Download Introduction to Databases - Department of Software and Information

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts

Business intelligence wikipedia , lookup

Information security wikipedia , lookup

Expense and cost recovery system (ECRS) wikipedia , lookup

Disk formatting wikipedia , lookup

Relational model wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Versant Object Database wikipedia , lookup

Database wikipedia , lookup

Concurrency control wikipedia , lookup

Database model wikipedia , lookup

Computer security wikipedia , lookup

Clusterpoint wikipedia , lookup

Transcript 
Security
Dale-Marie Wilson, Ph.D.
Why Database Security?

Data

Valuable resource
• Must be strictly controlled and managed
• Corporate resource
Have strategic importance
 Must be secure and confidential

Database Security

Mechanisms that protect database against
intentional or accidental threats
Does not only apply to data held in
database
 Security breaches may affect other parts
of system


Eventually affect database
Database Security

Involves measures to avoid:






Theft and fraud
Loss of confidentiality (secrecy)
Loss of privacy
Loss of integrity
Loss of availability
Threat

Any situation or event, intentional or
unintentional, that adversely affects system =>
organization
Summary of Threats to
Computer Systems
Typical Multi-user
Computer Environment
Countermeasures –
Computer-Based Controls

Concerned with physical controls to
administrative procedures and includes:







Authorization
Access controls
Views
Backup and recovery
Integrity
Encryption
RAID technology
Countermeasures –
Computer-Based Controls

Authorization
The granting of a right or privilege, which
enables a subject to legitimately have
access to a system or a system’s object
 Mechanism that determines whether user
is, who he/he claims

Countermeasures –
Computer-Based Controls

Access control


Granting/revoking of privileges
Privilege
Allows user to create or access (read,
write, modify) database object (relation,
view, index) or run DBMS utilities
 Granted to user to accomplish tasks
required for jobs

Countermeasures –
Computer-Based Controls

Discretionary Access Control (DAC)



Provided by most DBMS
Effective
Weakness
• Unauthorized user can trick authorized user into disclosing sensitive
data

SQL standard supports DAC


GRANT command


GRANT and REVOKE commands
Gives privileges to users
REVOKE command

Takes privileges from users
Countermeasures –
Computer-Based Controls

Mandatory Access Control (MAC)






Based on system-wide policies
Cannot be changed by individual users
Not supported by SQL standard
Each database object assigned a security class
Each user assigned a clearance for a security
class
Rules are imposed on reading and writing of
database objects by users
Countermeasures –
Computer-Based Controls

MAC
Determines whether user can read/write
object
 Based on rules of security level of object
and clearance of user
 Rules ensure sensitive data never ‘passed
on’ to another user without necessary
clearance

Bell-LaPudula Model




Each database object assigned security class
Each subject assigned clearance
Four classes:

Top secret (TS), Secret (S), Confidential (C), Unclassified (U)

TS > S > C > U
Two restrictions:
1.
Simple Security property
•
2.
Subject S is allowed to read Object O only if class(S) >= class(O)
*_Property
•
Subject S is allowed to write object O only if class(S) <= class (O)
Popular Model for MAC
called Bell-LaPudula
Countermeasures –
Computer-Based Controls



View
 dynamic result of one or more relational operations
operating on base relations to produce another relation
 Virtual relation
 Produced upon request by particular user, at time of request
Backup
 Process of periodically taking copy of database, log file,
programs to offline storage media
Journaling
 Process of maintaining log file/journal of all changes made
to database to enable effective recovery in event of failure
Countermeasures –
Computer-Based Controls

Integrity

Prevents invalid data
• Misleading or incorrect results

Encryption
Encoding of data by special algorithm
 Renders data unreadable by any program
without decryption key

RAID (Redundant Array of
Independent Disks)
Technology

DBMS hardware must be fault-tolerant
 Continues to operate even if one hardware components fails

Main hardware components include:
 Disk drives, disk controllers, CPU, power supplies, cooling
fans
 Disk drives most vulnerable component
• Has shortest times between failures of other hardware
components

Suggests having redundant components

Seamlessly integrated into working system whenever
component failure occurs
RAID (Redundant Array of
Independent Disks)
Technology



Large disk array comprising an arrangement of several
independent disks
Organized to improve reliability and increase performance
Performance
 Increased through data striping
• Data segmented into equal-size partitions (striping unit)
• Transparently distributed across multiple disks

Reliability
 Improved through storing redundant information across the
disks using parity scheme or error-correcting scheme
RAID (Redundant Array of
Independent Disks)
Technology

Different disk configurations aka RAID
levels








RAID 0 Nonredundant
RAID 1 Mirrored
RAID 0+1 Nonredundant and Mirrored
RAID 2 Memory-Style Error-Correcting Codes
RAID 3 Bit-Interleaved Parity
RAID 4 Block-Interleaved Parity
RAID 5 Block-Interleaved Distributed Parity
RAID 6 P+Q Redundancy
DBMS and Web Security
Internet communication relies on TCP/IP
 TCP/IP and HTTP not designed with
security in mind
 Without special software, all Internet
traffic travels ‘in the clear’
 Anyone who monitors traffic can read it

DBMS and Web Security

Must ensure while transmitting
information over the Internet that:





inaccessible to anyone but sender and receiver
(privacy);
not changed during transmission (integrity);
receiver can be sure it came from sender
(authenticity);
sender can be sure receiver is genuine (nonfabrication);
sender cannot deny he or she sent it (nonrepudiation).
DBMS and Web Security

Measures include:









Proxy servers
Firewalls
Message digest algorithms and digital signatures
Digital certificates
Kerberos
Secure sockets layer (SSL) and Secure HTTP (S-HTTP)
Secure Electronic Transactions (SET) and Secure
Transaction Technology (SST)
Java security
ActiveX security
How Secure Electronic
Transactions (SET) Works

Chapter 19
Related documents
Database Security (cont.)
Database Security (cont.)
CiscoS3C8
CiscoS3C8
Database Security
Database Security
chap16
chap16
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Physical Database Design
Physical Database Design
Security
Security
07-6810-26
07-6810-26
Student Number
Student Number
csci19f2
csci19f2
jones, c - Computer Science
jones, c - Computer Science
Data/Spec Sheet
Data/Spec Sheet
Network Servers - Wright State University
Network Servers - Wright State University
Hard Drive Glossary
Hard Drive Glossary
RAID - NUS School of Computing
RAID - NUS School of Computing
HARDWARE TERMS The Forensic Services Group ROM (read
HARDWARE TERMS The Forensic Services Group ROM (read
- Google Sites
- Google Sites
RAID 2
RAID 2
Database Management Systems - University of Hawaii at Hilo
Database Management Systems - University of Hawaii at Hilo
Avian Influenza
Avian Influenza
Chap 6: DB Security File - e
Chap 6: DB Security File - e
RAID 1
RAID 1