Database Security Flashcards
What are the two major security problems in Databases?
The two major problems are Integrity and secrecy.
What is a query?
A command to interact with the database, the retrieves, modifies, adds, or deletes fields and records in the database.
What are the advantages of a database?
Shared access
minimal redundancy, users don’t need to collect their own data
data consistency, change to data affects all users of that data
data integrity, values are protected against accidental or malicious change
Controlled Access, only authorized users can view or modify.
What is auditabilty?
Ability to track all reads and writes. It is desirable to do this down to the element level.
Access control
To limit the accessability of specific data.
Dbms User Authentication?
A dbms might require a user to pass both a password and a time-of-day checks.
What is availability
The database is an existential tool and must be available and not busy serving others.
What is a two phase update
Intent and commit.
How does a database maintain redundancy and internal consistency?
Additional information ranging from a few checkbits to shadow copies.,
Shadow fields
Provide redundacny and back up, entire attributes can be duplicated, requiring storage space.
What is a recovery method for DBMS.
In the event of failure the databsase is reloaded from a backup and all changes are applied from the audit/transaction log.
How does the database handle concurrency.
The DBMS locks a record until a write is completed.
What is a monitor responsible for?
A monitor is responsible for structural integrity.
What is a state constraint?
State constraints describe the condition of the entire database, at no time should these values violate these constraints.
What is a transition constraint?
They describe the state the database must be in before changes can be applied.
What is an indirect attack .
Attacker tries to infer a final result based on one or more intermdiate statistical results.
What is a direct attack?
User tries to determine values of sensitive fields by seeking them directly.
What is the intersecting median attack?
When attacker uses slightly more complicated process to determine individual values from medians.
What is a Tracker attack?
Modifying query to get around data rules and get specific information, by doing set differences.
What is a Linear system vulenerability?
Using math and a bunch of queries one can solve the all the queires to find the unknown common value.
What is Random data perturbation?
adding random seed values to the data to offset.
How does a user expliot unique object collisions between security Domains in MLS Database.
When a low level user receives an error message that says the row cannot be inserted because the unique key exists. The low level user verifies the key does not exist at a dominated level, they then know the existence of the key at a higher leve.
How do you realize and prevent the aggregation problem?
Requires tracking the history of prior accesses as well as publicly available information.
How do we extend the trust from the security kernel to the trusted security base to the application space?
Assurance and trust in what is enforcing the policy? TCB Subsets
What is a TCB subset?
It is a TCB which relies on the TCB of the underlying system for its own policy enforcement.
A TCB subset M is a set of Software, Firmware, and hardware, that mediates the access of a set S of subjects to a set O of Objects on the basis of a stated access control policy P.
