Scribd
Upload
57 views18 pages

5-Database Security

The document discusses various database security features including views, integrity controls, authorization rules, encryption, and authentication schemes. It describes threats to data security such as accidental losses, theft, improper access, and loss of privacy, confidentiality, integrity, and availability. Integrity controls are explained including primary keys, foreign keys, domains, assertions, and default values. Authorization rules are used to control access through a restriction matrix. Encryption scrambles data to protect it.

Uploaded by

Googlee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views18 pages

5-Database Security

The document discusses various database security features including views, integrity controls, authorization rules, encryption, and authentication schemes. It describes threats to data security such as accidental losses, theft, improper access, and loss of privacy, confidentiality, integrity, and availability. Integrity controls are explained including primary keys, foreign keys, domains, assertions, and default values. Authorization rules are used to control access through a restriction matrix. Encryption scrambles data to protect it.

Uploaded by

Googlee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

09/06/1439

1
09/06/1439

Lecture Contents

Database Security

• Protection of the data against accidental or


intentional loss, destruction, or misuse.

Protection

2
09/06/1439

Threats to Data Security


Threats to Data Security
Accidental losses
Theft and fraud.
Improper data access
Loss of privacy (personal data)
Loss of confidentiality (corporate data)

Loss of data integrity


Loss of availability (through, e.g. sabotage)

Threats to Data Security

• Accidental losses:

Human error Software failure Hardware failure

3
09/06/1439

Threats to Data Security

Theft and fraud Improper Access

Privacy Loss Confidentiality


Loss

Threats to Data Security

Integrity Loss Availability Loss

4
09/06/1439

DB Security Features
Features
Views or subschemas

Integrity controls

Authorization rules

Encryption

Authentication schemes

Views or subschemas
• Subset of the database that is presented to one or more users
• User can be given access privilege to view without allowing
access privilege to underlying tables

SID SName Gender Phone Email


1 Ahmed M 771287654 [email protected]
2 Ali M [email protected]
3 Said M 771287423
4 Sarah F 776578435 [email protected]
5 Nizar M 771282345 [email protected]

5
09/06/1439

Access Privilege

SID SName Gender Phone


1 Ahmed M 771287654
SID SName Gender Phone 2 Ali M
3 Said M 771287423
4 Sarah F 776578435
5 Nizar M 771282345

SID SName Gender Phone Email


1 Ahmed M 771287654 [email protected]
2 Ali M [email protected]
3 Said M 771287423
4 Sarah F 776578435 [email protected]
5 Nizar M 771282345 [email protected]

Reduce complexity

Complex query

6
09/06/1439

Reduce complexity
Simple query

Integrity Controls
• Protect data from unauthorized use

Entity Integrity 001001

(PK is Not Null)


001002
PK
PK
SID SName Gender Phone Email
1 Ahmed M 771287654 [email protected] Code Cname
2 Ali M [email protected] CS122 Into to database
3 Said M 771287423 CS123 Database design
4 Sarah F 776578435 [email protected] CS152 DBA
5 Nizar M 771282345 [email protected]

FK1 FK2
SID Code ass Mid Final
1 CS122 18 20 55
1 CS123 20 17 57
1 CS152 17 20 54
Referential Integrity 2
2
CS122
CS123
19
17
20
19
49
59

7 CS152 17 20 54

7
09/06/1439

Integrity Controls
• Domains (set allowable values)

Male Female
Entity Integrity
(PK is Not Null)
PK
PK
SID SName Gender Phone Email
1 Ahmed M 771287654 [email protected] Code Cname
2 Ali M [email protected] CS122 Into to database
3 Said M 771287423 CS123 Database design
4 Sarah F 776578435 [email protected] CS152 DBA
5 Nizar M 771282345 [email protected]

FK1 FK2
SID Code ass Mid Final
1 CS122 18 20 55
1 CS123 20 17 57
1 CS152 17 20 54
2 CS122 19 20 49
2 CS123 17 19 59

Integrity Controls
• Assertions – enforce database conditions

Default value
Null Null
Not Null
PK
PK
SID SName Gender Phone Email
1 Ahmed M 771287654 [email protected] Code Cname
2 Ali M [email protected] CS122 Into to database
3 Said M 771287423 CS123 Database design
4 Sarah F 776578435 [email protected] CS152 DBA
5 Nizar M 771282345 [email protected]

FK1 FK2
SID Code ass Mid Final
1 CS122 18 20 55
1 CS123 20 17 57
1 CS152 17 20 54
Delete
Referential Integrity 2 CS122 19 20 49 Cascade Constraint
2 CS123 17 19 59

7 CS152 17 20 54

8
09/06/1439

Authorization Rules

• Controls incorporated in the data management system

Restrict Authorization matrix


Action
Subjects
Objects
Actions
Constraints
Access

Encryption

• The coding or scrambling of data so that humans cannot


read them.

1435467 ******* 1435467


cipher
Encryption Decryption
plain data plain data
Algorithm Algorithm

Public DES Private

9
09/06/1439

Authentication Schemes
• Goal – obtain a positive identification of the user

• Passwords: First line of defense

******** Afw@76oT4 771717018


at least 8 Combine alphabetic not be personal changed
characters long and numeric information frequently

Strong Authentication

• Passwords are flawed:


➢ Users share them with each other
➢ They get written down, could be
copied
➢ Automatic logon scripts remove need
to explicitly type them in
➢ Unencrypted passwords travel the
Internet

10
09/06/1439

Possible solutions

smart card Biometric devices

• Third-party mediated authentication–using


secret keys, digital certificates

Possible solutions

• Personnel controls

Hiring employee Security


practices monitoring training

11
09/06/1439

Possible solutions

• Physical access controls

Equipment check-out
locking procedures

12
09/06/1439

Database User Accounts


• To access the database, a user must specify a valid database
user account and successfully authenticate as required by
that user account.

Authenticating Users
• Authentication means verifying the identity of someone or
something (a user, device, or other entity) that wants to use
data, resources, or applications.

13
09/06/1439

Authentication method
• The most common authentication method is a password.

• Oracle Database 12c supports password, global,


and external authentication methods

Method
password

external

global

Unique username
• Usernames cannot exceed 30 bytes.
• Cannot contain special characters.
• Must start with a letter.

Abduallah AliSaidMohmm……..

Wa$$ee#@&

Abduallah Wadee2017
2017Wadee

14
09/06/1439

External Authentication
• Is authentication by a method outside the database (operating
system, Kerberos, or Radius).
• Users can connect to the Oracle database
without specifying a username or password.
OS_AUTHENT_PREFIX

Parameter file

Global Authentication

Kerberos Radius

Self Study

15
09/06/1439

Administrator Authentication
As SYSDBA

As SYSOPER
Remote database Local database As SYSTEM
administration administration

Do you Yes Do you want Yes


have a secure to use OS Use OS
connection? authentication? authentication

No No
Use a password

16
09/06/1439

Mind Map
Subjects Constraints Biometric
Smart card
Privacy Confidentiality
Loss Loss Objects Physical access
Assertions Domains Actions controls
q Improper a Decoding
devices Personnel
data access
Coding controls
Reduce Protect Access 1-key
Access 2-key
data DES
Privilege complexity Actions
Passwords
Availability Integrity solutions
Loss Restrict Authorization
Loss
matrix Algorithm Key

Theft Accidental
fraud losses
Views or Integrity Authorization Encryption Authentication
subschemas controls rules algorithm schemes

Threats Features Authentication method

DB Security

17
09/06/1439

References

• Elmasri, Ramez, and Shamkant B. Navathe. Fundamentals of


database systems. Pearson, 2015.

18

You might also like