ORACLE DATABASE SECURITY

Slides:



Advertisements
Similar presentations
Implementing Fine Grained Access Control and Masking
Advertisements

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Prligence Empowering Intelligence All About Fine Grained Access Control by Arup Nanda.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Database Vault Marco Alamanni
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Vormetric Data Security
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.
Database Management System
Overview and Roadmap for Microsoft SQL Server Security
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
System Administration Accounts privileges, users and roles
15 Copyright © 2006, Oracle. All rights reserved. Database Security.
Chapter 5 Database Application Security Models
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
Database Security Overview Blake Middleton CSE 7330 – Fall 2009.
Database Security Managing Users and Security Models.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
© 2007 by Prentice Hall12-1 Introduction to Oracle 10g Chapter 12 Maintaining Database Security James Perry and Gerald Post.
ORACLE LABEL SECURITY Evgeniya Kotzeva VEREO Technologies.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.
Switch off your Mobiles Phones or Change Profile to Silent Mode.
SEC835 Practical aspects of security implementation Part 1.
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
1 Theory, Practice & Methodology of Relational Database Design and Programming Copyright © Ellis Cohen Introduction to Relational Databases &
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
(VPD) Virtual Private Database Technique Hessah Hassan Al_kaoud.
Dale Roberts 1 Department of Computer and Information Science, School of Science, IUPUI Dale Roberts, Lecturer Computer Science, IUPUI
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Academic Year 2014 Spring Academic Year 2014 Spring.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Increasing security by disabling DML statements to a dba user in Oracle database Hakik PACI Polytechnic University of Tirana.
Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions.
Database Security Chapter Terms Security – all the processes and mechanisms by which computer-based equipment, information and services are.
Database Security DAC MAC Application Servers Web Encryption Users/Roles Stored Procedures, Views.
Chapter 6 Virtual Private Databases
C Copyright © 2007, Oracle. All rights reserved. Security New Features.
Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Overview of Security Investments in SQL Server 2016 and Azure SQL Database Jamey Johnston 1/15/2016Security Investments in SQL Server 2016 and Azure SQL.
18 Copyright © 2004, Oracle. All rights reserved. Implementing Oracle Database Security.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Database System Implementation CSE 507
Controlling User Access
Enterprise Row Level Security: SQL Server 2016 and Azure SQL DB
Database Security and Authorization
Overview of Security Investments
Introduction of Week 13 Return assignment 11-1 and 3-1-5
Copyright © 2013 – 2018 by Curt Hill
SQL Server 2016 Security Features
February 11-13, 2019 Raleigh, NC.
Virtual Private Databases
Presentation transcript:

ORACLE DATABASE SECURITY

Oracle Database Security Defense-in-Depth 4/19/2017 Oracle Database Security Defense-in-Depth Encryption and Masking Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Access Control Oracle Database Vault Oracle Label Security Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Total Recall is available in 11g Blocking and Logging Oracle Database Firewall Oracle Confidential 2

Oracle Database 10g: Performance Tuning 1-3 Agenda Oracle DB Security Protecting Data Encrypt stored data Mask data that is not used for production Controlling data access Implementing the Virtual Private Database (VPD) Using Oracle Label Security (OLS) TDE Summary Oracle Database 10g: Performance Tuning 1-3

Oracle Database 10g: Performance Tuning 1-4 Agenda Oracle DB Security Protecting Data Encrypt stored data Mask data that is not used for production Controlling data access Implementing the Virtual Private Database (VPD) Using Oracle Label Security (OLS) TDE Summary Oracle Database 10g: Performance Tuning 1-4

Data Masking What is data masking? Data masking is the process of replacing sensitive information with realistic data based on masking rules. Why use data masking? Use data masking so that data can be shared with nonproduction users such as testing companies.

Data Masking EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER 100 King 90 515.123.4567 105 Austin 60 590.423.4569 110 Chen 515.124.4269 EMPLOYEE_ID LAST_NAME DEPARTMENT_ID PHONE_NUMBER 468 Jefferies 90 510.555.1256 975 Smith 60 650.555.9753 396 Allen 100 925.555.3597

Data Masking: Features Uses an irreversible process to replace the sensitive database based on masking rules Ensures that the original data cannot be retrieved, recovered, or restored Enables you to define a central definition for common data masking formats to be used with all databases

Implementing Data Masking Security admin Identify sensitive information Create data mask formats Create masking definitions App DBA Clone production to staging Create masking definitions Execute masking job Clone staging to test DBA Production Staging Test

Data Masking

Oracle Database 10g: Performance Tuning 1-10 Agenda Oracle DB Security Protecting Data Encrypt stored data Mask data that is not used for production TDE Controlling data access Implementing the Virtual Private Database (VPD) Using Oracle Label Security (OLS) Summary Oracle Database 10g: Performance Tuning 1-10

Discretionary Access Control GRANT SELECT ON emp TO JOE; Joe REVOKE SELECT ON emp FROM FRED; Fred How to secure row or column level?

Oracle VPD A Virtual Private Database (VPD) combines an application context and FGAC Fine-grained access control: associate security policies to database objects Application Context: define and access application or session attributes Enforce business rules to limit row access Use a secure application context to provide high-performance resolution of user attributes

Why VPD? Scalability Simplicity Security Table Customers contains 1,000 customer records. Suppose we want customers to access their own records only. Using views, we need to create 1,000 views. Using VPD, it can be done with a single policy function. Simplicity Say, we have a table T and many views are based on T. Suppose we want to restrict access to some information in T. Without VPD, all view definitions have to be changed. Using VPD, it can be done by attaching a policy function to T; as the policy is enforced in T, the policy is also enforced for all the views that are based on T. Security Server-enforced security (as opposed to application-enforced). Cannot be bypassed. (There are two exceptional cases, though.)

How Fine-Grained Access Control Works The user accesses a table or view with a policy. The data server calls the policy function. The policy function returns a predicate. The data server adds the predicate to the statement. The data server executes the modified statement. SELECT * FROM orders; SELECT * FROM orders WHERE customer_id = sys_context ('oeapp','cust_id'); becomes

Application Context Application contexts act as secure caches of data that may be used by a fine-grained access control policy. Upon logging into the database, Oracle sets up an application context in the user’s section. You can define, set and access application attributes that you can use as a secure data cache. There is a pre-defined application context, “userenv”.

Application Context One can create a customized application context and attributes. Say, each employee can access a portion of the Customers table, based on the job-position. For example, a clerk can access only the records of the customers who lives in a region assigned to him. But a manager can access any record. Suppose that the job-positions of employees are stored in a LDAP server (or in the Employee table). Such information can be accessed and cached in an application context when an employee logs in.

VPD: Example Demo

Oracle Database 10g: Performance Tuning 1-18 Agenda Protecting Data Encrypt stored data Mask data that is not used for production TDE Controlling data access Implementing the Virtual Private Database (VPD) Using Oracle Label Security (OLS) Summary Oracle Database 10g: Performance Tuning 1-18

GRANT SELECT ON emp TO JOE; REVOKE SELECT ON emp FROM FRED; Oracle Label Security Discretionary Access Control GRANT SELECT ON emp TO JOE; Joe REVOKE SELECT ON emp FROM FRED; Fred

Select object privilege granted? dominates data row label? Oracle Label Security SQL request Select object privilege granted? Discretionary access control Confidential User clearance dominates data row label? OLS access mediation Location Storage OLS Label Nevada Conventional Sensitive Montana Nuclear Highly Sens. Colorado Medical Confidential X X The objects in the database can have rows that are labeled Access to rows is restricted on the basis of Oracle Label Security authorizations.

How Sensitivity Labels Are Used Users Top Secret Access mediation Authorizations Labels Data Data sensitivity Secret

Oracle Label Security Demo

Oracle Database 10g: Performance Tuning 1-23 Thank you ! Oracle Database 10g: Performance Tuning 1-23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.