Database Security

LECTURE NO.
DATABASE
SECURITY

1/24
 Database Security

Index
 Definition
 Data security Lifecycle
 Countermeasures
- Authorization
- Views
- Backup And Recovery
- Integrity
- Encryption
- RAID Technology

2/24
 Database Security

What is Database Security?

 Database Security is the mechanism that protect the

database against intentional or accidental threats.
 Security policy describes the security
measures enforced.
 Security mechanisms of the underlying DBMS must
be utilized to enforce the policy.

3/24
 Database Security

Requirements

Security curriculum is relatively light in database

systems area
Focus currently on protecting information through

network configuration, systems administration,

application security
Need to specifically consider database system security

issues

4/24
 Database Security

Goals
 Understand security issues in:

a general database system environment

a specific DBMS (Oracle) environment

Consider database security issues in context of general

security principles and ideas

Consider issues relating to both database storage and

database system communication with other

applications

5/24
 Database Security
Main Message
 Database system security is more than securing
the database
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to
database system
• Secure web server in relation to database system
• Secure network environment in relation
to database system

6/24
 Database Security

Purpose

 We consider database security in relation to

the following situations:
- Theft and Fraud

- Loss of confidentiality

- Loss of privacy

- Loss of integrity

- Loss of availability

7/24
 Database Security

Data Security Lifecycle

8/24
 Database Security

Threat

 Threat is any intentional or accidental event

that may adversely affect the system.
 Examples of threats:
-Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses

9/24
 Database Security

Countermeasures
 A Countermeasures is an action that you take on
order to weaken the effect of another action, a
situation, or to make it harmless.

 Because the threat never developed, We didn’t need

to take any real countermeasures.

10/24
 Database Security

Countermeasures

 Computer-Based Controls:
- Authorization
- Authenticating
- Views
- Backup and Recovery
- Integrity
- Encryption
- Privileges,Roles,Grant\Revoke
- RAID Technology

11/24
 Database Security

Authorization

 The granting of a privilege that enable a user to have

a legitimate access to a system.
 They are sometimes referred as access controls.
 The process of authorization involves authenticating
the user requesting access to objects.

12/24
 Database Security

Authenticating

 Means a mechanism that determines whether a user

is who he/she claim to be.

 A system administrator is responsible for allowing

users to have access to the system by creating
individual user accounts.

13/24
 Database Security

 Four Authenticating Users to the Database:

1)Introduction to User Authentication

2)password for Authentication
3)Strong Authentication
4)Proxy Authentication and
Authorization

14/24
 Database Security

Views
 A view is virtual relation that does not actually exit in
the database, but is produced upon request by a
particular user, at the time of request.

 The view mechanism provides a powerful and

flexible security mechanism by hiding parts of the
database from certain users.

 The user is not aware of the existence of any

attributes or rows that are missing from the view.

15/24
 Database Security

Backup and Recovery

 DBMS should provide backup facilities to assist with
the recovery of a database failure.

 backup and recovery refers to the various strategies

and procedures involved in protecting your database
against data loss and reconstructing the database
after any kind of data loss.

16/24
 Database Security

 Backups can be divided into physical backups and

logical backups.

 Backup have two distinct purpose:

1)Primary purpose is to recover data After it’s
loss, be it by data deletion or corruption.

2)Secondary purpose of backup is to recover

data from an earlier time.

17/24
 Database Security

Integrity

 Data integrity is a fundamental component

of information security.
 Maintaining a secure database system by preventing
data from becoming invalid.
 Only authorized users should be allowed to
modify data.
 Numeric columns should not accept alphabetic data.
 For example, students

18/24
 Database Security

Encryption

 The encoding of data by a special algorithm that

renders the data unreadable by any program without
the decryption key.

Plain-Data Algorithm and Encrypted

Password Data

 It also protects the data transmitted over

communication
lines.

19/24
 Database Security

privilege

 A privilege allows a user to access some data object

in a certain manner (e.g., to read or to modify).

 SQL-92 supports access control through GRANT and

REVOKE commands.

 GRANT command: Give users privileges

to base tables and views.

 REVOKE command: intended to achieve the reverse,

to withdraw the granted privilege from the user.

20/24
 Database Security
Grant and Revoke
Black
GRANT SELECT ON Employee
GRANT SELECT ON
TO Black
Employee
WITH GRANT OPTION
TO Red
? Red
Brown
revokes
grant
given to Black ?
Brown does not
Brown (owner) want Red to access
the Employee
GRANT UPDATE(Salary) ON relation
Employee TO White

White
21/24
 Database Security

RAID Technology

 Redundant Array of Independent Disks

 The DBMS is running on must be fault-tolerant,
meaning that the DBMS should continue to operate
even if one of the hardware components fails.

One solution is the use of RAID technology.

 RAID works on having a large disk array comprising
an arrangement of several independent disks that are
organized to improve reliability and at the same time
increase performance.

22/24