Database Security

In today's society, information is a critical resource not only in
the fields of industry, commerce, education, or medicine, but
also in the fields of military, diplomacy, or governments. Some
information is extremely important as to have to be protected.
For example, data corruption or fabrication in a hospital database
could result in patients' receiving the wrong medication.
Disclosure or modification of military information could endanger
national security.

A good database security management system has not only
the following characteristics: data independence, shared access,
minimal redundancy, data consistency, and data integrity but also
the following characteristics: privacy, integrity, and availability.

Privacy signifies that an unauthorized user cannot disclose data.

Integrity ensures that an unauthorized user cannot modify data.

Availability ensures that data be made available to the authorized
user unfailingly.

A database management system (DBMS) with security facility
is designed to ensure all of the above characteristics efficiently.

In general, there are four levels of enforcing database security.
The first is physical security, such as storage medium
safekeeping and fire protection; the second is operating
system security, such as the use of an access control matrix,
capability-list, and accessor-list; the third is DBMS security,
such as protection mechanisms and query modification; and
the last is data encryption, such as the data encryption
standard and RSA scheme. The first three levels of security
cannot provide a totally satisfactory solution to the database
security problem for the following four reasons. First, it is hard
to control the disclosure of raw data, because the raw  data
exists in readable form inside a database.

Second, it is invalid to control the disclosure of sensitive data,
because the sensitive data must frequently be backed up in
storage media in case of system failure or disk crash.

Third, it is hard to control the disclosure of confidential data
in a distributed database system. Fourth, it is hard to verify
that the origin of a data item is authentic, because the original
data may  have been modified by an intruder.

A practical solution to the above problems is to using
encryption methods to enforce database security.

An encryption database security can solve the above problems
in the following manners: Data is encrypted into ciphertext,
which only can be decrypted with the proper decryption keys.
Therefore, it eliminates the problem of data disclosure. The
data integrity problem is resolved since an intruder cannot
change ciphertext without the encryption keys.

Traditional database security is based on view mechanisms.
A view is a table that does not have any existence in its own
right, but is instead derived from one or more underlying base
tables. View mechanism for access control is simple and
efficient not only in discretionary but also in multilevel access
control database systems.

The advantage of a cryptography-based data view is that it is
highly secure when transferring sensitive data by insecure
channels or working at distributed systems.

We also propose four security layers for an implementation
of secured DBMS. They are external layer (or user views),
central layer (or system views), internal layer (or data views),
and analysis layer (or administrator views).

The external layer is to study user authentication or identification
mechanism. User authentication is an authentic process
which proves that someone or something should be accepted
as being legal one. The legal one is permitted to access data
item in database system but an illegal one is forbidden.

The central layer is to study authorization control methods
which prevent the important information stored in a computer
from being destroyed, altered, disclosed or copied by
unauthorized users. It includes discretionary and multilevel
access controls which are based on the discretionary and
multilevel security policies, respectively.

The internal layer is to study cryptography that includes
encryption/decryption cryptosystem and key management.
By transforming raw data to an unreadable form, the three
threats: privacy, modification, or fabrication can be prevented.

The analysis layer is to study security analysis that includes
audit controls and statistical database controls. Since it is
impossible to design a real trusted DBMS, the system should
provide a function to detect all actions of security violation.

There are four kinds of methods that enforce database security:
user authentication, authorization control, cryptography-based
control, and security management control. The first three
methods are of active controls. The last method is a passive
protection.