DATABASE SECURITY
Download
Report
Transcript DATABASE SECURITY
DATABASE SECURITY
By Oscar Suciadi
CS 157B
Prof. Sin-Min Lee
Definition
Database Security is
the mechanism that protect the database
against intentional or accidental threats.
We consider database security in relation to
the following situations:
- Theft and Fraud
- Loss of confidentiality
Introduction
– Loss of privacy
– Loss of integrity
– Loss of availability
Threat is
any intentional or accidental event that
may adversely affect the system.
Introduction (Cont)
Examples of threats:
- Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
- Etc.
Countermeasures
Computer-Based Controls:
- Authorization
- Views
- Backup and Recovery
- Integrity
- Encryption
- RAID Technology
Authorization
The granting of a privilege that enable a
user to have a legitimate access to a
system.
They are sometimes referred as access
controls.
The process of authorization involves
authenticating the user requesting access
to objects.
Authenticating
Means a mechanism that determines
whether a user is who he/she claim to be.
A system administrator is responsible for
allowing users to have access to the
system by creating individual user
accounts.
Closed Vs Open Systems
Closed Systems
Some DBMS required authorization for
authorized DBMS users to access specific
objects.
Open Systems
Allow users to have complete access to all
objects within the database.
A DBMS may permit both individual user
identifiers and group identifiers to be
created.
Certain privileges may be associated with
specific identifiers, which indicate what
kind of privilege is allowed with certain
with certain database objects.
Each privileges has a binary value
associated with it. The binary values are
summed and the total value indicates
what privileges are allowed for a specific
user or group with a particular object.
User & Group Identifier
User
Identifier
Type
Group
Member
Identifier
SG37
User
Sales
SG37
SG14
User
Sales
SG14
SG5
Sales
User
Group
Access Control Matrix
User
Property#
Identifier
Type
Price
Owner#
Staff#
Branch#
Query
Row
Limit
Sales
0001
0001
0001
0000
0000
0000
15
SG37
0101
0101
0111
0101
0111
0000
100
SG5
1111
1111
1111
1111
1111
1111
none
SELECT
UPDATE
INSERT
DELETE
ALL
0001
0010
0100
1000
1111
Views
Is the dynamic result of one or more
relational operations operating on the
base relations to produce another relation.
A view is a virtual relation that does not
actually exist in the database, but is
produced upon request by a particular
user, at the time of request.
Views (Cont)
The view mechanism provides a powerful
and flexible security mechanism by hiding
parts of the database from certain users.
The user is not aware of the existence of
any attributes or rows that are missing
from the view.
Backup & Recovery
Is the process of periodically taking a copy
of the database and log file on to offline
storage media.
DBMS should provide backup facilities to
assist with the recovery of a database
failure.
Integrity
Maintaining a secure database system by
preventing data from becoming invalid.
Encryption
The encoding of data by a special algorithm
that renders the data unreadable by any
program without the decryption key.
There will be degradation in performance
because of the time taken to decode it.
It also protects the data transmitted over
communication lines.
RAID
Redundant Array of Independent Disks
The hardware that the DBMS is running on
must be fault-tolerant, meaning that the
DBMS should continue to operate even if
one of the hardware components fails.
One solution is the use of RAID technology.
RAID (Cont)
RAID works on having a large disk array
comprising an arrangement of several
independent disks that are organized to
improve reliability and at the same time
increase performance.