Name : Alvin Irwanto

NIM : 41518010055

Chapter 19 : Security
A. Database Security
Database security is the mechanisms that protect the database against intentional or accidental
threats. Security considerations apply not only to the data held in a database, breahes of security
may affect other parts of the system, which may in turn affect the database. Consequently, database
security encompasses hardware, software, people, and data.
A database represents an essential corporate that should be properly secured using appropriate
controls. We consoder database security in relation to the followong situations :
a. Theft and fraud
b. Loss of confidentiality
c. Loss of privacy
d. Loss of integrity
e. Loss of availability
Threat is any situation or event, whether intentional or accidental, that may adversely affect a
system and consequently the organization.
B. Countermeasures – Computer-Based Controls
The types of countermeasure to threats on computer systems range from physical controls to
administrative pricedures.
1. Authorization
Authirization is the granting of a right or privilage that enables a subject to have legotimate
access to a system or a system’s object. Authorization controls can be built into the software,
and govern not only what system or object a specified user can access, but also what the user
may do with it. The process of authorization involves authentication of subjects requesting
access to objects, where ‘subject’ represents a user or program and ‘object’ represents a
database table, view, procedure, trigger, or any other object that can be created within the
system.
Authentication is a mechanism that determines whethera user who he or she claims to be.
A system administrator is usually responsible for allowong users to have access ro a computer
system by creating individual user accounts. Each user is given a unique identifier, which is
used by the operating system to determine who they are.

2. Access Controls
The typical way to provide access controls for a database system is based on the granting
and revoking of privileges. A privilegeallows a user to create or access (that is read, write, or
modify) some database object (such as a relation, view, or index) or to run certain DBMS
utilities. Privileges are granted to users to accomplish the tasks required for their jobs. As
excessive granting of unnecessary privileges can compromise security: a privilege should only
be granted to a user if that user cannot accomplish his or her work without that privilege.

3. Views
View is the dynamic result of one or more relational operations operating on the databse
relations to prouduce another relation. A view is a virtual relation that does not actually exist
in the database, but is produced upon request by a particular userm at the time of request.

4. Backup and Recovery

Backup is the process of periodically taking a copy of the databse and log file (and possibly
programs) on to offline storage media. A DBMS should provide backup facilities to assist with
the recovery of a database following failure. It is always advisable to make backup copies of
the database and log file at regular intervals and to ensure that the copies are in a secure location.
Journaling is the process of keeping and maintaning a log file (or journal) of all changes
made to the databse to enable to enable recovery to be undertaken effectively in the event of a
failure. A DBMS should provide logging facilities, sometimes referred to as journaling, which
keep track of the current state of transactions and database changes, to provide support for
recovery procedures.

5. Integrity
Integrity constraints also contribute to maintaning a secure databse system by preventing data
from becoming invalid, and hence giving misleading or incorrect results.

6. Encryption
Encrytion is the encoding of the data by a special algorithm that renders the data unreadable
by any program without the descryption key. If a database system holds particularly sensitive
data, it may be deemed necessary to encode it as a precaution against possible external threats
or attempts to access it. Reversible techniques are more commonly used. To transmit data
securely over insecure networks requires the use of a cryptosystem, which includes:
 a. An encryption key to encrips the data (plaintext)
b. An encription algorithm that, with the encryption key, transforms the plaintext into
ciphertext
c. A decryption kry to decrypt the chiphertext
d. A decryption algorithm that, with the decryption key, transforms the chipertext back into
plaintext.

7. RAID (Redundant Array of Independent Disks)

The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS
should continue to operate even if one of the hardware components fails. This suggests having
redundant components that can be seamlessly integrated into the working system whenever
there is one or more component failures.
One solution is the use of Redundant Array of Independent Disks (RAID) technology.
RAID originally stood for Redundant Array of Inexpensive Disks, but more recently the ‘I’ in
RAID has come to stand for Independent. RAID works on having a large disk array comprising
an arrangement of several independent disks that are organized to improve reliability and at the
same time increase performance.
There are a number of different disk configurations with RAID, termed RAID levels.
In this figure the numbers represent sequential data blocks and the letters indicate segments of
a data block.
a. RAID 0 – Nonredundant This level maintains no redundant data and so has the best write
performance since updates do not have to be replicated. Data striping is performed at the
level of blocks.
b. RAID 1 – Mirrored This level maintains (mirrors) two identical copies of the data across
different disks. To maintain consistency in the presence of disk failure, writes may not be
performed simultaneously. This is the most expensive storage solution.
c. RAID 0+1 – Nonredundant and Mirrored This level combines striping and mirroring.
d. RAID 2 – Memory-Style Error-Correcting Codes With this level, the striping unit is a
single bit and Hamming codes are used as the redundancy scheme.
e. RAID 3 – Bit-Interleaved Parity This level provides redundancy by storing parity
information on a single disk in the array. This parity information can be used to recover
the data on other disks should they fail.
f. RAID 4 – Block-Interleaved Parity With this level, the striping unit is a disk block – a
parity block is maintained on a separate disk for corresponding blocks from a number of
other disks. If one of the disks fails, the parity block can be used with the corresponding
blocks from the other disks to restore the blocks of the failed disk.
g. RAID 5 – Block-Interleaved Distributed Parity This level uses parity data for redundancy
in a similar way to RAID 3 but stripes the parity data across all the disks, similar to the
way in which the source data is striped. This alleviates the bottleneck on the parity disk.
h. RAID 6 – P+Q Redundancy This level is similar to RAID 5 but additional redundant data
is maintained to protect against multiple disk failures. Error-correcting codes are used
instead of using parity.

C. Security in Microsoft Office Access DBMS

This is the two methods for securing a database :
1. Setting a password for opeing a databse (referred to as aytem sacurity by Microsoft Office
Access)
 2. User-level security, which can be used to limit the parts of the database that a iser can read or
update (referred to as data security by Microsoft Office Access).

D. Security in Oracle DBMS

A privilegeis a right to execute a particular type of SQL statement or to access another user’s
objects. Some examples of Oracle privileges include the right to :
1. Connect to the database (create a session)
2. Create a table
3. Select rows from another user’s table
E. DBMSs and Web Security
The challenge is to transmit and receive information over the Internet while ensuring that:
 It is inaccessible to anyone but the sender and receiver (privacy)
 It has not been changed during transmission (integrity)
 The receiver can be sure it came from the sender (authenticity)
 The sender can be sure the receiver is genuine (non-fabrication)
 The sender can’t deny he or she sent it (non-repudiation)
One other aspect of security that has to be addressed in the Web environment is that information
transmitted to the client’s machine may have executable content. For example, HTML pages may
contain ActiveX controls, JavaScript/VBScript, and/or one or more Java applets. Executable
content can perform the following malicious actions, and measures need to be taken to prevent
them:
 Corrupt data or the execution state of programs
 Reformat complete disks; n perform a total system shutdown
 Collect and download confidential data, such as files or passwords, to another site
 Usurp identity and impersonate the user or user’s computer to attack other targets on the
network
 Lock up resources making them unavailable for legitimate users and programs
 Cause non-fatal but unwelcome effects, especially on output devices.

1. Proxy Servers
In a Web environment, a proxy server is a computer that sits between a Web browser and
a Web server. It intercepts all requests to the Web server to determine if it can fulfill the requests
itself. If not, it forwards the requests to the Web server. Proxy servers have two main purposes:
to improve performance and filter requests.

2. Firewalls
A firewall is a system designed to prevent unauthorized access to or from a private network.
Firewalls can be implemented in both hardware and software, or a combination of both. They
are frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that do not meet the
specified security criteria.

3. Message Digest Algorithm and Digital Signatures

A message digest algorithm, or one-way hash function, takes an arbitrarily sized string (the
message) and generates a fixed-length string (the digest or hash). A digest has the following
characteristics:
 It should be computationally infeasible to find another message that will generate the
same digest
 The digest does not reveal anything about the message.

4. Digital Certificates
A digital certificate is an attachment to an electronic message used for security purposes,
most commonly to verify that a user sending a message is who he or she claims to be, and to
provide the receiver with the means to encode a reply.
5. Kerberos
Kerberos is a server of secured user names and passwords (named after the three-headed
monster in Greek mythology that guarded the gate of hell). The importance of Kerberos is that
it provides one centralized security server for all data and resources on the network. Database
access, login, authorization control, and other security features are centralized on trusted
Kerberos servers. Kerberos has a similar function to that of a Certificate server: to identify and
validate a user.

6. Secure Sockets Layer and Secure HTTP

Many large Internet product developers agreed to use an encryption protocol known as
Secure Sockets Layer (SSL) developed by Netscape for transmitting private documents over
the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL
connection.
S-HTTP was developed by Enterprise Integration Technologies (EIT), which was acquired
by Verifone, Inc. in 1995. Whereas SSL creates a secure connection between a client and a
server, over which any amount of data can be sent securely, S-HTTP is designed to transmit
individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary
rather than competing technologies.

7. Secure Electronic Transactions and Secure Transaction Technology

The Secure Electronic Transactions (SET) protocol is an open, interoperable standard for
processing credit card transactions over the Internet, created jointly by Netscape, Microsoft,
Visa, Mastercard, GTE, SAIC, Terisa Systems, and VeriSign. SET’s goal is to allow credit card
transactions to be as simple and secure on the Internet as they are in retail stores. To address
privacy concerns, the transaction is split in such a way that the merchant has access to
information about what is being purchased, how much it costs, and whether the payment is
approved, but no information on what payment method the customer is using.

8. Java Security
 Safety and security are integral parts of Java’s design, with the ‘sandbox’ ensuring that an
untrusted, possibly malicious, application cannot gain access to system resources. To
implement this sandbox, three components are used: a class loader, a bytecode verifier, and a
security manager. The safety features are provided by the Java language and the Java Virtual
Machine (JVM), and enforced by the compiler and the runtime system; security is a policy that
is built on top of this safety layer.

9. ActiveX Security
ActiveX, on the other hand, places no restrictions on what a control can do. Instead, each
ActiveX control can be digitally signed by its author using a system called Authenticode™.
The digital signatures are then certified by a Certificate Authority (CA). This security model
places the responsibility for the computer’s security on the user. Before the browser downloads
an ActiveX control that has not been signed or has been certified by an unknown CA, it presents
a dialog box warning the user that this action may not be safe.