* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download CSCI 3140 Module 3 – Logical Database
Survey
Document related concepts
Entity–attribute–value model wikipedia , lookup
Serializability wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Microsoft Access wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Oracle Database wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Functional Database Model wikipedia , lookup
Ingres (database) wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Versant Object Database wikipedia , lookup
Relational model wikipedia , lookup
Clusterpoint wikipedia , lookup
Transcript
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University Database Security • Threats to database security include: – – – – – Theft and fraud Loss of confidentiality Loss of privacy Loss of integrity Loss of availability • Computer-based controls to mitigate threats include: – – – – – – Authorization Views Backup and recovery Integrity Encryption RAID technology Database Security • Authorization – Access control – Involves authentication of subjects requesting access to objects – SQL commands GRANT and REVOKE • select/update/insert/delete • Views (Subschemas) – The dynamic result of one or more relational operations operating on base relations to produce another relation – A virtual relation that does not actually exist in the database but is produced upon request – Used to hide parts of the database from certain users Database Security • Backup and Recovery – Backup is the process of periodically taking a copy of the database and log file on to offline storage media – Journaling is the process of keeping and maintaining a log file or journal of all changes made to the database to enable recovery in the event of a failure – Journaling allows the database to be recovered after a failure to its last known consistent state using a backup of the database together with the log file – Without a log file, any changes to the database after the most recent backup are lost in the event of a failure • Integrity – Applying integrity constraints prevents the database from entering an inconsistent state during normal operation Database Security • Encryption – The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key – Cryptosystem • • • • Encryption key Encryption algorithm Decryption key Decryption algorithm – Symmetric encryption • Same key and algorithm for encryption and decryption – Asymmetric encryption • Different keys for encryption and decryption • Public key cryptography • RAID (Redundant Array of Independent Disks) – Increased performance through data striping – Parity or error-correcting scheme improves reliability Database Security • Security in Oracle DBMS – Privileges • • • • A right to execute a particular type of SQL statement or to access another user’s objects Connect to a database Create a table Select rows from another user’s tables – System privileges • The right to perform a particular action or to perform an action on any schema object of a particular type – Object privileges • The right to perform a particular action on a specific table, view, sequence, procedure, function or package – ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT, UPDATE – Roles • Privileges can be granted to a role, and then the role can be granted to a user Database Security • DBMSs and Web Security – Proxy servers • Improve performance • Filter requests – Firewalls • • • • • – – – – – – Prevents unauthorized access to or from a private network Packet filter Application gateway Circuit-level gateway Proxy server Message Digest Algorithms and Digital Signatures Digital Certificates SSL SET Java Security ActiveX