DATABASE SECURITY For CSCL (BIM)
Definition Database Security is the mechanism that protect the database against intentional or accidental threats. We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality
Issues Legal and ethical issues regarding right to access certain information Private information should be accessed legally by unauthorized party Public information should be available to everyone Institutional policies What kind of information should be make (or should not be) make publicly available Social networking policies
Issues System related issue: At system level at which various security function should be enforced. For example at the physical hardware level or at operating system level or the DBMS level
DBMS level External level (view level) Conceptual level Internal level (physical level)
DBMS level
External level (view level) External Level is described by a schema i.e. it consists of definition of logical records and relationship in the external view. It also contains the method of deriving the objects in the external view from the objects in the conceptual view.
Conceptual level Conceptual Level represents the entire database. Conceptual schema describes the records and relationship included in the Conceptual view. It also contains the method of deriving the objects in the conceptual view from the objects in the internal view.
Internal level (physical level) Internal level indicates how the data will be stored and described the data structures and access method to be used by the database. It contains the definition of stored record and method of representing the data fields and access aid used.
Multiple security level Identify multiple security level Categorize the data and user based on Top Secret Secret Confidential Unclassified
Threats Any intentional or accidental event that may adversely affect the database. Loss of integrity Loss of availability Loss of confidentiality
Loss of integrity Should be protected from improper modification Modification includes creation, insertion, updating, changing status of data and deletion Integrity lost if unauthorized change are made either intentional or accidental Result in inaccuracy, fraud and erroneous decisions
Loss of availability Availability refers to making objects available to human user or program to which they have legitimate right
Loss of confidentiality Confidentiality refers protection of data from unauthorized disclosure Result in loss of public confidence, embarrassment, or legal action against the organization
Security Mechanism Discretionary Security Mechanism Mandatory Security Mechanism Grant privileges to user Privileges includes access specific data files, records or fields in a specific mode (such as read, insert, delete or update)
Security Mechanism (2) Mandatory Security Mechanism Enforce multilevel security by classifying the data and users into various security class (level) Typical security policy is to permit user at certain classification(clearance) User can access to that classification level or lower level
Control Measure To protect database against threats four find of control measure are used Access Control Inference Control Flow Control Data Encryption
Access Control Preventing unauthorized person from accessing the system itself Security Mechanism of DBMS must include provision for restricting access to the database system Access control is handled by creating user account and password
Inference Control Computer security inference control is the attempt to prevent users to infer classified information from rightfully accessible chunks of information with lower classification. Used in statistical database
Flow Control Another security issue is that of flow control, which prevents information from flowing in such a way that it reaches unauthorized users. Suitable for database over multiuser system or network
Encryption Data is encoded using some encryption algorithm Can be used to encrypt data as well as data transaction over network