More Related Content
Similar to Database Security and Management Systems (20)
Recently uploaded (20)
Database Security and Management Systems
- 2. What is Database Security • Database security means protection of a database against unauthorized access, either intentional or unintentional • Database security requires the mechanisms, that protect a database against the intentional or accidental threats • Such mechanisms affect the hardware, software, people, and data components of a database management system • Database security protects against: • Theft and fraud, • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability
- 3. Threats • A threat is any situation or event, whether intentional or accidental, that may adversely effect on a system Sample threats: • Unauthorized amendment or copying of data • Using another person's means of access • Program alteration • Wire tapping • Illegal entry by hacker • Blackmail • Theft • Failure of security mechanisms And the others
- 4. Countermeasures • Countermeasures range from the physical controls to the administrative controls • Security of Database Management System (DBMS) is as good as security of an operating system running DBMS • We consider the following computer-based security controls in a multiuser environment • Authorization and authentication • Encryption • Views • Backup and recovery • Integrity
- 5. Authorization and authentication • Authorization means granting a right or a privilege to have a legitimate access to a system or the resources operated by a system • Authorization is usually built into the software and it determines what system or object a user can access and what a user is allowed to do with it • In a process of authorization a subject representing a user or a program requests and obtains access to an object, that represent relational table, relational view, etc • A process of authorization requires authentication of a subject
- 6. Authorization and authentication • Authentication is a mechanism, that determines whether a user is who he or she claims to be • A system administrator is responsible for allowing the users to have access to a computer system by creating the individual user accounts • When an account is created a user is given a unique identifier and a user picks a password associated with the identifier • To reduce the total number of user names and passwords it is possible to authenticate user's access to a database system through earlier authentication of access to an operating system • Such solution is not as safe as two separate passwords and it is consistent with a principle saying, that simplification of data access always reduces data security
- 7. Access Control • A typical way to control access to a database system is based on granting and revoking privileges • A privilege allows a user to create, to drop, or to access in read or write mode some database objects like relational tables, relational views, index, etc or to perform certain operations • The privileges are granted to a user to accomplish their task • The excessive privileges can compromise security • A user who creates a database object becomes an owner of the object and he/she automatically gets all privileges on the object • DBMS keeps track of all granted privileges to ensure that only selected user can access and can perform operations on the database objects
- 8. Access Control • There are two different strategies of access control: • Discretionary Access Control (DAC) Mandatory Access Control (MAC) • In Discretionary Access Control each user is given the access rights (privileges) on the specific database objects • A user obtains the privileges in a moment when he/she creates an object and the access of other users to the object is at a discretion of an owner • It is an effective system with some weaknesses, for example: • A user Alice creates a new relational table R and grants write access to such table to a user Bob • a user Bob owns a relational table S, which is not accessible to a user Alice • a user Alice modifies a software used by a user Bob, such that it copies the contents of a table S to a table R • user Alice returns a software used by user Bob to its original state
- 9. Access Control • Mandatory Access Control is based on system-wide policies that cannot be changed by the individual users • Each database object is assigned a security class and each user is assigned a clearance for a security class and the rules are imposed on reading and writing the database objects by the users • DBMS determines whether a user can read or write a database object based on certain rules, that involve a security level of the object and a clearance of the user
- 10. Encryption • Encryption of data means encoding of data by a special algorithm, that renders the data unreadable by any program without the decryption key • Sensitive data can be encoded to protect it against external threats or access • Some DBMS provide special facilities to encrypt data and to access encrypted data after decoding it • Usually there is a degradation in performance because of time needed to decode data
- 11. Encryption • A typical cryptosystem includes: • An encryption key to encrypt data (plaintext) • An encryption algorithm that with the encryption key transfroms plaintext into ciphertext • A decryption key to decrypt the ciphertext • A decryption algorithm to use decryption key with cipher text and to create the original plaintext