Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Entity–attribute–value model wikipedia , lookup
Computer security wikipedia , lookup
Microsoft Access wikipedia , lookup
Expense and cost recovery system (ECRS) wikipedia , lookup
Business intelligence wikipedia , lookup
Concurrency control wikipedia , lookup
Versant Object Database wikipedia , lookup
Relational model wikipedia , lookup
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee Definition Database Security is the mechanism that protect the database against intentional or accidental threats. We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality Introduction – Loss of privacy – Loss of integrity – Loss of availability Threat is any intentional or accidental event that may adversely affect the system. Introduction (Cont) Examples of threats: - Using another person’s log-in name to access data - Unauthorized copying data - Program/Data alteration - Illegal entry by hacker - Viruses - Etc. Countermeasures Computer-Based Controls: - Authorization - Views - Backup and Recovery - Integrity - Encryption - RAID Technology Authorization The granting of a privilege that enable a user to have a legitimate access to a system. They are sometimes referred as access controls. The process of authorization involves authenticating the user requesting access to objects. Authenticating Means a mechanism that determines whether a user is who he/she claim to be. A system administrator is responsible for allowing users to have access to the system by creating individual user accounts. Closed Vs Open Systems Closed Systems Some DBMS required authorization for authorized DBMS users to access specific objects. Open Systems Allow users to have complete access to all objects within the database. A DBMS may permit both individual user identifiers and group identifiers to be created. Certain privileges may be associated with specific identifiers, which indicate what kind of privilege is allowed with certain with certain database objects. Each privileges has a binary value associated with it. The binary values are summed and the total value indicates what privileges are allowed for a specific user or group with a particular object. User & Group Identifier User Identifier Type Group Member Identifier SG37 User Sales SG37 SG14 User Sales SG14 SG5 Sales User Group Access Control Matrix User Property# Identifier Type Price Owner# Staff# Branch# Query Row Limit Sales 0001 0001 0001 0000 0000 0000 15 SG37 0101 0101 0111 0101 0111 0000 100 SG5 1111 1111 1111 1111 1111 1111 none SELECT UPDATE INSERT DELETE ALL 0001 0010 0100 1000 1111 Views Is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. Views (Cont) The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. The user is not aware of the existence of any attributes or rows that are missing from the view. Backup & Recovery Is the process of periodically taking a copy of the database and log file on to offline storage media. DBMS should provide backup facilities to assist with the recovery of a database failure. Integrity Maintaining a secure database system by preventing data from becoming invalid. Encryption The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key. There will be degradation in performance because of the time taken to decode it. It also protects the data transmitted over communication lines. RAID Redundant Array of Independent Disks The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. One solution is the use of RAID technology. RAID (Cont) RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.