2. DefinitionDefinition
Database Security isDatabase Security is
the mechanism that protect the databasethe mechanism that protect the database
against intentional or accidental threats.against intentional or accidental threats.
We consider database security in relation toWe consider database security in relation to
the following situations:the following situations:
- Theft and Fraud- Theft and Fraud
- Loss of confidentiality- Loss of confidentiality
3. IntroductionIntroduction
– Loss of privacyLoss of privacy
– Loss of integrityLoss of integrity
– Loss of availabilityLoss of availability
Threat isThreat is
any intentional or accidental event thatany intentional or accidental event that
may adversely affect the system.may adversely affect the system.
4. Introduction (Cont)Introduction (Cont)
Examples of threats:Examples of threats:
- Using another person’s log-in name- Using another person’s log-in name
toto
access dataaccess data
- Unauthorized copying data- Unauthorized copying data
- Program/Data alteration- Program/Data alteration
- Illegal entry by hacker- Illegal entry by hacker
- Viruses- Viruses
- Etc.- Etc.
6. AuthorizationAuthorization
The granting of a privilege that enable aThe granting of a privilege that enable a
user to have a legitimate access to auser to have a legitimate access to a
system.system.
They are sometimes referred as accessThey are sometimes referred as access
controls.controls.
The process of authorization involvesThe process of authorization involves
authenticating the user requesting accessauthenticating the user requesting access
to objects.to objects.
7. AuthenticatingAuthenticating
Means a mechanism that determinesMeans a mechanism that determines
whether a user is who he/she claim to be.whether a user is who he/she claim to be.
A system administrator is responsible forA system administrator is responsible for
allowing users to have access to theallowing users to have access to the
system by creating individual usersystem by creating individual user
accounts.accounts.
8. Closed Vs Open SystemsClosed Vs Open Systems
Closed SystemsClosed Systems
Some DBMS required authorization forSome DBMS required authorization for
authorized DBMS users to access specificauthorized DBMS users to access specific
objects.objects.
Open SystemsOpen Systems
Allow users to have complete access to allAllow users to have complete access to all
objects within the database.objects within the database.
9. A DBMS may permit both individual userA DBMS may permit both individual user
identifiers and group identifiers to beidentifiers and group identifiers to be
created.created.
Certain privileges may be associated withCertain privileges may be associated with
specific identifiers, which indicate whatspecific identifiers, which indicate what
kind of privilege is allowed with certainkind of privilege is allowed with certain
with certain database objects.with certain database objects.
10. Each privileges has a binary valueEach privileges has a binary value
associated with it. The binary values areassociated with it. The binary values are
summed and the total value indicates whatsummed and the total value indicates what
privileges are allowed for a specific user orprivileges are allowed for a specific user or
group with a particular object.group with a particular object.
11. User & Group IdentifierUser & Group Identifier
UserUser
IdentifierIdentifier
TypeType GroupGroup MemberMember
IdentifierIdentifier
SG37SG37 UserUser SalesSales SG37SG37
SG14SG14 UserUser SalesSales SG14SG14
SG5SG5 UserUser
SalesSales GroupGroup
13. ViewsViews
Is the dynamic result of one or moreIs the dynamic result of one or more
relational operations operating on therelational operations operating on the
base relations to produce another relation.base relations to produce another relation.
A view is a virtual relation that does notA view is a virtual relation that does not
actually exist in the database, but isactually exist in the database, but is
produced upon request by a particularproduced upon request by a particular
user, at the time of request.user, at the time of request.
14. Views (Cont)Views (Cont)
The view mechanism provides a powerfulThe view mechanism provides a powerful
and flexible security mechanism by hidingand flexible security mechanism by hiding
parts of the database from certain users.parts of the database from certain users.
The user is not aware of the existence ofThe user is not aware of the existence of
any attributes or rows that are missingany attributes or rows that are missing
from the view.from the view.
15. Backup & RecoveryBackup & Recovery
Is the process of periodically taking a copyIs the process of periodically taking a copy
of the database and log file on to offlineof the database and log file on to offline
storage media.storage media.
DBMS should provide backup facilities toDBMS should provide backup facilities to
assist with the recovery of a databaseassist with the recovery of a database
failure.failure.
16. IntegrityIntegrity
Maintaining a secure database system byMaintaining a secure database system by
preventing data from becoming invalid.preventing data from becoming invalid.
17. EncryptionEncryption
The encoding of data by a special algorithmThe encoding of data by a special algorithm
that renders the data unreadable by anythat renders the data unreadable by any
program without the decryption key.program without the decryption key.
There will be degradation in performanceThere will be degradation in performance
because of the time taken to decode it.because of the time taken to decode it.
It also protects the data transmitted overIt also protects the data transmitted over
communication lines.communication lines.
18. RAIDRAID
Redundant Array of Independent DisksRedundant Array of Independent Disks
The hardware that the DBMS is running onThe hardware that the DBMS is running on
must be fault-tolerant, meaning that themust be fault-tolerant, meaning that the
DBMS should continue to operate even ifDBMS should continue to operate even if
one of the hardware components fails.one of the hardware components fails.
One solution is the use of RAID technology.One solution is the use of RAID technology.
19. RAID (Cont)RAID (Cont)
RAID works on having a large disk arrayRAID works on having a large disk array
comprising an arrangement of severalcomprising an arrangement of several
independent disks that are organized toindependent disks that are organized to
improve reliability and at the same timeimprove reliability and at the same time
increase performance.increase performance.