Unit5 - Datasecurity
Unit5 - Datasecurity
LECTURE NO.
DATABASE
SECURITY
1/24
Database Security
Index
Definition
Data security Lifecycle
Countermeasures
- Authorization
- Views
- Backup And Recovery
- Integrity
- Encryption
- RAID Technology
2/24
Database Security
3/24
Database Security
Requirements
systems area
Focus currently on protecting information through
issues
4/24
Database Security
Goals
Understand security issues in:
5/24
Database Security
Main Message
Database system security is more than securing
the database
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to
database system
• Secure web server in relation to database system
• Secure network environment in relation
to database system
6/24
Database Security
Purpose
- Loss of confidentiality
- Loss of privacy
- Loss of integrity
- Loss of availability
7/24
Database Security
8/24
Database Security
Threat
9/24
Database Security
Countermeasures
A Countermeasures is an action that you take on
order to weaken the effect of another action, a
situation, or to make it harmless.
10/24
Database Security
Countermeasures
Computer-Based Controls:
- Authorization
- Authenticating
- Views
- Backup and Recovery
- Integrity
- Encryption
- Privileges,Roles,Grant\Revoke
- RAID Technology
11/24
Database Security
Authorization
12/24
Database Security
Authenticating
13/24
Database Security
14/24
Database Security
Views
A view is virtual relation that does not actually exit in
the database, but is produced upon request by a
particular user, at the time of request.
15/24
Database Security
16/24
Database Security
17/24
Database Security
Integrity
18/24
Database Security
Encryption
19/24
Database Security
privilege
20/24
Database Security
Grant and Revoke
Black
GRANT SELECT ON Employee
GRANT SELECT ON
TO Black
Employee
WITH GRANT OPTION
TO Red
? Red
Brown
revokes
grant
given to Black ?
Brown does not
Brown (owner) want Red to access
the Employee
GRANT UPDATE(Salary) ON relation
Employee TO White
White
21/24
Database Security
RAID Technology
22/24