Overview of Database Security

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Understand Database Security Concepts
Statistical database security Special purpose: used only for statistical computations. General purpose: used with normal queries (and updates) as well.
Database Management System
Database Security - Farkas 1 Database Security and Privacy.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Security in Databases. 2 Srini & Nandita (CSE2500)DB Security Outline review of databases reliability & integrity protection of sensitive data protection.
Chapter 2 Access Control Fundamentals. Chapter Overview Protection Systems Mandatory Protection Systems Reference Monitors Definition of a Secure Operating.
Applied Cryptography for Network Security
Security in Databases. 2 Outline review of databases reliability & integrity protection of sensitive data protection against inference multi-level security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
IT 221: Introduction to Information Security Principles Lecture 11: Database Security For Educational Purposes Only Revised: November 13, 2002.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Switch off your Mobiles Phones or Change Profile to Silent Mode.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Responsible Data Use: Data restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.
Information Security Databases and (Inter)Networks Prof. dr. P.M.E. De Bra Department of Computing Science Eindhoven University of Technology.
Introduction to: 1.  Goal[DEN83]:  Provide frequency, average, other statistics of persons  Challenge:  Preserving privacy[DEN83]  Interaction between.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Responsible Data Use: Data Restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
NetNumen T31 Common Operations. Objectives Master Basic Configurations of T31 Master Common Operations of T31.
Managing Web Components of the National Marine Mammal Health and Stranding Response Program (MMHSRP) System Presented by: Angela D. Collins-Payne Information.
Design Principles and Common Security Related Programming Problems
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Malicious Modification Attacks by Insiders in Relational Databases: Prediction and Prevention Qussai Yaseen and Brajendra Panda 1PASSAT 2010.
Database and Cloud Security
Database System Implementation CSE 507
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Protection and Security
(A CORPORATE NETWORK APPROACH)
“ Database (DB) and Database Management System (DBMS) “
Database Security and Authorization
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Data and Applications Security Developments and Directions
AUDACIOUS: USER DRIVEN ACCESS CONTROL WITH UNMODIFIED OPERATING SYSTEM
Computer Data Security & Privacy
Functions of a Database Management System
Security.
Building Trustworthy Semantic Webs
Inference and Flow Control
Chapter 17: Confinement Problem
Cryptography and Network Security
Security Ad-Hoc Report Draft
Chapter 1 Introduction Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.#
DATABASE SECURITY For CSCL (BIM).
Database (DB) and Database Management System (DBMS)
Data and Applications Security Developments and Directions
Building Trustworthy Semantic Webs
Access Control.
DATABASES WHAT IS A DATABASE?
Data Warehousing Data Mining Privacy
Data and Applications Security Developments and Directions
Security in SDR & cognitive radio
Access Control What’s New?
8th all TF F2F Meetings EVS Washington DC
Views Base Relation View
Cryptography and Network Security
Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.
Presentation transcript:

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security

Outline Flow Control Inference Control Access Control To these controls, cryptographic techniques can be added Security Controls

Flow Control Regulates the flow of information among accessible objects Checks that information contained in some objects does not flow explicitly or implicitly into less protected objects Policies require admissible flows to be listed or regulated Security Controls

Inference Control Inference controls aim at protecting data from indirect detection. This occurs when a set of X of data items to be read by a user can be used to obtain the set Y of data as Y=f(X), that is, by applying a function f to X. An inference channel is a channel where users can find an item X and then use X to derive Y as Y=f(X). Statistical inference is a further aspect involving of deduction of statistical data via statistical functions. Security Controls

Three Main Inference Channels Indirect Access Correlated Data Missing Data Security Controls

Two Types of Control for Statistical Attacks Data perturbation Query control Security Controls

Access Control Access controls are responsible for ensuring that all direct accesses to the database objects occur exclusively according to the modes and rules fixed by protection policies. Security Controls

Two Components of an Access Control System A set of security policies and access rules : information stored in the system, stating the access modes to be followed by subjects upon access request A set of control procedures (Security mechanisms) that check the queries against the stated rules; queries may then be allowed, denied or modified, filtering out unauthorized data Security Controls

Access Control System Control Procedures Security Policies Access Denied Access Permitted Access Request Control Procedures Request Modification Security Policies Access Rules Security Controls

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.