A RoJECT ON

DATABASE SEcURITY

SUBMIT TED By
h
D JAYASURYA

212002753
BCAA

SvBMTTTED To:
Ms. S LAKSHMI,
AsSISTANT PRoFESSOR,
DEPARTMENT OF CoMPUTERHPPLICAT10NS

ALPHA ARTS AND ScrENCE CoLLEGE

 ABLE OF CoNTENTS

IN TRODUCTION 1

NEED FOR DATABASE SECURITY

GENERAL CoN STDERATIONS

DATABASE SECURITY SySTEM 6

DATABASE SECURITY G1oALS

AND THREATS 8

CLASSTFICATION OF DATABASE

SECURITY 10

CONCLUSION 16
DATRBASE OECURITY
LNTRODUCTION

Data base Security SS ues ave of ten lumped

issues bu
togethey with data integity
the two Con cepts aYe Heolky quite dlistinct
protection Of data
Secuvity Yefers to the
Ov
Unauthorized disclosure alter ation,
aganst OY
Yefers to the accura cy
destructon ; Integvity
data. The matn reason
that
Validity oF
the two
Clearly Seperate
the dis cussion Of
to pies is that integvity s regarded as

abso lutey fndamental but Security as moYe

Second avy ISsue

of a

tRe most Valuable HRBouYCe for

Data are

Ovganization Securt tyH in a data base

an

involves mechani Sms to protect the data and

ensuye that is not accessed, altered OY

lekred without proper authoyi zation. To

protect 4he Secareat data thwne Should be
Yestyictron to data acess Aue to
advan cement of IT people Shave data
through
www. As a ges ult he data becerme vulnerabe
to hackers A database Should hot eny provide the
eny provide the
end wser wih the data heed to functYon, but
also it Should provide protection for tha data
(1)
NEED FoR DATABASE StcORTTY

the hud for database Secuvity sfs gfve

give below

he Case Shaved data,

of
hultiple users ty to access the data at
the Same time IR Ovdey to
to main tain
Re Consistency of the data in the
data base, database Security is heeded

- ue
to +he advan cerment Of inteynet,
World Wide
data aYe accessed thrO ugh
web to
protectthe data Chgainst
hackers, data base Security fs hauded

The plasfic Money(Gredit Card) is MOre

Populay The money transaction has to be
Safe. More Specialized Softuware botR to
enter the System illegally to extract
data and to analyse he
1he in formatfon
obtained s avarlable Hente it is netessayy

to protect he data money

(2)
GENERALCovszDERATzONS
here are umer ous
aspects to e Security
problem Some f them are

legal,Social, and ethical aspects

Physical Controls
Policy Questions
Operational pioblems
Hardware Control
Operating System Suppor
Issues that are Specific Concern of he
data base System tself
There are two broad appyoaches data
Security. The appro aches Ore Known as
disoeation avy
and Mand atony Control, respectively In Bot
Cases, he Onit bf data 0Y data Object
that might need to be Protected Can

Tange all Way vem n entive

data base On ofher hand to a

SpecifTc COmponen within Specific tuple

On the o ther How the tuuo approaches ditfer
s indicated Re following brief
Outli'ne

3)
 In the Cose of dis cvetioravy Control,
a given User will typcally have
different access vights also knouwn as

priviliges) Dh different Dbjects; furthe thane

Ye in hut limitattons, that is
yery few
Yegarding which USers Ccn hove which
ghts objects (fo example, Use U1 míght be
able to See A but while User 02
ot B,
might be able to See B but hot A
Discetionamy Schemes are hus Vevy flexible
fRe Case of
of Mandatovy Control each
dota object s labelled wih a Certain
level and each user is
Classifitation given
Ceytain Clearen ce levelA given dafa ohet
sers wilh
Can then be accessed
only y
the approphiate Clearan ce MandatoYY Schemes

tend to be hferarchic fn nature and

thus
01 Can
are hence omparatively vigrd Cf User

then Re Classiffcation D
See A but hot B
B must be igher than that Of A and
user U2 Can See B but not A).
So

Regardless wheaher we are

dealing
wh discretionay Schame OY mandatory

(4)
Dne all decisions as to which users

allowed which operations

aYe to perform

down
On which objects are policy
technical Ones As Such, fhey
decisions, not
drcation of
the
outside the juris
aYe Clearly DBMS Can
DB MS as Such all te
s onforcing tOse decis ions Once they
do
are made It follows that
de cisidns
he vesutts polfcy
Known to the
made wust be
meanS
System this S done by
defin itiora
appropriate
in Seme
Statemeh

language
us be a Means of
There
acc ess reguest
Check ing a given
Secuyity Contrain
against the applcable
here
CByacess yeauest
in the Cataloq.
Yeauested
CDmbinatfon
we ean the Dbe cts
Yequested
operatiOns plus
Oser in general
pus Heuesting
the
is done by
That Checking9 als o
Subsystem
DBMS'S Securlty zatíon Sub
fhe au hori
Known as

System.
DATA BASE SeCURTTYSystEM
The person esponsible fo Securthy he
data base s tusually dato base admimisthofoy
CDBA) The database administyator must Considey
Vavi ety potential freats to the System
Data basue ad ministators Credte QuthorizatYon vule
that define who Can access what Parts ot
of
data ase
for what operotions. Enforcement of
autRorizatfon Yules are ho víclated by access
nequests. DEMS Should Support Cyeatfon and
Stor age f auhorization rules and enfor ce mer

aufforizatfan Yules when users access a

data base . The data bas &

Security System Yough
the enfor cement
ot aulhori zatfon Yules

Database Authovization yules

Adminishator
Data Base
Acess Request
Users Secunity Susterm

DaTRBASE SEcoRITY SysTEM Database

The data base System Stores
Secuvity
autfh ovi zat+on Yules deftne authorized Users
each dato base
and en fovee them for
access. The authovization Yules define
allowable operations and
Quthori zed useYs,
When a
a ccessible payts of a data base.
the dota in the
group of UseYs access

database then privileges Coun be assigned

to groups ra ther Than individual Users

and
Osers are assighed to groups
gven pass wOYds

In a nutshell, databas e SecuTity involves

allowing and disallbwinq UseTS trom

performing actions On he database nd

the obfects witA in t. Data base Security

is to fn formation
about Controlling access

is Seme infovmation Should be available

That
freely and other information Should
only be ovailable to Certain authorized
people DY
YOups
DATABASE SECORITY GrOALS ANp HAEATS

Sonne of tRe goals and Thveats of data base

Secuvity Qre given belDw

GrealConfidentiality CSecrecy Or
privacy). Data
are Only
only accessible Cread-type) by authovized
Subfects CUsers OY
by
processes
Threat Improper Yelease of tnfomation
Coused by uading o f data thYOugh
intention al OY aci dental access by imprper
Users This fncudes inferring of Unauthovized
data from au thovzed Observations rom
data

- G1oalTob ensure
data Tntegrity which
data
means

authorized
Can
only be rodiffed by
Subfects
-

Thveat Impropes handling

Modifcation Of data.

- Gteal Availability denial of Service). Data ave

access ible to au fhovized

Subfects
Threat Action Could prevent Subjects rom
data from which they ave aufhovzed
acessinq

(8)
 SECURITY LHREAT ASSTEICATTON

Secuity threat Can be broady Classfteed

into accidental in tentional to the
according
Woy OCcUY

The accidetal hreats include human erroYs

eror S in Software ahd natural OY
accidental disasters
Human erors in clude
giving incorret put,
incorrectE use of opplfcations
Erors in Softuave incude in Correc
applica tion of Secunty policies, denial of
access to auioized users
Natural acidental disasters thcude

the damage havdware OY Softuore

Tne intentiona tAreats includes aufhovized ucers

Who abuse their privileges and aulhovity
hostile agents like impropey users
executinq
imprope reoding OY writing data, legal use
of application Con mack fradu lent Pupose

(9)
CLASSTEICAT1ON oF DATBASE SrCURATY

The database Secuity Con be broodly Classifted

fnto physronl Ond
togfecal Security Databote
recover vefers to the Protess of ustoring
datobase to a Corvect State n he event
of a faflure

PHySTCALStcURIT: PMysical Security refers to

he Secuity Of he hardwaTe asso ciated
wifh he System and the protection of the
STte where the Computer vesides Natural evens
Such Os ffre loods and eaT th quake Can
be Considered as Some of the physical threats
T fs advis able to have bachup lopies ot
databases n TKe massive disasters
face
Tefers to
LonCALSEcuRITYlogfcal Security
the
he Security measures residing in
OY he pBMS desiaqnad t
cperatig System
handle threatr to he data logical Secuorty
diffrult to accomplish.
for Ore

DATA BASESEORETY AT DESTGINEVEL

take of the database
1fs neccessary to Cove
data base
Secuvity at fhe Stage of desigk

40)
Few guidelmes to build the mast Secure System
are

1 The data base design Should be Simple If he

data mse Sinple and Cas fer to se, hen
the possi brty that tRe olata beng
Corupted by the authorfzed useY is less
2 The data base has to nomali zed The
homalized to database 1S almost free
frem tupdate anomalies. Tt is harder to
Tmproge novmalization On the relatfons after
the database 16 in use Hence, t neccessary
to nOTmalze e data base at the desgn
Stoge itself decide
The database Should
3
desrgne Of the
the privilece for each group Of users It
no privilege are assumed by any user

hee s less like lihoo cd that a User

will be able to gain llegal accecs

ATA BASE SECURLIY AT THE MarNTANCE EVEL:

data base
Once the database is designed, he
role of the
admin istrat or Cructal
playing a

Mainten ce level f data base The Secuvity

ssues wit Yespectt to Maintence Can be Classified

into:1 Opercting System issues and avaflabilty

Confidient+ality and acountabil+ty
3 Encnyption
4 Authenticatfon Schemes.

(11)
 OERATIN G SysTEMssUEs Anp AvALLABTLITY
The System administrafor novmally taKes Care Of
The data base
he operating System Secuity
Yole in the
adminstator s playing a
Key
System
physical Secumity ssuesThe
operating
opplication
Should Very that users Ond
System are
to the
programe attemphing access
passwords fov he
authorized. Accounts and
he
extive data base System by
are hanollee by
data base administyator.

AND AccouNTE 8TLITY

P)CONEDENTTALITY the System
does hot
meanS thaf
Acoantobiity s related to
entry Accountability
allow 1legal
both prevention and detechon of llegal actions
monitor ing the
AccountabiG ty IS assured by
authori zatoh Users.
authentication and
and

h Corporated n
Yules are Controls
Authovization
hat resayfet acecs
the data manage ment System
actions that
and also hestrict the
to data
take when they access dato
people May the
Au thentication Can be Carried Out
by
level DY
by
by he
relationa
operating System
database manag ement System (RD BMs) Tn Cose
administratov Ov the data base
tRe System
administrator Creates for every user an individual
account OY
Userhame. In adlolition to tRese

accounts, Users ave also assigntd pass words

(12)
 5) EnCRYPTTON
Encyyption Can be uced for highly Sensitive data
tike fihancial data, ilitovy dota Encyyptbn
they Cannot
the Cacling olata So tha
Understood easily. Sorne DBMS
be Yead and

include encryphoh youtines that

pY oducts
Sensitive data when th ey are
encode
outomati cally Communication channel
oY transniitted Dvey
Stoved eh Cryptioh facilities
tRat provides
Prny System
Conmple men tary
Toutines fov
nust also providing9 ust
outines
These decoding
the data.
decoding or else he
tfhe

be protected by adequate Security ,

encryptioh is ost
ad vantage f
ScHEMES
G) AurHEN TICATTON aYe the mechanisms th at
Autienttcation Shemes he or She
She
i's who
w h et h e r a useY
determine Caried out
to be. Authenticatjon Can be
Claims the RDBMS
Systet level or by
at the operatfng for eery user
for
administratoy
Greates
The data base addition

OY
Use ncume. Tn
account
indiviou al
an are also assiqned
users
acco unts
to these cte rs,
Chara cte
ord is a Sequence of
passwords. A passw which is
Cem bination of both
rumbers, Or C
and ts legitianafe
hnown only to the System
the password
the fist ine of
of
User Since
Unauthormzed use by
by outsder sS,
defense against
Con fidential by Its legitimate
rweds to be kept
User
(13)
The password needs to be hard to guess
ke Passwords
but easy for user to Yemembev.

annor, of tRemselves ensure the Se cuvity of

Computer and fts data bases because hey
no infoY MatYon who trying to
give
aCcess To accesS the data base the
gain
and the biometric
nserts the Card
useY

devices Yead tRe perSon's unique eature. The

bio nebic data are hen Cbmpored
actual
Stolen Cavd Would be
access A loSt OY

perSoh Since brometrie

use les to another
would not match
data

CDNTROL
AccESs GN
Acess
SECURITYy THRo067H
DATA BASE Contains a
for an enterprise
A database and S ually has
deal of infomation to
qreat users nwd
Users
Most
Several gvoups of the data
Small portion
ony a
access
which G allocated to them Alldwing Users
data Can be
base
access
to all he
Uvestcted Should proviole
DBMS
and a
t
Undesirable,
the
the data Especially
to
O
ac
ccce
essS
s

data Qc cessible
mechanisms

to Control the
a way
given user
by at he
main
Mechanisms
of acess Control
Two iscvetionary access Control
level are
DBMS
Mandatory access Control

(4)
 DTSCRETTONARy AccEsS CoNTROL
Discretfonay Access Control is a
type of
Security access Control thoct 9rants OY vetfcts
object a cce ss Via access determineod
an
polfcy
by an objects Owner youp ano lov Subjects
DAC mechanism Controls Qre defihed by
usey identiftcation with Supplied CvedEntials
duming authentication Such as User name anod
pass woYd. DACs aYe dis cvetfonavy because the
Subfe ct Cown) Can fransfer au thenticated obfects
OY
infovmabiDon access to ofher useYs In oAeY
the Ownen deternines object access privileges.
DAC casy to mplement and fntutive but
has Certain disadvantoge s, n Cludeng
Inheent Vulner abilftfes
AcL Maintence OY Copa bility
Gront ound evohe permks ions mainteance
Tnai ted negative authovizatfon pow er

MANDATORy AccEss CoNTRDL

Mandatory Access Control (Mn) a Set of Secuvity
polictes Constrained CccoYdhg to System Classifi cation
Configuration and authentícation. MAC polcy
Management and Settings are establshnment in Ohe
Secure hetwovk and (mited to System adminstatos

15)
MAC policy decisions are based on network

Configueration In Contrast Cextain operatin g9

System Cos) enable tnited 2screttonary Access

Control
MAC odvondqes and
dtadvantages depend Oh

Organizotbnal equirenments, Qs follows

MAC provêdes tg hter Security because only

odmin istrator ac cess OY
a Systen ay
alfer Controls
MAC polfces reduce Securfty eroTS
de linate
MAC enforced operatinq Systems (os)
and and tabel in ceming applfcation olcta,
whrck Creates a Specialed extemal

applícatfon access Contiol

polrey
is to
CDeCLUSToN: The goal data base Secuvity
Crittoal and Cnfidential data
protect your
access. Each OrganizatYon Should
un author+zed
roM
which s a Set of
hove a data Security policy,
n ed by goveymental laws
laws,
high level gufdelines determ
yequyements and other
evironmenfal aspe cts, se
yenuirements ano nterna regulations

REFERENCES Security and Recoveyy

Sttoli ess
Stuolies
1 S Sumathi: Data base CscD oo
nCompution al Tntelltgence
Techno pecia. Com
2

16)