Database Security - Threats and Challenges - Research Paper Example

Database Security - Threats and Challenges In the current world, data is very important. With the advance in technology, organizations as well as individuals have embraced different media including data storage id databases for easy retrieval. However, given the sensitivity of some of the data stored, privacy and security concerns have come up. This paper provides an insight on the kinds of attacks that are likely to happen, how they are likely to be perpetuated and by whom. It gives the security threats and challenges that are faced in databases. It also suggests means of prevention of these attacks. Database information is vulnerable to many different attacks as will be seen in the paper. However, the situation is not bleak as it is possible to reduce the risks by focusing on the threats that are most critical. This paper examines this claim and addresses the threats and challenges faced in databases that if organizations could adopt, they would comply with the requirements of most regulated industries in the world. This document focuses on database-specific protections. Database Security - Threats and Challenges Introduction In today’s world, data is a very valuable asset used by individuals as well as organizations. It is stored in a database to make it easy to retrieve and maintain. It is essential to secure data because attacks could prove detrimental to the organization or individual owning it. There are several database security layers such as database administration, system administration, security office, developers and employees. Security can be breached at any of these layers by an attacker (Burtescu 2). Database security is becoming more and more challenging because the data concerns are evolving and amounts of data that is highly valuable are increasing. The internet has resulted in disintermediation of the access of data, which coupled with the democratization of computing has resulted in requirements for data access anywhere, anytime and anyhow, making its contribution to the increase of data security concerns. New computing paradigms and applications such as grid based computing and on-demand business are coming up together with security policies such as access control policies that are becoming complex with time (Burtescu 6). Classical security concerns for databases are such as confidentiality that deals with availability of data only to subjects who are authorized, integrity that deals with the ability to modify data by subjects who are authorized only and availability that is all about the ability to retrieve the data whenever it is needed. Other data concerns are such as the quality and completeness of data. It deals with questions such as, is the data correct and complete with respect to the outside world? Is it up-to-date? How does an organization make sure that users receive all the information that they are entitled to access? How does one show evidence of compliance with respect to policies that deal with data release? Another concern is the provenance of data, ownership and IPR. Questions of the sources of the data and whether or not the data has been modified while being copied are important considerations. Other questions are such as how the data enforces ownership and protection IPR. Large volumes of data are considered too. It is paramount to establish whether the estimated amount of information which is growing very first can be able to fit. An attacker can be categorized into: Intruder – is an unauthorized user who is illegally accessing a system to obtain valuable information. Insider – he belongs to the group of trusted users and makes abuse of his privileges trying to get information beyond his access rights. Administrator – he has privileges to administer a computer system but illegally uses these privileges to spy on other people’s behavior and get information that is valuable. An attacker can carry out a direct attack (attacks the target directly) or an indirect attack (not directly executed on the target but information of/ from the target can be retrieved through intermediates). The indirect attack is often very difficult to track as it combines queries with the intent of cheating the security mechanisms (Burtescu 3). The attacker can execute their attack either passively or actively. In a passive attack, he observes the data in a database and may use static leakage (information can be obtained by observing the snapshot of the database at a specific time), linkage leakage (information obtained by linking the database values to their positions in index) or dynamic leakage whereby changes performed in the database over time can be observed, analyzed and information obtained. In an active attack, the actual database values are modified. Active attacks present more problems than passive attacks as they can mislead the user. For example, a user can get wrong information as a result of a query (Burtescu 1). Active attacks can be performed by spoofing (the cipher text value is replaced with a generated value), splicing (a cipher text value is replaced with a different cipher text value) and replay (a kind of attack where the cipher text value is replaced with an old version of it). Databases are preferred targets by attackers because of the data that they contain and their volume. In this paper, various threats and challenges in a database security are discussed. Although database information is vulnerable to many different attacks, it is possible to reduce the risks by focusing on the threats that are most critical. This paper addresses the threats and challenges that if organizations could adopt, comply with the requirements of most regulated industries in the world. Security threats to Databases Privilege Abuse (excessive) Users or applications granted access to databases may abuse this privilege by for instance accessing information that exceeds the requirements of their job functions. They may be abused for malicious purposes. For instance, a computer operator in an organization would require only the ability to change employee contact information. They could take advantage of this and the excessive database update privileges to change salary information. Preventing excess privilege abuse It can be solved by use of query level access control, which refers to a mechanism for restricting database privileges to a minimum requirement SQL operation and data. It must extend beyond specific rows and columns within a table in granularity (Burtescu 1). A sufficient granular query level control mechanism would allow a rogue administrator for instance, to update contact information but would issue an alert in case he attempts to change anything else. It is useful for detecting excessive privilege abuse my malicious employees and preventing other threats as well (Burtescu 9). Due to the technicalities in a manual query access level control, automated query level access control could be used for secure profiling. Legitimate Privilege abuse This is when an authorized user misuses their legitimate database privileges for purposes that are not authorized. It can be inform of misuse by database users, by administrators of system managers when they do unlawful or unethical activity. It is any misuse of sensitive data or the unjustified use of one’s privileges. However, it is not limited to these (Burtescu 6). Preventing legitimate Privilege abuse This can be solved by database access control that applies not just too specific queries but to the context that surrounds database access. By enforcing policy for client applications, such as time of day, location and others, it is possible to identify users who are suspiciously using legitimate database access privileges. The organization can use SecureSphere’s Dynamic Profiling technology that automatically creates a model of the context that surrounds normal database interactions (Burtescu 2). The information is stored in the profile including for example the time of day, IP address, application client and volume of data that has been retrieved. A connection whose context does not match the stored information triggers an alert. Privilege elevation At times there exists vulnerabilities in a database software that attackers may take advantage of, they may convert their access privileges from being ordinary users to administrators (9) which could easily result in bogus accounts, fund transfers or even misinterpretation of sensitive analytical information (Burtescu 2). A database rootkit is a program or procedure hidden in the database that provides the administrator level privileges so as to enable them to gain access to data in the database. The rootkits may turn off alerts triggered by Intrusion Prevention Systems (IPS). A rootkit can only be installed after compromising the underlying operating system (Burtescu 9) Preventing privilege elevation It can be done using IPS and Query Level Access Control. IPS inspects the database traffic to identify patterns that correspond to vulnerabilities that are known. For example, if a function is known to be vulnerable, the IPS may block all access or if possible block only the procedures that have embedded attacks. Unfortunately, targeting the database requests with attacks accurately can be difficult with the use of IPS alone. Many vulnerable database functions are mostly used for legitimate purposes and therefore blocking all occurrences is not an option (Burtescu 3). The IPS must be able to accurately separate legitimate functions from those that have embedded attacks. Attacks come in many variations making the separation nearly impossible. In such cases, IPS systems could be used to bring about an alert only. In order to improve accuracy, they may be combined with alternative attack indicators and thus the use of query access control, which would then check whether or not a single request matches with the normal user behavior. If they do not match then the probability of an attack is very high (Burtescu 5). Inference In secure databases, it is possible for users to draw inferences from the information that they are able to obtain thence. A user can infer from a database when they can guess or conclude information that is more sensitive from the information they have retrieved from the database or that they have added to some prior knowledge they had. Inference presents a security breach if more highly classified information can be inferred from less classified set of information (Burtescu 4). With inference however, two problems often arise in database systems: i. Aggregation problem – a collection of data is more sensitive. For example, in an organization, the profit of each branch may not be as sensitive as the total profit of the organization. ii. Data association problem – it occurs when two values seen together are classified at higher levels than their individual classification. For example, a list with names of all employees and one with their salaries are unclassified but their combined list is classified. Platform vulnerabilities Vulnerabilities in an operating system as well as additional installed services in a database server can lead to unauthorized access, corruption of data or even denial of service. For instance, the Blaster Worm took advantage of Windows 2000 vulnerability in creating denial of service conditions (Burtescu 4). Preventing platform attacks Software updates and Intrusion Prevention can be used in mitigating platform attacks. Vendor provided updates eliminate the vulnerabilities that are found in a database platform over time. Different software developers offer frequent software updates (patches) that need to be put into place. Unfortunately, these software updates are provided and implemented for enterprises in periodic cycles. In between cycle updates, databases may be left unprotected (Burtescu 6). Additionally, issues of compatibility may prevent updating software. To address this, IPS may be implemented to inspect database traffic as earlier mentioned and identify attacks targeting vulnerabilities that are known. SQL Injection Here, an attacker typically inserts an unauthorized SQL statement into a valuable SQL data set channel. Targeted data channels typically include stored procedures and web application input parameters. The injected statements are then passed to the database to be executed. For example, in a web application, the user inserts a query instead of his name. If he uses SQL injection, an attacker may gain access to the entire database that is unrestricted. (9) Preventing SQL injections Several techniques can be combined to effectively combat SQL injection. These are, IPS, query level access control and event correlation. IPS can identify vulnerable procedures that have been stored or even SQL injection strings. IPS is not reliable alone as SQL injection strings are prone to false positives. Reliance on IPS alone would have security managers bombarded with positive SQL injection alerts (Burtescu 7). Correlating a SQL injection signature with another violation such as query-level access control violation, it becomes possible to identify a real attack with accuracy. Unpatched DBMS Usually in a database, vulnerabilities that are being explored by attackers are kept changing. Database vendors release patches so that the sensitive information in a database remains protected from threats. Once the patches are released, they are to be immediately patched. If they are left unpatched, they leave the DBMS even more vulnerable than it was before the release of the patch (Burtescu 7). Unnecessary enabling of DBMS features There are many unneeded features in a DBMS that are enabled by default. They should be turned off otherwise they present a reason for the effectiveness of attackers in a database (8) Misconfigurations Unnecessary features are left on because of poor configuration of the database (Burtescu 8). Misconfiguration of a database presents weak targets for hackers to bypass methods that have been put in place for authentication to gain access to sensitive information; the flaws become the main targets for criminals to execute attacks. The default settings may not have been properly reset, unpatched flaws may lead to unauthorized data access and files that are not encrypted may be made accessible to users without such privileges (Burtescu 8). Buffer overflow A buffer overflow is when a program or a process attempts to store more data in a buffer than its capacity. Since buffers contain only a finite amount of data, extra data can overflow to locations that are nearing and corrupt or overwrite the valid data in those locations. For example, a program that is waiting for a user to enter his name, instead of entering the name, the hacker may enter an executable command which is way past the buffer size (Burtescu 6). Weak audit trails A database audit policy ensures an automated, timely and proper recording of the transactions in a database (Burtescu 1). Such policy needs to be a part of the security considerations as all the sensitive dealings have an automatic record. The absence of security poses a serious risk to the organization in question and could possibly cause instability in operations (Burtescu 2). Preventing weak audit trails They can be addressed with quality network based audit appliances. They address issues such as high performance whereby they can operate at line speed with zero impact on database performance. By offloading audit processes to network appliances, organizations can be able to improve the performance of the database. Network based audit appliances may operate independently, that is different from database administrators making it possible to separate audit duties appropriately (Burtescu 7). They can also prevent attacks by non-administrators since network devices are independent of the server that is they are invulnerable to privilege elevation attacks. Network based appliances can also be helpful in cross platform auditing. Typically, they support all leading database platforms and enable uniform standards and audit operations that are centralized across large heterogeneous environments. These attributes reduce database server costs, administrative costs and load balancing requirements and deliver better security. Denial of service Here, all users are denied access to data in the database without excluding those who are legitimate. DOS conditions could be created through many techniques related to the other mentioned vulnerabilities. For example, DOS could be achieved by taking advantage of a database platform vulnerability to crash its server. One could also use data corruption, network flooding or server resource overload (Burtescu 1). Denial of service attacks can be prevented using multiple level protections. Network, application and database level protections are necessary. For these, deployment of connection rate control, IPS, query access control as well as response timing are recommended. Covert channel It is an indirect means of communication in a computer system that can be used to weaken the security system policy. A secret level program is prevented from directly writing to an unclassified data. However, there are other ways of communicating information to unclassified programs. For instance, the secret program may want to know the memory available. Even if the program that is not classified is prevented from observing the amount of free space, it can indirectly make a request for large amounts of memory. Denial of this memory or granting conveys some information concerning the free memory (Burtescu 5). Covert channels, from encryption to steganography are a threat to any exposed system. They can be used on computers in the same network, different networks or within one multilevel system. Their knowledge can help system administrators perform good analysis of their systems to find and prevent such compromises. Database communication protocol vulnerabilities Large numbers of vulnerabilities are being identifies with time. Fraudulent activities directing them could vary from illegal access of data to exploitation and denial of service attacks. Database communication protocol attacks can be prevented with the use of technology that is referred to as protocol validation. It parses (disassembles) database traffic and then compares it to the expectations. If live traffic does not match expectations, alerts or blocking actions are taken (Burtescu 3). Advanced persistent threats It happens when large well-funded organizations make assaults that are highly focused on large critical data stores. They are defined and often perpetrated by skilled, motivated and organized groups. Organized criminals are targeting databases where they can harvest data in bulk. They target large repositories of personal and financial information. These data records can be sold after being stolen in the back market and manipulated. Insider mistakes Some mistakes often happen unknowingly. An authorized user may access sensitive data inadvertently and modify it by mistake or delete it. The user could also make an unauthorized copy of sensitive information for back up or taking work home. Although the act may not be malicious, there is still violation of organizational security. For example, a laptop with sensitive information can be stolen (Burtescu 4). Social engineering Here, users unknowingly provide information to an attacker through a web interface such as a compromised website or through an email response to what could seem to them as a legitimate request (Burtescu 8). Weak authentication These schemes allow attackers to assume the identity of legitimate database users by stealing or obtaining login credentials. An attacker may employ brute force (repeatedly entering username/ password combinations until he finds the correct one) or direct credential theft. Preventing weak authentication attacks This can be done by the use of strong authentication through implementation of the strongest practical authentication technologies and policies. Whenever possible, it is advisable to use two factor authentications such as tokens, certifications and biometrics. However, they may be impractical because of their costs and ease of use. In such situations, then it is wise to use strong username/ password policies (observe minimum length, diversity of character, obscurity and others). Integration of directory is important for scalability and the ease of use. Strong authentication mechanisms should be integrated together with the directory infrastructure. Among other things, it must be able to let a user use a single set of log in credentials for many databases and applications (9). This makes two factor authentication systems to be the most cost effective and makes it easier for users to remember their credentials. Backup Data Exposure Backup database storage media may be completely unprotected from an attack together with a natural calamity such as floods or earthquake. This may result in high profile security breaches that may involve theft of database backups or hard disks (Burtescu 1). Back up data exposure can be prevented by encrypting all database backups. It has been suggested by some vendors that future DBMS products to be unable to support creation of unencrypted backups. It is also suggested to encrypt on line products but performance and cryptographic key management drawbacks have often made it impractical making them be regarded as poor substitutes for granular privilege controls (Burtescu 7). Database challenges The greatest challenge to database security probably comes from organizational issues rather than accidental actions according to a survey that was presented by Application security in 2012. For most cases, database security is overseen by the database and the security teams and so results in disconnect in terms of ownership responsibilities and lack of consensus on priorities that are high. The research showed that management showed increasing signs of threat awareness but offered adequate financial support to curb these (5). The figure below shows the results obtained in the research: From the figure, it is clear that the highest challenge is posed by errors by say the system administrators, the users or any other internal human activity within the database. External hackers also provide a challenge that is relatively big but not as big as the internal. In fact, hacks from insiders such as employees and contractors and accidental loss of devices are very high. Outside partners contribute only 13% of the attacks. Important to the carried out study, was the fact that a large number of those surveyed (81%) showed that data security risks posed to their organizations continued to increase and especially over the past three years. 80% of those that felt a greater risk acknowledged that the higher technical proficiency and boldness of hackers and other malicious third parties was a leading factor that contributed to the growing challenges (Burtescu 9). As most of the challenges faced by databases are due to human errors, they can be solved by putting in place systems that are sure to minimize these. For instance, where system administrators have the role of updating software, an auto update setting can be put into place so that immediately a new patch is released, then they update automatically, that way the error due to forgetfulness is eliminated. System administrators can be offered incentives for work that is well done in order to encourage them and to ensure that they carry out their work properly. Most important, is the education of all those handling the database so that they are made aware of the nature of information and the dangers that come with carelessness. When they are informed, they are inclined to support the security measures that are put into place. Conclusion As organizations continue to increase their reliance on possibly distributed information systems, they continue to become more and more vulnerable to breaches in security. Although a number of techniques such as encryption and electronic signatures are currently available for data protection during transmission across sites, there is need for a conclusive approach to data protection including mechanisms for enforcing access control policies. Some of them are based on data contents, subject, the qualifications as well as characteristics and other relevant information to the contexts as seen in the information given. The semantics of data must be well understood during the specification of effective access control policies. This paper has dwelt on database specific solutions. Techniques for data integrity and availability are available and can be specifically tailored to a database. In this respect, the database security community has developed many different techniques some of which have been discussed that assure the confidentiality, integrity and availability of data. However, despite these, database security faces several challenges that have introduced new security requirements and new contexts in which to apply and possibly extend current approaches. This paper proves that the future is not bleak for organizations by offering the solutions to the most critical security threats and how they can be applied. Works Cited Elisa Bertino, Ravi Sandhu, “Database Security—Concepts, Approaches, and Challenges” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 2, NO. 1, JANUARY MARCH 2005 Burtescu, Emil “DATABASE SECURITY - ATTACKS AND CONTROL METHODS”, Journal of Applied Quantitative Methods, Vol. 4, no. 4, Winter 2009. Erez Shmueli, Ronen Vaisenberg, Yuval Elovici, Chanan Glezer, “Database Encryption – An Overview of Contemporary Challenges and Design Considerations”, SIGMOD Record, September 2009 (Vol. 38, No. 3). Iqra Basharat, Farooque Azam, Abdul Wahab Muzaffar,”Database Security and Encryption: A Survey Study”, International Journal of Computer Applications (0975 – 888) Volume 47– No.12, June 2012. Mr. Saurabh Kulkarni, Dr. Siddhaling Urolagin, “Review of Attacks on Databases and Database Security Techniques”, International Journal of Emerging Technology and Advanced Engineering, ISSN 2250 2459, Volume 2, Issue 11, November 2012. N. Kodali, C. Farkas, and D. Wijesekera, “An Authorization Model for Digital Libraries,” Int’l J. Digital Libraries, vol. 4, no. 3, pp. 156-170, 2004. P. Missier, G. Lalk, V.S. Verykios, F. Grillo, T. Lorusso, and P. Angeletti, “Improving Data Quality in Practice: A Case Study in the Italian Public Administration,” Distributed and Parallel Databases, vol. 13, no. 2, pp. 135-160, 2003. Rohilla Shelly, Pradeep Kumal Mittal, “Database Security: Threats and Challenges” Volume 3, Issue 5, May 2013. ISSN: 2277 128X S.R.M. Oliveira and O.R. Zaiane, “Privacy Preserving Frequent Itemset Mining,” Proc. IEEE ICDM Workshop Privacy, Security and Data Mining, 2002. Read More