Transcript CSCI 3140 Module 3 – Logical Database

CSCI 3140
Module 6 – Database Security
Theodore Chiasson
Dalhousie University
Database Security
• Threats to database security include:
–
–
–
–
–
Theft and fraud
Loss of confidentiality
Loss of privacy
Loss of integrity
Loss of availability
• Computer-based controls to mitigate threats include:
–
–
–
–
–
–
Authorization
Views
Backup and recovery
Integrity
Encryption
RAID technology
Database Security
• Authorization
– Access control
– Involves authentication of subjects requesting access to objects
– SQL commands GRANT and REVOKE
• select/update/insert/delete
• Views (Subschemas)
– The dynamic result of one or more relational operations operating on
base relations to produce another relation
– A virtual relation that does not actually exist in the database but is
produced upon request
– Used to hide parts of the database from certain users
Database Security
• Backup and Recovery
– Backup is the process of periodically taking a copy of the database and
log file on to offline storage media
– Journaling is the process of keeping and maintaining a log file or journal
of all changes made to the database to enable recovery in the event of
a failure
– Journaling allows the database to be recovered after a failure to its last
known consistent state using a backup of the database together with the
log file
– Without a log file, any changes to the database after the most recent
backup are lost in the event of a failure
• Integrity
– Applying integrity constraints prevents the database from entering an
inconsistent state during normal operation
Database Security
•
Encryption
– The encoding of data by a special algorithm that renders the data unreadable by
any program without the decryption key
– Cryptosystem
•
•
•
•
Encryption key
Encryption algorithm
Decryption key
Decryption algorithm
– Symmetric encryption
• Same key and algorithm for encryption and decryption
– Asymmetric encryption
• Different keys for encryption and decryption
• Public key cryptography
•
RAID (Redundant Array of Independent Disks)
– Increased performance through data striping
– Parity or error-correcting scheme improves reliability
Database Security
•
Security in Oracle DBMS
– Privileges
•
•
•
•
A right to execute a particular type of SQL statement or to access another user’s objects
Connect to a database
Create a table
Select rows from another user’s tables
– System privileges
• The right to perform a particular action or to perform an action on any schema
object of a particular type
– Object privileges
• The right to perform a particular action on a specific table, view, sequence,
procedure, function or package
– ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT, UPDATE
– Roles
• Privileges can be granted to a role, and then the role can be granted to a user
Database Security
•
DBMSs and Web Security
– Proxy servers
• Improve performance
• Filter requests
– Firewalls
•
•
•
•
•
–
–
–
–
–
–
Prevents unauthorized access to or from a private network
Packet filter
Application gateway
Circuit-level gateway
Proxy server
Message Digest Algorithms and Digital Signatures
Digital Certificates
SSL
SET
Java Security
ActiveX