Chapter 3 – Database Integrity and Security Concepts

3.1 Domain constraints

3.2 Referential Integrity
3.3 Introduction to database security concepts
3.4 Methods for database security
3.4.1 Discretionary access control method
3.4.2 Mandatory access control
3.4.3 Role base access control for multilevel security.
3.5 Use of views in security enforcement.
3.6 Overview of encryption technique for security.
3.7 Statistical database security

Introduction
• Integrity refers to unauthorized access to the database.
• Data integrity refers to validity, consistency, correctness and accuracy of the data in
database and represented in terms of integrity constraints.
• Database security refers to confidentiality, integrity, and availability of the data stored in
database.
• Database security protects the data from unauthorized access
Domain integrity constraint:
• The domain integrity constraint are used to specify the valid values that column defined
over the domain can take.
• This constraint determines appropriate data type for column.
• The data type of domain includes string, character, integer, time, date, currency, etc. The
value of the attribute must be available in the corresponding domain.
Check constraint – It relates to the set of values that can be specified in an attribute of a
relation. It specifies that every valid value in an attribute should satisfy a given condition. Eg.
Account balance should be greater than zero, Mobile number should be of 10 digits.
Entity integrity constraints - For Primary key attribute value should not be NULL
• e.g – Student
 • (NULL, “Joshi”, 20)
• (NULL, “Joshi”, 21)
Referential integrity constraints-
• It is specified between two relations. This constraint states that a tuple in one relation that
refers to another relation must refer to an existing type in that relation. To define
referential integrity we define concept of a foreign key.
• e.g In case of dept-emp there is association as in One department there can be many
employees. This can be indicated using foreign key concept.

There is relationship between Department to Employee

Introduction to database security concepts-

Secrecy: Users should not be able to see things they are not supposed to.
E.g., A student can’t see other students’ grades.
Integrity: Users should not be able to modify things they are not supposed to.
E.g., Only instructors can assign grades.
Availability: Users should be able to see and modify things they are allowed to.
Security measures can be taken at different levels:
Database System: Users grouped, and allowed access to only parts of the database.
Operating System : OS security should be strong, else it can lead to unauthorized access to
database.
Network : Database can be remotely accessed through different terminals.
Physical: The computer must be Physically secured against theft.
Human : Users must be authorized carefully, to avoid giving access to intruders
Access Controls:
• A security policy specifies who is authorized to do what.
• A security mechanism allows us to enforce a chosen security policy.
• Two main mechanisms at the DBMS level:
⮚ Discretionary access control
⮚ Mandatory access control
Views:
A view is a virtual table based on the result-set of an SQL statement. A view contains rows and
columns, just like a real table. The fields in a view are fields from one or more real tables in the
database. You can add SQL functions, WHERE, and JOIN statements to a view and present the
data as if the data were coming from one single table.
Syntax:
CREATE VIEW view_name AS
SELECT column1, column2, ...
FROM table_name
WHERE condition;
1. create view accountdept as select eno, ename, salary from emp;
select * from accountdept;
-> emp is parent table. From emp child table as accountdept is created with some selected
columns.
1. create view emppune as select * from emp where address="Pune";
select * from emppune;
2. create view deptsal as select dno,sum(salary) from emp group by dno;
select * from deptsal;
Updating view:
A view can be updated with the CREATE OR REPLACE VIEW command.
Syntax:
CREATE OR REPLACE VIEW view_name AS
SELECT column1, column2, ...
FROM table_name
WHERE condition;
1. create or replace view emppune as select * from emp where address=‘Pune’ and salary >
25000 ;
select * from emppune;
Dropping view:
Syntax:
DROP VIEW view_name;
1. drop view emppune;
2. drop view deptsal;
Discretionary Access Control:

• Discretionary access control (also called security scheme) is based on the concept of
access rights (also called privileges) and mechanism for giving users such privileges.
• It grants the privileges (access rights) to users on different objects, including the
capability to access specific data files, records or fields in a specified mode, such as, read,
insert, delete or update or combination of these.
• A user who creates a database object such as a table or a view automatically gets all
applicable privilege on that object. The DBMS keeps track of how these privileges are
granted to other users.
• Discretionary security schemes are very flexible.
GRANT Command:

• The following privileges can be specified:

❖ SELECT: Can read all columns (including those added later via ALTER TABLE
command).
❖ INSERT(col-name): Can insert tuples with non-null or non-default values in this
column.
❖ INSERT means same right with respect to all columns.
❖ DELETE: Can delete tuples.
❖ REFERENCES (col-name): Can define foreign keys (in other tables) that refer to
this column.
• object_name is the name of an database object like TABLE, VIEW, STORED PROC and
SEQUENCE.
• If a user has a privilege with the GRANT OPTION, can pass privilege on to other users
(with or without passing on the GRANT OPTION).
• Only owner can execute CREATE, ALTER, and DROP.
• GRANT INSERT, SELECT ON emp TO user1
❖ User1 can query emp or insert tuples into it.
• GRANT DELETE ON emp TO user2 WITH GRANT OPTION
❖ User2 can delete tuples, and also authorize others to do so.
• GRANT UPDATE (salary) ON emp TO user3
❖ User3 can update (only) the salary field of emp tuples.
• GRANT SELECT ON accountdept TO user4, user5
❖ It allows to see the data from accountdept view by user4, user5
• REVOKE:
 • When a privilege is revoked from X, it is also revoked from all users who got it solely
from X.
• REVOKE SELECT on emp TO user1
GRANT and REVOKE on Views:
• If the creator of a view loses the SELECT privilege on an underlying table, the view is
dropped.
• If the creator of a view loses a privilege held with the grant option on an underlying table,
(s)he loses the privilege on the view as well; so the users who were granted that privilege
on the view loses the privilege .
• Creator of view has a privilege on the view if (s)he has the privilege on all underlying
tables.
• Together with GRANT/REVOKE commands, views are a very powerful access control
tool.
Mandatory Access control:

• Mandatory access control (also called security scheme) is based on system-wide policies
that cannot be changed by individual users.
• It is used to enforce multi-level security by classifying the data and users into various
security classes or levels and then implementing the appropriate security policy of the
organization.
• Thus, in this scheme each data object is labelled with a certain classification level and
each user is given a certain clearance level.
• A given data object can then be accessed only by users with the appropriate clearance of
a particular classification level.
• Thus, a mandatory access control technique classifies data and users based on security
classes such as top secret (TS), secret (S), confidential(C), Unclassified(U).
• TS is highest level and U the lowest.
TS >= S >= C >= U
• For example, let’s consider data that has the “top secret” confidentiality level and
“engineering project” security label. It’s available to a set of users that have “top secret”
clearance and authorization to access engineering documents. Such users can also access
information that requires a lower level of clearance. But employees with lower levels of
clearance will not have access to information that requires a higher level of clearances
Role based access control for multilevel security:
• Roles are a collection of privileges or access rights.
• When there are many users in a database it becomes difficult to grant or revoke privileges
to users.
• You can either create Roles or use the system roles pre-defined by oracle.
• Some of the privileges granted to the system roles.
• It's easier to GRANT or REVOKE privileges to the users through a role rather than
assigning a privilege directly to every user.
• If a role is identified by a password, then, when you GRANT or REVOKE privileges to
the role, you definitely have to identify it with the password.
• Example:
To grant CREATE TABLE privilege to a user by creating a testing role.
-> CREATE ROLE testing;
Grant a CREATE TABLE privilege to the ROLE testing.
-> GRANT CREATE TABLE TO testing;
Grant the role to a user.
-> GRANT testing TO user1;
Revoke a CREATE TABLE privilege from testing ROLE.
-> REVOKE CREATE TABLE FROM testing;
To drop a role from the database.
-> DROP ROLE testing;
Overview of encryption technique for security:
• “Masks” data for secure transmission or storage.
⮚ Encrypt(data, encryption key) = encrypted data
⮚ Decrypt(encrypted data, decryption key) = original data
⮚ Without decryption key, the encrypted data is meaningless
• Symmetric Encryption:
⮚ Encryption key = decryption key; all authorized users know decryption key (a
weakness).
⮚ DES, used since 1977, has 56-bit key; AES has 128-bit (optionally, 192-bit or
256-bit) key
• Asymmetric or Public-Key Encryption: Each user has two keys:
⮚ User’s public encryption key: Known to all
⮚ Decryption key: Known only to this user
⮚ Used in RSA scheme
RSA Public-Key Encryption:
• Let the data be an integer I
• Choose a large (>> I) integer L = p * q
⮚ p, q are large, say 1024-bit, distinct prime numbers
• Encryption: Choose a random number 1 < e < L that is relatively prime to (p-1) * (q-1)
⮚ Encrypted data S = I e mod L
• Decryption key d: Chosen so that
⮚ d * e = 1 mod ((p-1) * (q-1))
⮚ We can then show that I = S d mod L
• It turns out that the roles of e and d can be reversed; so they are simply called the public
and private keys
Statistical DB Security:
• Statistical databases are used mainly to produce statistics about various populations.
• The database may contain confidential data about individuals, which should be protected
from user access.
• However, users are permitted to retrieve statistical information about the populations,
such as averages, sums, counts, maximums, minimums, and standard deviations.
• Statistical queries involve applying statistical functions to a population of tuples.
• Example - We may want to retrieve the number of individuals in a population or the
average income in the population.
• However, statistical users are not allowed to retrieve individual data, such as the
income of a specific person.
• Statistical database security techniques must prohibit the retrieval of individual data. This
can be achieved by prohibiting queries that retrieve attribute values and by allowing only
queries that involve statistical aggregate functions such as COUNT, SUM, MIN, MAX,
AVERAGE, and STANDARD DEVIATION. Such queries are sometimes called
statistical queries.