database security Flashcards
what access rights do users have
create
insert
delete
update
read
write
3 different administrative policies
- centralized
the owner of the table can grant/revoke authorization rights to other users, allowing those users to also grant/revoke access on the table - ownership-based
the creator of the table can grant/revoke access rights to the table - decentralized
small number of privileged users may grant/revoke access rights
describe a GRANT command
GRANT {privileges | role}
[ON table]
TO {user | role | public}
[IDENTIFIED BY PASSWORD]
[WITH GRANT OPTION]
describe a REVOKE command
REVOKE {privileges | role}
[ON table]
FROM {user | role | PUBLIC}
A creates table employees
A: GRANT INSERT, DELETE ON employees TO B WITH GRANT OPTIONS;
B: GRANT SELECT ON employees to X;
A can grant rights because they own the table
B can insert and delete tuples in employees
B can grant select access to X
X can select tuples
X cannot grant anyone access
A: GRANT INSERT ON employees TO bob WITH GRANT OPTIONS;
A: GRANT SELECT, CREATE ON employees TO sarah WITH GRANT OPTIONS;
bob: GRANT INSERT ON employees TO david;
sarah: GRANT SELECT ON employees TO david;
A: REVOKE ALL PRIVILEGES ON employees FROM bob;
- bob loses all access rights
- david retains SELECT rights because of sarah but loses INSERT rights
- sarah retains all the access rights granted by A
what happens when a user (A) revokes access rights
- the system begins by removing specific access rights from the specified user (B)
IF
target user B has not been granted the specific access rights from any other user, then the revocation will cascade down from user B
HOWEVER
if target user B has been granted the specific access rights from any other user at an earlier time than A, then the cascading revocation will not remove any rights outside of A’s grant
A: GRANT ALL RIGHTS ON employees TO x WITH GRANT OPTIONS;
X: GRANT SELECT ON employees TO y;
A: REVOKE ALL RIGHTS ON employees FROM x;
- A will grant all rights to X and make them grantable
- X will grant SELECT rights to Y
- A revokes all rights from X, which recursively revokes rights granted by X from Y
recursive revocation
is when a user (A) revokes rights for another user (B), leading to rights they granted to other users (C) to be lost
t = time
what is inference (security)
the process of deducing sensitive or confidential information by analyzing seemingly unrelated or lower-level data or metadata.
how would an inference an attack be carried out
- analyze functional dependencies between attributes in a table/across tables
- merge views
for example:
T - inventory(cost, item, quantity, department)
T can be accessed by owner
However, the clerk only has access to V1(item, department) and/or V2(cost, quantity) and is not authorized to access relationship between cost and item
if the clerk infers that that both views include all the attributes of the original table, or that the order of the rows is the same as the original table
the clerk can merge the views and find out the unauthorized information
3 techniques against inference attacks
- inference detection at database design: alter database structure or access controls
- inference detection at query time: monitor/evaluate queries in order to alter or deny or approve
- adding non-sensitive attribute to the appropriate table/view: adding complexity to reduce accurate deductions
