Yukon To Have Tighter Locks, Better Keys

by Hinesh Jethwani    Aug 17, 2004

At TechEd India 2004 held in Mumbai today, Microsoft showcased enhanced database security features that will debut with SQL Server 2005 (code-named Yukon).

A part of Microsoft’s Trustworthy Computing initiative, the model chosen for securing Yukon is SD3+C — Secure by design, default and deployment. Most enhancements to the database have closely emulated the ’Secure by default’ procedure of ensuring tighter controls checks and smaller surface views.

In his presentation, Rajiv Sodhi, developer evangelist, Microsoft Corporation, clearly admitted some areas where SQL Server 2000 had exposed unforeseen vulnerabilities — defects that have been satisfactorily plugged in the Beta 2 Release Candidate 1 of Yukon.

“The fundamental difference between SQL Server 2000 and 2005 lies in the logical separation of user-schema representation. In SQL 2000, database objects were owned by users, a fact that diluted the difference between users and schemas. Yukon has introduced a correction measure, by assigning schemas as the rightful owners of objects. This effectively simplifies user management,” explained Sodhi.

In Yukon, every user will have a ’default’ schema, eliminating the need to needlessly create separate schemas for multiple users. An interesting feature to note here, is that the names of both users and schemas will remain the same, ensuring backward compatibility with SQL Server 2000.

Another interesting feature added to Yukon is the “Execute As X” concept. DBAs can easily write stored procedures to grant truncate rights to low privilege users. The syntax can allow admins to assign temporary modification privileges, or ’permission buckets’ to lower level users, minus the security risks invovled.

“Another gray area in SQL Server 2000 was the fact that virtually anyone with database access could view the metadata. This potential loophole has been corrected in Yukon. The new database will require view definitions to be set before anyone can have access to the metadata. Moreover, three permission states — Grant, Deny and Revoke — have been introduced in Yukon, which will provide flexible and explicit permission grants to lower level users,” added Sodhi.

Yukon comes with cryptographic support, which can be enabled in virtually 4-5 lines of code in its simplest instance, enumerated Sodhi. “All keys are encrypted in the memory. So, even if someone manages to flash a copy of the entire database, the data will be garbled and the key will remain hidden. The private key can be secured by a master key, which in turn is secured by a service key. The service key is protected by DPAPI.” Needless to add, Yukon has support for regeneration and recovery of keys.

Yukon is only a few steps away from achieving the coveted EAL4+ Around RTM certification. “This is the highest level of certification awarded to Microsoft products, and has already been achieved by Windows 2000 and 2003. The biggest stumbling block for Yukon in achieving EAL4+ was encryption support, which has now been resolved,” concluded Sodhi.

Tags: Yukon