3. What is Database Security?
Database Security is the mechanism that protect the
database against intentional or accidental threats.
Security policy describes the security measures
enforced.
Security mechanisms of the underlying DBMS must
be utilized to enforce the policy.
Minaxi & Jignasha 3/24
Database Security
4. Requirements
Security curriculum is relatively light in database
systems area
Focus currently on protecting information through
network configuration, systems administration,
application security
Need to specifically consider database system security
issues
Minaxi & Jignasha 4/24
Database Security
5. Goals
Understand security issues in:
a general database system environment
a specific DBMS (Oracle) environment
Consider database security issues in context of general
security principles and ideas
Consider issues relating to both database storage and
database system communication with other
applications
Minaxi & Jignasha 5/24
Database Security
6. Main Message
Database system security is more than securing the
database
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to database
system
• Secure web server in relation to database system
• Secure network environment in relation to
database system
Minaxi & Jignasha 6/24
Database Security
7. Purpose
We consider database security in relation to the
following situations:
- Theft and Fraud
- Loss of confidentiality
- Loss of privacy
- Loss of integrity
- Loss of availability
Minaxi & Jignasha 7/24
Database Security
9. Threat
Threat is any intentional or accidental event that
may adversely affect the system.
Examples of threats:
- Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
Minaxi & Jignasha 9/24
Database Security
10. Countermeasures
A Countermeasures is an action that you take on
order to weaken the effect of another action, a
situation, or to make it harmless.
Because the threat never developed, We didn’t need
to take any real countermeasures.
Minaxi & Jignasha 10/24
Database Security
12. Authorization
The granting of a privilege that enable a user to have
a legitimate access to a system.
They are sometimes referred as access controls.
The process of authorization involves authenticating
the user requesting access to objects.
Minaxi & Jignasha 12/24
Database Security
13. Authenticating
Means a mechanism that determines whether a user
is who he/she claim to be.
A system administrator is responsible for allowing
users to have access to the system by creating
individual user accounts.
Minaxi & Jignasha 13/24
Database Security
14. Four Authenticating Users to the Database:
1)Introduction to User Authentication
2)password for Authentication
3)Strong Authentication
4)Proxy Authentication and Authorization
Minaxi & Jignasha 14/24
Database Security
15. Views
A view is virtual relation that does not actually exit in
the database, but is produced upon request by a
particular user, at the time of request.
The view mechanism provides a powerful and
flexible security mechanism by hiding parts of the
database from certain users.
The user is not aware of the existence of any
attributes or rows that are missing from the view.
Minaxi & Jignasha 15/24
Database Security
16. Backup and Recovery
DBMS should provide backup facilities to assist with
the recovery of a database failure.
backup and recovery refers to the various strategies
and procedures involved in protecting your database
against data loss and reconstructing the database
after any kind of data loss.
Minaxi & Jignasha 16/24
Database Security
17. Backups can be divided into physical backups and
logical backups.
Backup have two distinct purpose:
1)Primary purpose is to recover data After it’s loss,
be it by data deletion or corruption.
2)Secondary purpose of backup is to recover data
from an earlier time.
Minaxi & Jignasha 17/24
Database Security
18. Integrity
Data integrity is a fundamental component of
information security.
Maintaining a secure database system by preventing
data from becoming invalid.
Only authorized users should be allowed to modify
data.
Numeric columns should not accept alphabetic data.
For example, students
Minaxi & Jignasha 18/24
Database Security
19. Encryption
The encoding of data by a special algorithm that
renders the data unreadable by any program without
the decryption key.
It also protects the data transmitted over
communication lines.
Plain-Data Encrypted
Data
Algorithm and
Password
Minaxi & Jignasha 19/24
Database Security
20. privilege
A privilege allows a user to access some data object
in a certain manner (e.g., to read or to modify).
SQL-92 supports access control through GRANT and
REVOKE commands.
GRANT command: Give users privileges to base
tables and views.
REVOKE command: intended to achieve the reverse,
to withdraw the granted privilege from the user.
Minaxi & Jignasha 20/24
Database Security
21. Grant and Revoke
Black
Brown (owner)
Red
White
GRANT SELECT ON
Employee
TO Red
GRANT SELECT ON Employee
TO Black
WITH GRANT OPTION
?
Brown revokes
grant
given to Black
?
Brown does not want
Red to access the
Employee relationGRANT UPDATE(Salary) ON
Employee TO White
Minaxi & Jignasha 21/24
Database Security
22. RAID Technology
Redundant Array of Independent Disks
The DBMS is running on must be fault-tolerant,
meaning that the DBMS should continue to operate
even if one of the hardware components fails.
One solution is the use of RAID technology.
RAID works on having a large disk array comprising
an arrangement of several independent disks that are
organized to improve reliability and at the same time
increase performance.
Minaxi & Jignasha 22/24
Database Security