dbms ii mca-ch12-security-2013
TRANSCRIPT
By C.Aruna Devi(DSCASC) 1
Database SecurityChapter 12
UNIT V
Data Base Management System[DBMS]
By C.Aruna Devi(DSCASC) 2
Database Security
Techniques used for protecting the database against persons who are not authorized to access either certain parts of a database or the whole database.
By C.Aruna Devi(DSCASC) 3
Database Security
Types of Security:
Legal and ethical issuesPolicy issuesSystem-related issuesThe need to identify multiple security levels
By C.Aruna Devi(DSCASC) 4
Types of Security:
Legal and ethical issues: This is regarding the right to access certain
information. Some Information may be deemed to be private
and cannot be accessed legally by unauthorized persons.
Policy issues: Policy issues at the governmental, institutional or corporate
level as to what kind of information should not be made publicly available.
System-related issues: System related issues such as the system levels at which
various security functions should be enforced. Eg: Hardware level or DBMS level or OS level.
The need to identify multiple security levels: In some organization there is a need for multiple
security levels and to categorize the data and users based on these classifications.
Eg: Top secret, secret, confidential.
By C.Aruna Devi(DSCASC) 5
SecurityIn a multi-user database system, the DBMS
must provide techniques to enable certain users or user groups to access selected portion of a database without gaining access to the rest of the database.
For Eg: Employee Salaries.
By C.Aruna Devi(DSCASC) 6
Database SecurityThreats to databases:
- Loss of integrity- Loss of availability- Loss of confidentiality
To protect databases against these types of threats four kinds of countermeasures can be implemented : access control, inference control, flow control, and encryption.
By C.Aruna Devi(DSCASC) 7
Database SecurityA DBMS typically includes a database
security and authorization subsystem that is responsible for ensuring the security portions of a database against unauthorized access.
Two types of database security mechanisms:
Discretionary security mechanisms Mandatory security mechanisms
By C.Aruna Devi(DSCASC) 8
Types of database securityDiscretionary security mechanisms: These are used to grant privileges to
users, including the capability to access specific data files, records, or fields in a specific mode (such as read, insert, delete, or update).
Mandatory security mechanisms: These are used to enforce multilevel security by classifying the data and users into various security classes.
For eg: a typical security policy is to permit users at a certain classification level to see only the data items classified at the user’s own classification level.
By C.Aruna Devi(DSCASC) 9
Database SecuritySecurity Problem: To prevent unauthorized persons
from accessing the system. ie., to change the data or delete the data.
The security mechanism of a DBMS must include provisions for restricting access to the database as a whole; this function is called access control and is handled by creating user accounts and passwords to control login process by the DBMS.
By C.Aruna Devi(DSCASC) 10
Database SecuritySecurity Problem:
The security problem associated with databases is that of controlling the access to a statistical database, which is used to provide statistical information or summaries of values based on various criteria.
For eg: Database for population statistics.
The countermeasures to statistical database security problem is called inference control measures.
By C.Aruna Devi(DSCASC) 11
Introduction to Database Security IssuesSecurity Problem:
Another security is that of flow control, which prevents information from flowing in such a way that it reaches unauthorized users.
Channels that are pathways for information to flow implicitly in ways that violate the security policy of an organization are called covert channels.
By C.Aruna Devi(DSCASC) 12
Introduction to Database Security Issues
Security Problem:
A final security issue is data encryption, which is used to protect sensitive data (such as credit card numbers) that is being transmitted via some type communication network.
The data is encoded using some coding algorithm.
An unauthorized user who access encoded data will have difficulty deciphering it, but authorized users are given decoding or decrypting algorithms (or keys) to decipher data.
By C.Aruna Devi(DSCASC) 13
Database Security and the DBA The database administrator (DBA) is the central
authority for managing a database system.
The DBA’s responsibilities include granting privileges to users who need to use the system and classifying users and data in accordance with the policy of the organization.
The DBA has a DBA account in the DBMS, sometimes called a system or super user account, which provides powerful capabilities .
By C.Aruna Devi(DSCASC) 14
Database Security and the DBADBA privileged commands include:
Granting and revoking privileges to individual account, users, or user groups and for performing the following types of action.
1. Account creation2. Privilege granting3. Privilege revocation4. Security level assignment
The DBA is responsible for the overall security of the database system.
Action 1 is access control, whereas 2 and 3 are discretionary and 4 is
used to control mandatory authorization.
By C.Aruna Devi(DSCASC) 15
DBA privileged commands1.Account creation: This action creates a new account and password for a
user or a group of users to enable them to access the DBMS.
2. Privilege granting: This action permits the DBA to grant certain
privileges to certain account.
3. Privilege revocation: This action permits the DBA to revoke (cancel) certain
privileges that where previously given to certain account.
4. Security level assignment: This action consists of assigning user accounts to
the appropriate security classification level.
By C.Aruna Devi(DSCASC) 16
Access Protection, User Accounts, and Database Audits
Whenever a person or group of persons need to access a database system, the individual or group must first apply for a user account.
The DBA will then create a new account number and password for the user if there is a legitimate need to access the database.
The user must log in to the DBMS by entering account number and password whenever database access is needed.