Database Security

Dr. Jihan A. Rasool

College of Science
Computer Science Department
 Database Concepts
• Relationships between tables (relations) must be
in the form of other relations
 Base (‘real’) relations: named and autonomous
relations, not derived from other relations (have
stored data)
 Views: named derived relations (no stored data)
 Snapshots: like views are named, derived relations,
but they do have stored data
 Query results: result of a query - may or may not
have name, and no persistent existence
 Database Concepts
• Within every relation, need to uniquely
identify every tuple
 Primary key of a relation is a unique and minimal
identifier for that relation, it can be a single
attribute - or may be a choice of attributes to use
 Foreign key when primary key of one relation
used as attribute in another relation it is a foreign
key in that relation
 Database Concepts
• Structured Query Language (SQL)
– to manipulate relations and data in a relational
database
• Types of SQL Commands
– Data Dictionary Language (DDL)
• define, maintain, drop schema objects
– Data Manipulation Language (DML)
• SELECT, INSERT, UPDATE
– Data Control Language (DCL):
• control security (GRANT,REVOKE) and concurrent
access (COMMIT , ROLLBACK)
 Security Requirements
1. Physical database integrity .
2. Logical database integrity.
3. Element integrity.
4. Access control .
5. User authentication.
6. Availability.
7. Auditability (Confidentiality)
 Security Requirements
1. Physical database integrity
– immunity to physical catastrophe, such as power
failures, media failure
• physical securing hardware, UPS, regular backups

2. Logical database integrity

– reconstruction Ability
• maintain a log of transactions
• replay log to restore the systems to a stable point
 Security Requirements
3. Element integrity
– integrity of specific database elements is their
correctness or accuracy
• field checks: allow only acceptable values
• access controls: allow only authorized users to update
elements
• change log : used to undo changes made in error
• referential Integrity (key integrity concerns)
 Security Requirements
4. Access Control (similar to OS)
– logical separation by user access privileges
– more complicated than OS due to complexity of DB
(granularity/inference/aggregation)

5. User Authentication
– Need to confirm that users accessing the system are who they say they
are

6. Auditability
– log read/write to database
 Security Requirements
7. Availability

– Data needs to be available at all necessary times

– Data needs to be available to only the appropriate users
– Need to be able to track who has access to and who has accessed what
data
 SQL Security Model
• Access control through views
– many security policies better expressed by granting
privileges to views derived from base relations

– example
CREATE VIEW AVSAL(DEPT, AVG)
AS SELECT DEPT, AVG(SALARY)
FROM EMP GROUP BY DEPT
• access can be granted to this view for every dept mgr
 SQL Security Model
– Example 2
CREATE VIEW MYACCOUNT AS
SELECT * FROM Account
WHERE Customer = current_user()
• view containing account info for current user
 SQL Security Model
– Example 3

• Authentication & identification mechanisms

– CONNECT <user> USING<password>
– DBMS may chose OS authentication
Any Questions