Database Security

The term database security refers to the control of privacy and integrity of large data stores which are usually managed by a software program known as a database management system.  At present, such databases are used by an enormous number of companies to store an incredible variety of data.  Typically, this data is extremely important to organizations and individuals, and can also be of a very confidential nature; examples of such data include bank account information, credit card information, medical records and inventory records.  It is clear that this data must not be accessible to unauthorized persons (privacy), and that unauthorized persons must not be able to alter this data (integrity). 

Maintaining privacy and integrity of a database is not a trivial task; consequently, many instances of security breaches of databases appear in the news and result in significant problems for both companies and individuals.  Some notable recent incidents include the theft of 45.7 million credit card numbers along with other personal information from a TJX database in January of 2007[1][2], and the theft of 40 million credit card numbers from the database of a transaction processing company, CardSystems, revealed in June 2005[3].  In order to help prevent such database security breaches from occurring, there are numerous security mechanisms that can be employed.  These security mechanisms can be grouped into the categories of server security, access control, and encryption. Modern database management systems such as IBM DB2, Oracle Database 10g, and Microsoft SQL Server 2005 provide a wide variety of such security mechanisms.

Contents

1 Server Security
2 Access Control
      2.1 Privileges
      2.2 Using Views
3 Encryption
      3.1 Communication Encryption
      3.2 Data Encryption
4 See Also
5 References
6 External Links
A typical database server system: the IBM System p5 570. This includes multiple cores for processing, and terabytes of disk storage for storing data.

Server Security
One of the most critical issues related to database security is the security of the server that the database resides on.  If this server is not secure, then unauthorized users could possibly gain access to or modify the database regardless of how secure the database itself is. Some of the more important things to consider are: A proper treatment of server security is beyond the scope of this article, but there are many books and online resources providing detailed information on server security for machines running different operating systems and providing different services[4].

Access Control
To be useful, a database must allow users to connect to it in order to retrieve or modify data.  Precisely controlling the access that users have to the data is imperative, and can be accomplished in several ways including setting up privileges and the use of views.

Privileges

Given the wide variety of data stored within any single database, it is crucial that users of the database are only allowed to access and modify what they really need to.  In order to accomplish this, proper privileges must be assigned.  All modern database management systems allow the specification of privileges which determine what actions users are allowed to perform and which database objects they are allowed to perform these actions on.  Examples of such privileges would include the ability to select, insert, update or delete data from a specific table in the database. In addition, the ability to assign privileges to a whole group of users is generally provided in order to make the setup and maintenance of privileges manageable.  In this manner, a set of database privileges which would be appropriate for a certain type of employee, such as a sales clerk, could be assigned to a user group, and then all users who require these privileges simply need to be added to this user group. 

Using Views

Often, a single table in a database may contain confidential as well as non-confidential data.  For example, a table which records customer transactions may store the customer's name, what they purchased and when, and the number of the credit card that they used to pay.  Allowing all this data, including the credit card information, to be visible to many people would be a serious security issue.  Instead, a view can be created which allows users to see only those certain data columns of the table which they are supposed to.  Additionally, the users could still modify data in the original table (provided they have permission) using the view, and these modifications would be subject to any integrity constraints that the original table may be subject to.

Encryption

Using encryption in databases is another security tool that can be employed to help ensure that unauthorized users cannot obtain confidential data.  Encryption can be employed at two different levels when dealing with databases: at the communication level, and at the data storage level (often referred to as simply data encryption).

Communication Encryption

Communication encryption refers to the encryption of data for the purpose of transmission across a network.  The use of this type of encryption is available in many modern database management systems.  Firstly, a secure connection to the database server is established using a protocol such as SSH, then as data is read from or sent to the database, it is encrypted prior to transmission and decrypted upon arrival at its destination.  This makes it very difficult for anyone capturing this transferring information to actually retrieve coherent and useful data.  The need for communication encryption with a database can often be avoided altogether by ensuring that only trusted hosts have a direct connection to the database server.

Data Encryption

In contrast to communication encryption, data encryption deals with permanently encrypting a database's data on the storage device on which it resides.  This form of encryption is a great defense against several threats which communication encryption does not protect against at all.  Firstly, if a user was able to gain access to the machine on which the database is stored, the actual files containing the database data could be accessible to them.  In this situation, no matter how secure the database was, the user could simply read the data directly from the file rather then going through the database management system.  Secondly, if the physical storage devices containing the database were stolen, the thief could again likely access the database information directly from the files on the obtained storage devices. 

Several current database management systems allow encryption of the database on the storage device, although there are often limitations to the types of data that may be encrypted in an active database.  Furthermore, this type of encryption can cause significant overhead during transactions due to the need to decrypt data to be received, and encrypt data to be stored.  Data encryption is one area which many database management systems are still attempting to improve on.

References
  1. http://www.sun-sentinel.com/business/local/sfl-ztjx30mar30,0,3628774.story?coll=sfla-business-front TJX reveals 45.7 credit card numbers stolen by hackers
  2. http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20070329/tjx_details_070329/20070329?hub=World&s_name= TJX: At least 45.7M card numbers stolen
  3. http://www.washingtonpost.com/wp-dyn/content/article/2005/06/17/AR2005061701031.html?nav=hcmodule 40 Million Credit Card Numbers Hacked
  4. http://www1.umn.edu/oit/security/serversecurity.html Server Security Guideline
  5. Bhavani M. Thuraisingham(2005). Database and Applications Security.  CRC Press.

See Also
Web Server Security
Encryption Methods
Tools for Linux Security
Computer Surveillance
Computer Hijacking

External Links
www.databasesecurity.com
Database Security (common sense principles)
IBM DB2
Oracle Database 10g
Microsoft SQL Server 2005
Database Encryption 101
Author: Mike Darmitz
Last Updated: April 6, 2007