DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

Slides:



Advertisements
Similar presentations
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Advertisements

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Database Administration and Security Transparencies 1.
Security and Integrity
Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Systems Analysis and Design in a Changing World, 6th Edition
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Concurrency Control. R/RR/W W/W User 2 ReadWrite User 1 Read Write R/W: Inconsistent Read problem. W/W: Lost Update problem.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:
DATABASE ADMINISTRATION AND SECURITY
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
© 2013 Pearson Education, Inc. Publishing as Prentice Hall 1 CHAPTER 11: DATA AND DATABASE ADMINISTRATION Modern Database Management 11 th Edition Jeffrey.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Managing Multi-User Databases AIMS 3710 R. Nakatsu.
DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.
 Definition  Components  Advantages  Limitations Contents  Definition Definition  Functions Functions.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Information: Policy, Strategy and Systems Module Overview
CS 3630 Database Design and Implementation Dr. Qi Yang 213 Ullrich My Home Page: The Class Page:
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2 Security Controls 3.3 Views 3.4 Security in Oracle 3.5 Web.
Chapter 1 Introduction to Databases. 1-2 Chapter Outline   Common uses of database systems   Meaning of basic terms   Database Applications  
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
IMS 4212: Database Security 1 Dr. Lawrence West, Management Dept., University of Central Florida Data & Database Administration Security.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
MBA 664 Database Management Dave Salisbury ( )
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Introduction to Databases Dr. Osama AL Rababah. Objectives In this capture you will learn: Some common uses of database systems. The characteristics of.
1 Chapter 7 Data Protection Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility.
DATA SECURITY. Security considerations apply not only to the data held in the database Breaches of security may affect other parts of the system which.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Copyright © 2016 Pearson Education, Inc. CHAPTER 12: DATA AND DATABASE ADMINISTRATION Modern Database Management 12 th Edition Jeff Hoffer, Ramesh Venkataraman,
TM 13-1 Copyright © 1999 Addison Wesley Longman, Inc. Data and Database Administration.
Chapter Name September 98 Security by Adrienne Watt.
Securing Network Servers
Database Security and Authorization
Security and Administration Transparencies
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Managing Multi-user Databases
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Database Security &Threats
DATABASE SECURITY For CSCL (BIM).
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Implementation of security elements in database
Presentation transcript:

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee

Definition Database Security is the mechanism that protect the database against intentional or accidental threats. We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality

Introduction – Loss of privacy – Loss of integrity – Loss of availability Threat is any intentional or accidental event that may adversely affect the system. any intentional or accidental event that may adversely affect the system.

Introduction (Cont) Examples of threats: - Using another person’s log-in name to access data access data - Unauthorized copying data - Program/Data alteration - Illegal entry by hacker - Viruses - Etc.

Countermeasures Computer-Based Controls: - Authorization - Views - Backup and Recovery - Integrity - Encryption - RAID Technology

Authorization The granting of a privilege that enable a user to have a legitimate access to a system. They are sometimes referred as access controls. The process of authorization involves authenticating the user requesting access to objects.

Authenticating Means a mechanism that determines whether a user is who he/she claim to be. A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.

Closed Vs Open Systems Closed Systems Some DBMS required authorization for authorized DBMS users to access specific objects. Some DBMS required authorization for authorized DBMS users to access specific objects. Open Systems Allow users to have complete access to all objects within the database. Allow users to have complete access to all objects within the database.

A DBMS may permit both individual user identifiers and group identifiers to be created. Certain privileges may be associated with specific identifiers, which indicate what kind of privilege is allowed with certain with certain database objects.

Each privileges has a binary value associated with it. The binary values are summed and the total value indicates what privileges are allowed for a specific user or group with a particular object.

User & Group Identifier User Identifier TypeGroup Member Identifier SG37UserSalesSG37 SG14UserSalesSG14 SG5User SalesGroup

Access Control Matrix User Identifier Property#TypePriceOwner#Staff#Branch# Query Row Limit Sales SG SG none SELECTUPDATEINSERTDELETEALL

Views Is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

Views (Cont) The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. The user is not aware of the existence of any attributes or rows that are missing from the view.

Backup & Recovery Is the process of periodically taking a copy of the database and log file on to offline storage media. DBMS should provide backup facilities to assist with the recovery of a database failure.

Integrity Maintaining a secure database system by preventing data from becoming invalid.

Encryption The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key. There will be degradation in performance because of the time taken to decode it. It also protects the data transmitted over communication lines.

RAID Redundant Array of Independent Disks The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. One solution is the use of RAID technology.

RAID (Cont) RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.