csci 3140 module 6 – database security theodore chiasson dalhousie university
TRANSCRIPT
CSCI 3140Module 6 – Database Security
Theodore Chiasson
Dalhousie University
Database Security
• Threats to database security include:– Theft and fraud
– Loss of confidentiality
– Loss of privacy
– Loss of integrity
– Loss of availability
• Computer-based controls to mitigate threats include:– Authorization
– Views
– Backup and recovery
– Integrity
– Encryption
– RAID technology
Database Security
• Authorization– Access control
– Involves authentication of subjects requesting access to objects
– SQL commands GRANT and REVOKE• select/update/insert/delete
• Views (Subschemas)– The dynamic result of one or more relational operations operating on
base relations to produce another relation
– A virtual relation that does not actually exist in the database but is produced upon request
– Used to hide parts of the database from certain users
Database Security
• Backup and Recovery– Backup is the process of periodically taking a copy of the database and
log file on to offline storage media
– Journaling is the process of keeping and maintaining a log file or journal of all changes made to the database to enable recovery in the event of a failure
– Journaling allows the database to be recovered after a failure to its last known consistent state using a backup of the database together with the log file
– Without a log file, any changes to the database after the most recent backup are lost in the event of a failure
• Integrity– Applying integrity constraints prevents the database from entering an
inconsistent state during normal operation
Database Security
• Encryption– The encoding of data by a special algorithm that renders the data unreadable by
any program without the decryption key– Cryptosystem
• Encryption key
• Encryption algorithm
• Decryption key
• Decryption algorithm
– Symmetric encryption• Same key and algorithm for encryption and decryption
– Asymmetric encryption• Different keys for encryption and decryption
• Public key cryptography
• RAID (Redundant Array of Independent Disks)– Increased performance through data striping– Parity or error-correcting scheme improves reliability
Database Security
• Security in Oracle DBMS– Privileges
• A right to execute a particular type of SQL statement or to access another user’s objects
• Connect to a database
• Create a table
• Select rows from another user’s tables
– System privileges• The right to perform a particular action or to perform an action on any schema
object of a particular type
– Object privileges• The right to perform a particular action on a specific table, view, sequence,
procedure, function or package– ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT, UPDATE
– Roles• Privileges can be granted to a role, and then the role can be granted to a user
Database Security
• DBMSs and Web Security– Proxy servers
• Improve performance• Filter requests
– Firewalls• Prevents unauthorized access to or from a private network• Packet filter• Application gateway• Circuit-level gateway• Proxy server
– Message Digest Algorithms and Digital Signatures– Digital Certificates– SSL– SET– Java Security– ActiveX