Chapter Database and Cloud Security Databases  Structured collection of data stored for use by one or more applications Database management system (DBMS)  Contains the relationships between data items and groups of data items  Can sometimes contain sensitive data that needs to be secured Query language  Provides a uniform interface to the database • Suite of programs for constructing and maintaining the database • Offers ad hoc query facilities to multiple users and applications Database utilities User applications DDL processor User queries DML and query languageprocessor Database description tables DBMS Authorization tables Transaction manager DDL =data definition language DML =data manipulation language Filemanager Physical database Figure5.1 DBMS Architecture Concurrent access tables Relational Databases  Table of data consisting of rows and columns  Each column holds a particular type of data  Each row contains a specific value for each column  Ideally has one column where all values are unique, forming an identifier/key for that row  Enables the creation of multiple tables linked together by a unique identifier that is present in all tables  Use a relational query language to access the database  Allows the user to request data that fit a given set of criteria Relational Database Elements Primary key • • Uniquely identifies a row Consists of one or more column names Foreign key  Relation/table/file  Tuple/row/record •  Attribute/column/field View/virtual table • Links one table to attributes in another Result of a query that returns selected rows and columns from one or more tables Table 5.1 Basic Terminology for Relational Databases Records Attributes A1 • • • Aj • • • AM x11 • • • x1j • • • x1M • • • • • • • • • • • • i xi1 • • • • • • • • • • • • N xN1 • • • • • • xij xNj • • • • • • Figure5.3 Abstract Model of a Relational Database xiM xNM Department Table EmployeeTable Did Dname human resources education Dacctno 528221 202035 Ename Did Salarycode Eid Robin 15 23 2345 Neil 13 12 5088 Ephone 6127092485 6127092246 13 15 709257 755827 223945 Jasmine Cody Holly Robin Smith 6127099348 6127093148 6127092729 6127091945 6127099380 accounts public relations services primary key 15 8 26 22 23 24 21 foreign key (a) Two tables in a relational database Dname Ename Eid human resources Jasmine 7712 education Holly 3054 Ephone 6127099348 6127092729 education Robin 2976 6127091945 accounts public relations services services Smith Neil Robin Cody 4490 5088 2345 9664 6127099380 6127092246 6127092485 6127093148 (b) A view derived from the database Figure5.4 Relational DatabaseExample 7712 9664 3054 2976 4490 primary key Data owner – organization that produces data to be made available for controlled release User – human entity that presents queries to the system Original query Meta Data metadata Client – frontend that transforms user queries into queries on the encrypted data stored on the server Data owner Plaintext result User Client Server – an organization that receives the Query Processor encrypted data from a data owner and makes them available for distribution to clients Database Meta Data Encrypt/ Decrypt Transformed query Encrypted result Query Executor Server Figure5.9 A DatabaseEncryption Scheme Encrypted database Cloud Security NIST SP-800-145 defines cloud computing as: “A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.” Essential Characteristics Broad Network Access Rapid Elasticity Measured Service On-Demand Self-Service Resource Pooling Software as a Service (SaaS) Deployment Models Service Models Platform as a Service (PaaS) I nfrastructure as a Service (I aaS) Public Private Hybrid Figure 5.11 Cloud Computing Elements Community Cloud Application Software (provided by cloud, visibleto subscriber) Cloud Application Software (developed by subscriber) Cloud Platform (visibleonly to provider) Cloud Platform (visibleto subscriber) Cloud Infrastructure (visibleonly to provider) Cloud Infrastructure (visibleonly to provider) (a) SaaS (b) PaaS Cloud Application Software (developed by subscriber) Cloud Platform (visibleto subscriber) Cloud Infrastructure (visibleto subscriber) (c) IaaS Figure 5.12 Cloud Service Models NIST Deployment Models Public Public cloud cloud Private Private cloud cloud • • The The cloud cloud infrastructure infrastructure is is made made available available to to the the general general public public or or a a large large industry industry group group and and is is owned owned by by an an • The The cloud cloud infrastructure infrastructure is is operated operated solely solely for for an an organization organization • It It may may be be managed managed by by the the organization organization or or organization organization selling selling cloud cloud services services a a third third party party and and may may exist exist on on premise premise or or The The cloud cloud provider provider is is responsible responsible both both for for off off premise premise the the cloud cloud infrastructure infrastructure and and for for the the • control control of of data data and and operations operations within within the the The The cloud cloud provider provider is is responsible responsible only only for for the the infrastructure infrastructure and and not not for for the the control control cloud cloud Community Community cloud cloud Hybrid Hybrid cloud cloud • • • The The cloud cloud infrastructure infrastructure is is shared shared by by The The cloud cloud infrastructure infrastructure is is a a composition composition several several organizations organizations and and supports supports a a of of two two or or more more clouds clouds that that remain remain unique unique specific specific community community that that has has shared shared entities entities but but are are bound bound together together by by concerns concerns standardized standardized or or proprietary proprietary technology technology It It may may be be managed managed by by the the organizations organizations that that enables enables data data and and application application or or a a third third party party and and may may exist exist on on premise premise portability portability or or off off premise premise Enterprise Cloud User LAN switch Router Network or I nternet Router LAN switch Cloud service provider Servers Figure 5.13 Cloud Computing Context Cloud Computing Reference Architecture • NIST SP 500-292 establishes a reference architecture described as follows: “The NIST cloud computing reference architecture focuses on the requirements of ‘what’ cloud services provide, not a ‘how to’ design solution and implementation The reference architecture is intended to facilitate the understanding of the operational intricacies in cloud computing It does not represent the system architecture of a specific cloud computing system; instead it is a tool for describing, discussing, and developing a system-specific architecture using a common framework of reference.” Objectives • NIST developed the reference architecture with the following objectives in mind: o To illustrate and understand the various cloud services in the context of an overall cloud computing conceptual model o To provide a technical reference for consumers to understand, discuss, categorize, and compare cloud services o To facilitate the analysis of candidate standards for security, interoperability, and portability and reference implementations Cloud Provider ServiceLayer SaaS Cloud Auditor Security Audit PaaS Business Support IaaS ResourceAbstraction and Control Layer Privacy Impact Audit Physical ResourceLayer Performance Audit Facility Hardware Cloud Broker Cloud Service Management Provisioning/ Configuration Service Intermediation Privacy ServiceOrchestration Security Cloud Consumer Service Aggregation Service Arbitrage Portability/ Interoperability Cloud Carrier Figure 5.14 NI ST Cloud Computing Reference Architecture Cloud Security Risks The Cloud Security Alliance lists the following as the top cloud specific security threats: Abuse and nefarious Insecure interfaces and use of cloud computing APIs Shared technology issues Data loss or leakage Unknown risk profile Malicious insiders Account or service hijacking Table 5.4 NIST Guidelines on Cloud Security and Privacy Issues and Recommendations Data protection Evaluate the suitability of the cloud provider’s data management solutions for the organizational data concerned and the ability to control access to data, to secure data while at rest, in transit, and in use, and to sanitize data Take into consideration the risk of collating organizational data with those of other organizations whose threat profiles are high or whose data collectively represent significant concentrated value Fully understand and weigh the risks involved in cryptographic key management with the facilities available in the cloud environment and the processes established by the cloud provider Availability Understand the contract provisions and procedures for availability, data backup and recovery, and disaster recovery, and ensure that they meet the organization’s continuity and contingency planning requirements Ensure that during an intermediate or prolonged disruption or a serious disaster, critical operations can be immediately resumed, and that all operations can be eventually reinstituted in a timely and organized manner Incident response Understand the contract provisions and procedures for incident response and ensure that they meet the requirements of the organization Ensure that the cloud provider has a transparent response process in place and sufficient mechanisms to share information during and after an incident Ensure that the organization can respond to incidents in a coordinated fashion with the cloud provider in accordance with their respective roles and responsibilities for the computing environment (This table can be found on page 190 in the textbook.) Data Protection in the Cloud The threat of data compromise increases in the cloud Risks and challenges that are unique to Multi-instance model the cloud Provides a unique DBMS running on a virtual machine instance for each cloud subscriber Multi-tenant model Architectural or operational characteristics of the cloud environment Provides a predefined environment for the cloud Gives the appearance of exclusive use of the instance Gives the subscriber complete subscriber that is shared with other tenants typically but relies on the cloud provider to establish and control over administrative through tagging data with a subscriber identifier maintain a secure database environment tasks related to security Cloud Security As A Service • • • SecaaS Is a segment of the SaaS offering of a CP Defined by The Cloud Security Alliance as the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers’ on-premise systems Encryption E-mail security Data loss prevention Security assessments Security information and event management Business continuity and disaster recovery Web security Intrusion management Identity and access management Network security Cloud serviceclients and adversaries Figure 5.15 Elements of Cloud Security as a Service Summary • • • • • The need for database security Database management systems Relational databases o o Elements of a relational database system Structured Query Language SQL injection attacks o o o o A typical SQLi attack The injection technique SQLi attack avenues and types • SQLi countermeasures Inference • • • • • Database access control o o o SQL-based access definition Cascading authorizations Role-based access control Database encryption Cloud computing o o Cloud computing elements Cloud computing reference architecture Cloud security risks and countermeasures Data protection in the cloud Cloud security as a service ... inject SQL commands by providing suitable crafted user input Server variables • Attackers can forge the values that are placed in HTTP and network headers and exploit this vulnerability by placing... (SQL)  Standardized language to define schema, manipulate, and query data in a relational database  Several similar versions of ANSI/ISO standard  All follow the same basic syntax and semantics... Database and Cloud Security Databases  Structured collection of data stored for use by one or more applications Database management system (DBMS)  Contains the relationships between data items and