managing multi-user databases (3) is 240 – database management lecture #20 2004-04-27 prof. m. e....

Managing Multi-User

Databases (3)IS 240 – Database Management

Lecture #20 2004-04-27Prof. M. E. Kabay, PhD, CISSP

Norwich University

[email protected]

mailto:[email protected]

2 Copyright © 2004 M. E. Kabay. All rights reserved.

Topics

Fundamentals of Information SecurityDatabase SecurityDatabase RecoveryManagement Issues


Fundamentals of IA

The Classic TriadConfidentialityIntegrityAvailability

The Parkerian HexadPossessionAuthenticityUtility

Information Assurance (IA)


The Classic Triad

C

I A


Confidentiality

Restricting access to dataProtecting against unauthorized disclosure of

existence of dataE.g., allowing industrial spy to deduce

nature of clientele by looking at directory names

Protecting against unauthorized disclosure of details of dataE.g., allowing 13-yr old girl to examine

HIV+ records in Florida clinic

C


Integrity

Internal consistency, validity, fitness for useAvoiding physical corruption

E.g., database pointers trashed or data garbledAvoiding logical corruption

E.g., inconsistencies between order header total sale & sum of costs of details

C I


Availability

Timely access to dataAvoid delays

E.g., prevent system crashes & arrange for recovery plans

Avoid inconvenienceE.g., prevent mislabeling of files

C I

A


Problem: Missing Elements

Which principle of the C-I-A triad has been breached whenA child takes bank card with password in

envelope but does not open it?Someone sends threat to President using

your e-mail address but not your e-mail logon?

Someone converts all the salary figures in your database to Iraqi Dinars?

ANSWER: NONE OF THEM – THE TRIAD IS INSUFFICIENT TO DESCRIBE SECURITY BREACHES


The Parkerian Hexad

Protect the 6 atomic elements of INFOSEC:

ConfidentialityPossession or control IntegrityAuthenticityAvailabilityUtility


Why “Parkerian?”

Donn G. Parker

Recipient of Lifetime Achievement Award from NCSC in 1993


Possession

Control over informationPreventing physical contact with data

E.g., case of thief who recorded ATM PINs by radio (but never looked at them)

Preventing copying or unauthorized use of intellectual propertyE.g., violations by software pirates

C P I

A


Authenticity

Correspondence to intended meaningAvoiding nonsense

E.g., part number field actually contains cost

Avoiding fraudE.g., sender's name on e-mail is changed

to someone else's

C P A

Au Av


Utility

Usefulness for specific purposesAvoid conversion to less useful form

E.g., replacing dollar amounts by foreign currency equivalent

Prevent impenetrable codingE.g., employee encrypts source code and

"forgets" decryption key

C P I

Au Av

U


Functions of IA (1)

Avoidance: e.g., prevent vulnerabilities and exposures

Deterrence: make attack less likelyDetection: quickly spot attackPrevention: prevent exploitMitigation: reduce damageTransference: shift control for resolution


Functions of IA (2)

Investigation: characterize incidentSanctions & rewards: punish guilty,

encourage effective respondersRecovery: immediate response, repairCorrection: never againEducation: advance knowledge and teach

others


Information Assurance (IA)

Avoid

Deter

Detect

Prevent

Mitigate

Transfer

Investigate

Punish/reward

Recover

Correct

Educate


Database Security

Processing Rights I&A Individuals & User GroupsApplication Security


Processing Rights

Who gets to do what to which records?Different functions

Modify DB structureGrant rights to usersChange records

DeleteModify (change)Insert

See entire recordsSee selected fields

MORE POWER / DANGER

LESS POWER / DANGER


I&A: Identification & Authentication

Each individual user has unique identifierUser ID for operating system logonUser ID for DBMS access

Connection between user ID and actual person is known as authentication based onWhat you knowWhat you haveWhat you areWhat you do

User IDs should never be shared


Individuals & User Groups

Individual users may have specific rightsCall this authorization or privileges for specific

functions Can also define rights for groups of people (aka role-

based security)Call these user groups; e.g.,

Human resources clerks vs HR managersAccounting book-keepers vs Accounting

managersManagers for different departments

May define “public” or “visitor” group if necessaryProvide safe privileges for specific functionsE.g., lookups, interactions for requesting info,

subscribing to newsletter….


Application Security

DBMS security may not suffice for specific applications

Business rules may be more complex than simply assigning privileges according to identity; e.g.,Some patient records may be accessible to

nurse or doctor only while they are treating a specific patient

Some financial information may be locked while SEC is performing an audit

Such requirements are programmed at the application level


Topics

Database SecurityDatabase RecoveryManagement Issues


Database Recovery

TransactionsApplication LoggingTransactions and Log FilesBackups & Log FilesRecovery from BackupsRecovery from Log Files


Transactions

What are transactions?Why would we care if a transaction were

interrupted by a DBMS failure or a system failure?


Application Logging

Benefits of loggingAudit trail for security / investigationsPerformance dataDebugging

What might a logging process write into the log file when a process is

Adding a record?

Changing a record?

Deleting a record?


Transactions and Log Files

Why would it matter to anyone that a log file keep a distinction among different transactions?

How does a log file mark an atomic transaction?


Backups & Log Files

Distinguish among the following types of backups:System vs applicationFull (everything)Differential (aka Partial) (everything changed

since last full) Incremental (everything changed since last

incremental)Delta (only changed data)Log files (only the information about the

changes)


Backup Types

File SUN MON TUE WED THU FRI SAT

A

B

C

D

E

Backup Type SUN MON TUE WED THU FRI SAT

FULL ABCDE ABCDE ABCDE ABCDE ABCDE ABCDE ABCDE

DIFFERENTIAL A AB ABD ABCD ABCDE ABCDE

INCREMENTAL A B AD ABCD CDE ABC

DELTA (records) A' B' A'D' A'B'C'D' C'D'E' A'B'C'


Recovery from Backups

Discuss how one would use each of the following types of backup in recovering from a system failureFullDifferentialIncrementalDelta


Recovery from Log Files

Roll-backward recoveryUse log file to identify interrupted

(incomplete) transactions using checkpoints

How? ____________________________Remove all changes that are part of those

incomplete transactionsRoll-forward recovery

Start with valid backupUse log file to re-apply all completed

transactionsLeave out the incomplete transactions

Which kind is faster?_____________________


Topics

Database SecurityDatabase RecoveryManagement Issues


Management Issues

Performance Inflection pointsCapacityApplication Evolution


Performance Management

Log files help DBAs monitor and improve application and system performanceIdentify application errors quicklyIdentify operators with high error ratesCalculate response times on different

serversCan monitor trends in

transaction volumesResponse times

Look for inflection points and study reasons


Inflection Points

Watch for changes in slopeAlways find out why pattern has changed

Time

Re

so

urc

e ?


Capacity

Same reasoning: look for trends in disk space usage

Identify which applications are growing fastest

Project when you will need to increase storage capacity

Never let a database fill up to maximum capacity

Be curious about any sudden change in rate of growth – find out if there are problems


Application Evolution

All applications must changeEnvironment changes

Operating systems / DBMS versionsRegulations & lawsBusiness needs

Therefore databases changeDBAs must plan to meet demands for change

Keep track of structure, usageDefine data repository

Full metadata about all organization data systems


Homework

Finish very carefully reading all of Chapter 11 using the full SQ3R techniques.

REQUIRED by MONDAY NOON 3rd May (hand in at B&M office) for 26 pointsGroup I Questions #11.37 through 11.49ALL remaining outstanding homework is

due by that date. No further extensions.MK will return all homework to B&M office

by Tuesday NOON OPTIONAL also by Monday 3rd May for 3 extra

points each11.52 and/or 11.53 on p. 327


Final Exam

Thursday 6 May 200408:00-10:30Dewey 211Covers entire course materialT/F, short answer, diagrams, short essay,


DISCUSSION

managing multi-user databases (3) is 240 – database management lecture #20 2004-04-27 prof. m. e....

Documents

specific rights

resolution slide

shared slide

power danger slide

details ci slide

classic triad c ia slide

db structure grant rights

florida clinic c slide