Databases Reference
In-Depth Information
tables). This additional layer of security is often used for sensitive data,
which is deemed to be highly confidential and needs to be more protected
than your average data. The motivation may be regulations, guidelines, pri-
vacy, or simply good practices. Examples of data that are often to be
encrypted include patient data, high-value account information (e.g., pri-
vate banking), Social Security numbers, passwords, credit card numbers,
and (this I know from watching too many movies) secret agent profiles.
10.2.1
Anatomy of the vulnerability: Prying SELECTs
and file theft
There are two scenarios that the encryption of data-at-rest addresses. These
are not vulnerabilities in the true sense of the word, because encryption of
data-at-rest is more about an additional layer of security. The first problem
that encryption of data-at-rest can address is that of database users looking
at data that they should not be able to see, even though it does not make
sense to revoke these permissions. A typical example is a DBA who is
allowed to issue any SQL on any table. Access control definitions often
allow the DBA to issue any query, mostly because most people don't want
to risk more stringent permission in case the DBA has to “save the day” in
some emergency condition. Because DBAs often have full permissions and
can often grant themselves permissions that they may not originally possess
(and even change the database's audit trail if they are doing something inap-
propriate and want to cover their tracks), it is sometimes practically impos-
sible to stop a DBA from looking at, for example, the salaries of their
coworkers and bosses (or even changing one of these values).
The other scenario where encryption of data-at-rest can be useful involves
file or disk theft. Even if access control to your database is perfect, a hacker
can still steal or copy the files (on the file system) being used by the database
or even the entire disk. The hacker can then take this data off-site and extract
the confidential information directly from these files.
A perfect example of this scenario comes from a report called “A
Remembrance of Data Passed: A Study of Disk Sanitization Practices,”
which was published by two MIT graduate students and which generated
big headlines in early 2003 (see http://web.mit.edu/newsoffice/2003/dis-
kdrives.html). In this study the students analyzed 158 disk drives that were
purchased through eBay and other sources of used computer hardware
(costing a total of less than $1,000) to see what data they could extract from
them. They found that 74% of the drives contained data that could be
recovered and read, including sensitive data such as detailed personal and
Search WWH ::
Custom Search