Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Administration and Security Transparencies 1.
Database Management System
Chapter 7 HARDENING SERVERS.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
DATABASE ADMINISTRATION AND SECURITY
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.
Security CPSC 356 Database Ellen Walker Hiram College (Includes figures from Database Systems by Connolly & Begg, © Addison Wesley 2002)
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
© Pearson Education Limited, Chapter 16 Physical Database Design – Step 7 (Monitor and Tune the Operational System) Transparencies.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Types of Electronic Infection
Chapter 21 Distributed System Security Copyright © 2008.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2 Security Controls 3.3 Views 3.4 Security in Oracle 3.5 Web.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
Chap1: Is there a Security Problem in Computing?.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Install, configure and test ICT Networks
Jump to first page Internet Security in Perspective Yong Cao December 2000.
1 Chapter 7 Data Protection Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility.
DATA SECURITY. Security considerations apply not only to the data held in the database Breaches of security may affect other parts of the system which.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Chapter Name September 98 Security by Adrienne Watt.
SECURITY OF DATABASE SYSTEMS
Database System Implementation CSE 507
Database Security and Authorization
Security and Administration Transparencies
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Database Security &Threats
DATABASE SECURITY For CSCL (BIM).
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Implementation of security elements in database
Electronic Payment Security Technologies
Module 4 System and Application Security
Presentation transcript:

Security Dale-Marie Wilson, Ph.D.

Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic importance Must be secure and confidential

Database Security Mechanisms that protect database against intentional or accidental threats Does not only apply to data held in database Security breaches may affect other parts of system Eventually affect database

Database Security Involves measures to avoid: Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability Threat Any situation or event, intentional or unintentional, that adversely affects system => organization

Summary of Threats to Computer Systems

Typical Multi-user Computer Environment

Countermeasures – Computer-Based Controls Concerned with physical controls to administrative procedures and includes: Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology

Countermeasures – Computer-Based Controls Authorization The granting of a right or privilege, which enables a subject to legitimately have access to a system or a system ’ s object Mechanism that determines whether user is, who he/he claims

Countermeasures – Computer-Based Controls Access control Granting/revoking of privileges Privilege Allows user to create or access (read, write, modify) database object (relation, view, index) or run DBMS utilities Granted to user to accomplish tasks required for jobs

Countermeasures – Computer-Based Controls Discretionary Access Control (DAC) Provided by most DBMS Effective Weakness Unauthorized user can trick authorized user into disclosing sensitive data SQL standard supports DAC GRANT and REVOKE commands GRANT command Gives privileges to users REVOKE command Takes privileges from users

Countermeasures – Computer-Based Controls Mandatory Access Control (MAC) Based on system-wide policies Cannot be changed by individual users Not supported by SQL standard Each database object assigned a security class Each user assigned a clearance for a security class Rules are imposed on reading and writing of database objects by users

Countermeasures – Computer-Based Controls MAC Determines whether user can read/write object Based on rules of security level of object and clearance of user Rules ensure sensitive data never ‘passed on’ to another user without necessary clearance

Bell-LaPudula Model Each database object assigned security class Each subject assigned clearance Four classes: Top secret (TS), Secret (S), Confidential (C), Unclassified (U) TS > S > C > U Two restrictions: 1. Simple Security property Subject S is allowed to read Object O only if class(S) >= class(O) 2. *_Property Subject S is allowed to write object O only if class(S) <= class (O)

Popular Model for MAC called Bell-LaPudula

Countermeasures – Computer-Based Controls View dynamic result of one or more relational operations operating on base relations to produce another relation Virtual relation Produced upon request by particular user, at time of request Backup Process of periodically taking copy of database, log file, programs to offline storage media Journaling Process of maintaining log file/journal of all changes made to database to enable effective recovery in event of failure

Countermeasures – Computer-Based Controls Integrity Prevents invalid data Misleading or incorrect results Encryption Encoding of data by special algorithm Renders data unreadable by any program without decryption key

RAID (Redundant Array of Independent Disks) Technology DBMS hardware must be fault-tolerant Continues to operate even if one hardware components fails Main hardware components include: Disk drives, disk controllers, CPU, power supplies, cooling fans Disk drives most vulnerable component Has shortest times between failures of other hardware components Suggests having redundant components Seamlessly integrated into working system whenever component failure occurs

RAID (Redundant Array of Independent Disks) Technology Large disk array comprising an arrangement of several independent disks Organized to improve reliability and increase performance Performance Increased through data striping Data segmented into equal-size partitions (striping unit) Transparently distributed across multiple disks Reliability Improved through storing redundant information across the disks using parity scheme or error-correcting scheme

RAID (Redundant Array of Independent Disks) Technology Different disk configurations aka RAID levels RAID 0 Nonredundant RAID 1 Mirrored RAID 0+1 Nonredundant and Mirrored RAID 2 Memory-Style Error-Correcting Codes RAID 3 Bit-Interleaved Parity RAID 4 Block-Interleaved Parity RAID 5 Block-Interleaved Distributed Parity RAID 6 P+Q Redundancy

DBMS and Web Security Internet communication relies on TCP/IP TCP/IP and HTTP not designed with security in mind Without special software, all Internet traffic travels ‘ in the clear ’ Anyone who monitors traffic can read it

DBMS and Web Security Must ensure while transmitting information over the Internet that: inaccessible to anyone but sender and receiver (privacy); not changed during transmission (integrity); receiver can be sure it came from sender (authenticity); sender can be sure receiver is genuine (non- fabrication); sender cannot deny he or she sent it (non- repudiation).

DBMS and Web Security Measures include: Proxy servers Firewalls Message digest algorithms and digital signatures Digital certificates Kerberos Secure sockets layer (SSL) and Secure HTTP (S-HTTP) Secure Electronic Transactions (SET) and Secure Transaction Technology (SST) Java security ActiveX security

How Secure Electronic Transactions (SET) Works

Chapter 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.