UNIT 1 Security
UNIT 1 Security
Slide 1-1
Outline
⚫ Introduction to Database Security Issues
⚫ Discretionary Access Control
⚫ Mandatory Access Control
⚫ Data Encryption
Introduction
⚫ Threats to databases
◦ Loss of integrity
◦ Loss of confidentiality
◦ Loss of availability
◦ Repudation
Introduction
⚫ Fundamental data security requirements
⚫ Data encryption
⚫ Data encryption is used to protect sensitive data
(such as credit card numbers) that is being
transmitted via some type communication network.
⚫ The data is encoded using some encoding
algorithm.
◦ An unauthorized user who access encoded data will have
difficulty deciphering it, but authorized users are given
decoding or decrypting algorithms (or keys) to decipher
data.
Database Security and the DBA
Slid
e
1-24
Mandatory Access Control
⚫ Mandatory Access Control (MAC):
◦ MAC applies to large amounts of information
requiring strong protect in environments where both
the system data and users can be classified clearly.
◦ MAC is a mechanism for enforcing multiple
level of security.
⚫ The commonly used model for multilevel security,
known as the Bell-LaPadula model
Slid
e
1-25
Data Encryption
⚫ Encryption is a means of maintaining secure data in an
insecure environment.
⚫ Encryption consists of applying an encryption
algorithm to data using some prespecified
encryption key.
⚫ The resulting data has to be decrypted using a
decryption key to recover the original data.
Slid
e
1-26
The Data and Advanced Encryption
Standards
⚫ The Data Encryption Standard (DES) is a system
developed by the U.S. government for use by the
general public.
◦ It has been widely accepted as a cryptographic
standard both in the United States and abroad.
⚫ DES can provide end-to-end encryption on the channel
between the sender A and receiver B.
Slid
e
1-27
The Data and Advanced Encryption
Standards(2)
⚫ DES algorithm is a careful and complex combination of
two of the fundamental building blocks of encryption:
◦ substitution and permutation (transposition).
⚫ The DES algorithm derives its strength from repeated
application of these two techniques for a total of 16 cycles.
◦ Plaintext (the original form of the message) is
encrypted as blocks of 64 bits.
⚫ After questioning the adequacy of DES, the National
Institute of Standards (NIST) introduced the Advanced
Encryption Standards (AES).
◦ This algorithm has a block size of 128 bits and thus takes
longer time to crack. Slid
e
1-28
MUST READ
https://www.ekransystem.com/en/blog/mac-
vs-dac
https://www.w3schools.in/dbms/database-se
curity
Slid
e
1-29