0% found this document useful (0 votes)
5 views23 pages

Unit5 - Datasecurity

Database security involves mechanisms to protect databases from threats and requires a comprehensive security policy. Key components include authorization, views, backup and recovery, integrity, encryption, and RAID technology. The document emphasizes the importance of securing not just the database, but also the DBMS, applications, operating systems, and network environments.

Uploaded by

yash chakerverti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
5 views23 pages

Unit5 - Datasecurity

Database security involves mechanisms to protect databases from threats and requires a comprehensive security policy. Key components include authorization, views, backup and recovery, integrity, encryption, and RAID technology. The document emphasizes the importance of securing not just the database, but also the DBMS, applications, operating systems, and network environments.

Uploaded by

yash chakerverti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

Database Security

LECTURE NO.
DATABASE
SECURITY

1/24
Database Security

Index
 Definition
 Data security Lifecycle
 Countermeasures
- Authorization
- Views
- Backup And Recovery
- Integrity
- Encryption
- RAID Technology

2/24
Database Security

What is Database Security?

 Database Security is the mechanism that protect the


database against intentional or accidental threats.
 Security policy describes the security
measures enforced.
 Security mechanisms of the underlying DBMS must
be utilized to enforce the policy.

3/24
Database Security

Requirements

Security curriculum is relatively light in database

systems area
Focus currently on protecting information through

network configuration, systems administration,


application security
Need to specifically consider database system security

issues

4/24
Database Security

Goals
 Understand security issues in:

a general database system environment

a specific DBMS (Oracle) environment


Consider database security issues in context of general

security principles and ideas


Consider issues relating to both database storage and

database system communication with other


applications

5/24
Database Security
Main Message
 Database system security is more than securing
the database
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to
database system
• Secure web server in relation to database system
• Secure network environment in relation
to database system

6/24
Database Security

Purpose

 We consider database security in relation to


the following situations:
- Theft and Fraud

- Loss of confidentiality

- Loss of privacy

- Loss of integrity

- Loss of availability

7/24
Database Security

Data Security Lifecycle

8/24
Database Security

Threat

 Threat is any intentional or accidental event


that may adversely affect the system.
 Examples of threats:
-Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses

9/24
Database Security

Countermeasures
 A Countermeasures is an action that you take on
order to weaken the effect of another action, a
situation, or to make it harmless.

 Because the threat never developed, We didn’t need


to take any real countermeasures.

10/24
Database Security

Countermeasures

 Computer-Based Controls:
- Authorization
- Authenticating
- Views
- Backup and Recovery
- Integrity
- Encryption
- Privileges,Roles,Grant\Revoke
- RAID Technology

11/24
Database Security

Authorization

 The granting of a privilege that enable a user to have


a legitimate access to a system.
 They are sometimes referred as access controls.
 The process of authorization involves authenticating
the user requesting access to objects.

12/24
Database Security

Authenticating

 Means a mechanism that determines whether a user


is who he/she claim to be.

 A system administrator is responsible for allowing


users to have access to the system by creating
individual user accounts.

13/24
Database Security

 Four Authenticating Users to the Database:

1)Introduction to User Authentication


2)password for Authentication
3)Strong Authentication
4)Proxy Authentication and
Authorization

14/24
Database Security

Views
 A view is virtual relation that does not actually exit in
the database, but is produced upon request by a
particular user, at the time of request.

 The view mechanism provides a powerful and


flexible security mechanism by hiding parts of the
database from certain users.

 The user is not aware of the existence of any


attributes or rows that are missing from the view.

15/24
Database Security

Backup and Recovery


 DBMS should provide backup facilities to assist with
the recovery of a database failure.

 backup and recovery refers to the various strategies


and procedures involved in protecting your database
against data loss and reconstructing the database
after any kind of data loss.

16/24
Database Security

 Backups can be divided into physical backups and


logical backups.

 Backup have two distinct purpose:


1)Primary purpose is to recover data After it’s
loss, be it by data deletion or corruption.

2)Secondary purpose of backup is to recover


data from an earlier time.

17/24
Database Security

Integrity

 Data integrity is a fundamental component


of information security.
 Maintaining a secure database system by preventing
data from becoming invalid.
 Only authorized users should be allowed to
modify data.
 Numeric columns should not accept alphabetic data.
 For example, students

18/24
Database Security

Encryption

 The encoding of data by a special algorithm that


renders the data unreadable by any program without
the decryption key.

Plain-Data Algorithm and Encrypted


Password Data

 It also protects the data transmitted over


communication
lines.

19/24
Database Security

privilege

 A privilege allows a user to access some data object


in a certain manner (e.g., to read or to modify).

 SQL-92 supports access control through GRANT and


REVOKE commands.

 GRANT command: Give users privileges


to base tables and views.

 REVOKE command: intended to achieve the reverse,


to withdraw the granted privilege from the user.

20/24
Database Security
Grant and Revoke
Black
GRANT SELECT ON Employee
GRANT SELECT ON
TO Black
Employee
WITH GRANT OPTION
TO Red
? Red
Brown
revokes
grant
given to Black ?
Brown does not
Brown (owner) want Red to access
the Employee
GRANT UPDATE(Salary) ON relation
Employee TO White

White
21/24
Database Security

RAID Technology

 Redundant Array of Independent Disks


 The DBMS is running on must be fault-tolerant,
meaning that the DBMS should continue to operate
even if one of the hardware components fails.

One solution is the use of RAID technology.


 RAID works on having a large disk array comprising
an arrangement of several independent disks that are
organized to improve reliability and at the same time
increase performance.

22/24

You might also like