This document discusses threats to databases in e-commerce. It introduces security issues in relational databases and mechanisms for enforcing multiple security levels. It discusses types of security threats like loss of integrity, availability, and confidentiality of data. Specific threats to e-commerce databases are unauthorized access and alteration of user data or product information. The document proposes countermeasures like access control, inference control, flow control, encryption, and backups to protect databases from these threats.
3. Submitted By: MD. Arafat Hossen
ID: UG-02-22-09-012
Dept. of CSE
Submitted To: Fernaz Nawrin Nur
Lecturer
Dept. Of CSE
4. Electronic commerce, commonly known as e-
commerce or e-comm, refers to the buying and
selling of products or services over electronic
systems such as the Internet and
other computer networks. Electronic commerce
draws on such technologies as electronic funds
transfer, supply chain management, Internet
marketing, online transaction processing,etc…
5. Introduction to security issues
Mechanisms used to grant and revoke privilege in
relational database in SQL
An overview of the mechanisms for enforcing multiple
levels of security
Briefly discusses the security problem in statistical
database
Introduces flow control and mentions problems
associated with convert channels.
A brief summary of encryption and public key
infrastructure schemes.
6. Types of Security
• Legal and ethical issues regarding the right to access certain
information. In US there are many laws governing privacy of
information.
• Policy issues at the governmental, institutional, or corporate level as to
what kinds of information should not be made publicly available – for
example, credit ratings and personal medical records
• System-related issues such as the system levels at which various
security functions should be enforced-- for example, whether a security
function should be handled at the physical H/W, OS, or DBMS levels.
• The need in some organizations to identify multiple security levels and
to categorize the data and users based on these classified. The security
policy of the organization with respect to permitting access to various
classifications of data must be enforced.
7. Threatsto database result in the loss or
degradation of some or all of the
following security goals: integrity,
availability, and confidentially.
• Loss of integrity
• Loss of availability
• Loss of confidentially
8. Database threats:
E-commerce systems store user data and retrieve
product information
from databases connected to the web-server. Besides
product information, databases
connected to the web contain valuable and private
information that could irreparably damage
a company if it were disclosed or altered. Some
databases store username/password pairs
in a non-secure way. If someone obtains user
authentication information, then he or she can
pretext as a legal database user and reveal private and
costly information.
9. Integrity refer to requirement that information be protected from
improper modification.
Modification of data includes
• Creation
• Insertion
• Modification
• Deletion
• Change the status of data
Integrity is lost if unauthorized changes are make to the data by
either intentional or accidental acts.
If continue use the contaminated system or corrupt data cause the
result in inaccuracy, fraud, or erroneous decision
10. Database availability refers to making
objects available to human user or a
program to which they have a legitimate
right
11. Database confidentially refers to the protection
of data from unauthorized disclosure.
The impact range from
• Violent of data privacy act to the damage of national
security
Unauthorized could result in loss of public
confidence, embarrassment, or legal action
against the organization.
12. Toprotect database against these types
of 4 kinds of countermeasures can be
implemented:
• Access control
• Inference control
• Flow control
• Encryption
• Backup the Database regularly
13. Thank You Teacher and Class
Any Questions????