Professional Documents
Culture Documents
Sahil Bhagat
Database Security, Authorization, and Encryption
1. Introduction to Database Security
2. Auditing and Access Control
3. Flow Control
4. Encryption and Decryption
5. (DBA) Database Administrator Security
6. Privileges
7. Authorization
8. Types of Securities for Database
• Physical
• Network
• Programming
9. Backups
10. Data Integrity
Database Security
• An organized collection of data Types of Security
• Data is typically organized to • Legal and ethical issues
model aspects of reality in a way
that supports processes requiting • Policy issues
information. • System-related issues
ex. Hotel Booking System, Airline • The need to identify multiple security
Reservations, and Warehouse levels
Inventory
Threats to DB
• Loss of integrity
• Loss of availability
• Loss of confidentiality
To protect DB against these types of threats four A DBMS includes a DB security and authorization
kinds of countermeasures can be implemented: subsystem that ensures security against
• Access control
unauthorized access
• Inference control
• Flow control
2 types of DB security mechanisms:
• Encryption
1. Discretionary security mechs
2. Mandatory security mechs
Database Security (Continued)
Access Control is a security mechanism that
restricts unauthorized access by handling user
accounts and passwords
• Mechanism of authorization to enforce that ex. Ensures that users do not access information
requests to a system resource or functionality without permission
should be granted
• Gives administrators the ability to control,
restrict, monitor, and protect resource
availabilty, integrity, and confidentiality
• Access controls are security features that
control how users and systems communicate
and teract with other systems and resources
Role-Based Access Control
Flow control regulates the distribution or flow of information among accessible objects.
ex. A flow between object X and Y occurs when a program reads values from X and writes
values into Y
A flow policy specifies the channels along which information is allowed to move.
• 2 classes of information
1. confidential(C)
2. nonconfidential(N)
Database Security (Continued)
DBA use a system log to record all operations done during a login session
If any damage is done to the DB during a login session the DBA carries out a database
audit to review all changes
• the DB log used for security purposes is the audit trail
Types of Discretionary Privileges
Users can grant privileges to another account by using the GRANT OPTION,
which means that secondary accounts can grant privileges to tertiary
accounts. Examples:
• GRANT CREATETAB TO A1;
• GRANT SELECT, INSERT, UPDATE, DELETE ON employees TO username;
Oracle Privileges
• Read Authorization
• Update Authorization
• Alter Authorization
• changes the ownership of a database
Control who can view fields of your R by
using VIEW
ex. If the owner X of a R wants another account Y to be able to retrieve only some
fields of R, then X can create a view V of R that includes only those attributes and
then grant SELECT on V to Y.
Statistical DB Security
Statistical DB are used to produce stats on various populations and can include
confidential data
• users are permitted to retrieve statistical queries by using COUNT, SUM,
MIN, MAX, AVERAGE, and STANDARD DEVIATION.
Physical Security
• Physical security is a non-technical security. With this security, you are able to
protect your database form natural disasters, burglary, theft, vandalism, and
terrorism.
1. Using CCTV cameras
2. Making fire doors exit only
3. Limiting entry points of buildings
4. Planning for bomb detection
5. Having redundant utilities such as electricity, water, voice and data
6. Using biometric identification
Network Security
• Network security refers to the links, routers, and switches, which allow hosts to
communicate with one another. It basically ensures that the data cannot be compromised,
and that the data is not accessible to anyone who is not authorized to see it. The IT
department is responsible for providing secure and reliable network experience.
1. Providing confidentiality of data guarantees that only authorized users can view the
snsitive information
2. Firewalls
3. Using intrusion detection
4. Using traffic level monitoring
5. Using host-based packet
Programming Security
• Programming Securities such as Server Security, Databasse Connections,
Table Access Control etc.
1. Your database back end should never be on the same macahine as your
web server for security and performance purposes
2. Updates to a database via a web page by users should be validated and
updates should be warranted and safe
3. Table access control should be a collaboration of both the system
administrators and the database developer
Backups
• Duplicates the intended database
• Sindle operation that is usually
scheduled at regular intervals
• Self-contained
ex. Cloud storage, USB drives, RAID3,
hard copy
Data Integrity
• Maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and
is a critical aspect to the design, implementation and usage of any system which stores,
processes, or retrieves data
• Ensures the quality of the data in the database
• Can be compromised in multiple ways:
1. Human error during entry
2. Errors that occur when data is transmitted form one computer to another
3. Software bugs and viruses
4. Hardware malfunctions ex. disk crashes
5. Natural disasters
• Ways to minimize threats to data integrity
1. Regular backups
2. Controlling access to data via security mechanisms
3. Designing user interface that prevents the input of invalid data
4. Using error detection and correction software when transmitting data
Conclusion
Database Security refers to the collective measures used to protect
and secure a database or database management software from
illegitimate use and malicious threats and attacks.
Threats: Preventions:
• Loss of integrity • Access control
• Loss of availability • Inference control
• Loss of confidentiality • Flow control
• Encryption