or level of the individual field

● Disadvantages to encryption:
● Key management
● Authorized users must have access to the decryption key for the data for
which they have access

● Inflexibility
● When part or all of the database is encrypted it becomes more difficult to
perform record searching
Data Center Security
• Data center:
o An enterprise facility that houses a large number of servers,
storage devices, and network switches and equipment
o The number of servers and storage devices can run into the tens
of thousands in one facility
o Generally includes redundant or backup power supplies,
redundant network connections, environmental controls, and
various security devices
o Can occupy one room of a building, one or more floors, or an
entire building
• Examples of uses include:
o Cloud service providers
o Search engines
o Large scientific research facilities
o IT facilities for large enterprises
 TIA-492
• The Telecommunications Industry Association (TIA)
• TIA-492 (Telecommunications Infrastructure Standard for
Data Centers) specifies the minimum requirements for
telecommunications infrastructure of data centers
• Includes topics such as:
• Network architecture
• Electrical design
• File storage, backup, and archiving
• System redundancy
• Network access control and security
• Database management
• Web hosting
• Application hosting
• Content distribution
• Environmental control
• Protection against physical hazards
• Power management
Table 5.4
Data Center
Tiers
Defined in
TIA-942

(Table is on page 177 in textbook)

 Summary
• The need for database • Database access
security control
• Database management • SQL-based access definition
systems • Cascading authorizations
• Role-based access control
• Relational databases
• Elements of a relational
• Inference
database system • Database encryption
• Structured Query Language
• Data center security
• SQL injection attacks • Data center elements
• A typical SQLi attack
• Data center security
• The injection technique considerations
• SQLi attack avenues and types • TIA-492
• SQLi countermeasures