Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Overview of Database Security
Document related concepts
Next-Generation Secure Computing Base wikipedia , lookup
Multilevel security wikipedia , lookup
Wireless security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Unix security wikipedia , lookup
Information privacy law wikipedia , lookup
Airport security wikipedia , lookup
Information security wikipedia , lookup
Mobile security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security Outline Threats to database security Database protection requirements Security Problems Threats to Database Security What is a threat? Three Consequences Two Kind of threats Security Problems What is a threat? A threat can be defined as a hostile agent that, either casually or by using specialized technique, disclose, modify or delete the information managed by a database management system. Security Problems Three Consequences Improper release of information Improper modification of data Denial of service Security Problems Two Kinds of Threat Accidental (Non-fraudulent) Intentional (fraudulent) Security Problems Causes of Non-fraudulent Threat Natural or accidental disasters Errors or bugs in hardware or software Human errors Security Problems Fraudulent Threat from Two Classes of User Authorized users Those who abuse their privileges and authority Hostile agents Those improper users (outsider or insiders) who attack the software and/or hardware system, or improperly read or write data in a database Security Problems Three Typical Attacks Virus Trojan Horse Trapdoor Security Problems Virus A code able to copy itself and to damage permanently and often irreparably the environment where it gets reproduced Security Problems Trojan Horse A program which, under an apparent utility, collects information for its own fraudulent use Security Problems Trapdoor A code segment hidden within a program; a special input will start this segment and allow its owner to skip the protection mechanisms and to access the database beyond his or her privileges Security Problems Database Protection Requirements Protection from Improper Access It consists of granting access to a database only to authorized users Protection from Inference Users must be prevented from tracking back to information on individual entities starting from statistical aggregated information Integrity of the Database Ensuring the logical consistency of data in a database User Authentication Identifying uniquely the database users Security Problems Database Protection Requirements Accountability and Auditing Recording all accesses to the database for analysis and for deterrence of unauthorized accesses Management and Protection of Sensitive Data Protecting the sensitive data from unauthorized users Multilevel Protection Information may be classified at various levels of protection Confinement To avoid undesired information transfer between systems Security Problems
