ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Database Administration and Security Transparencies 1.
Database Management System
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Chapter 7 HARDENING SERVERS.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Chapter 5 Database Application Security Models
Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
DATABASE ADMINISTRATION AND SECURITY
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Database Application Security Models Database Application Security Models 1.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Types of Electronic Infection
Chapter 21 Distributed System Security Copyright © 2008.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Section 3 Database Security. 3-2 CA306 Introduction Section Content 3.1 Security Overview 3.2 Security Controls 3.3 Views 3.4 Security in Oracle 3.5 Web.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
11/4/2012ISC239 Isabelle Bichindaritz1 Database Security.
Database Security Tampere University of Technology, Introduction to Databases. Oleg Esin.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
CSC271 Database Systems Lecture # 31. Summary: Previous Lecture  Remaining steps/activities in  Physical database design methodology  Monitoring and.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
1 Chapter 7 Data Protection Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility.
DATA SECURITY. Security considerations apply not only to the data held in the database Breaches of security may affect other parts of the system which.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Chapter Name September 98 Security by Adrienne Watt.
Database and Cloud Security
Design for Security Pepper.
Database Security and Authorization
Security and Administration Transparencies
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Database Security &Threats
DATABASE SECURITY For CSCL (BIM).
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Implementation of security elements in database
Presentation transcript:

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta

ISOM Structure of this semester Database Fundamentals Relational Model Normalization Conceptual Modeling Query Languages Advanced SQL Database Security Java DB Applications – JDBC/JSP Data Mining 0. Intro 1. Design 3. Applications 4. Advanced Topics NewbieUsersProfessionalsDesigners MIS Querying Developers

ISOM 3 Objectives The scope of database security. Why database security is a serious concern for an organization. The type of threats that can affect a database system.

ISOM 4 Database Security Mechanisms that protect the database against intentional or accidental threats. Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database.

ISOM 5 Database Security Involves measures to avoid:  Theft and fraud  Loss of confidentiality (secrecy)  Loss of privacy  Loss of integrity  Loss of availability

ISOM 6 Database Security Threat  Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization.

ISOM 7 Summary of Threats to Computer Systems

ISOM 8 Typical Multi-user Computer Environment

ISOM 9 Countermeasures – Computer-Based Controls Concerned with physical controls to administrative procedures and includes:  Authorization  Access controls  Views  Backup and recovery  Integrity  Encryption  RAID technology

ISOM 10 Authorization  The granting of a right or privilege, which enables a subject to legitimately have access to a system or a system’s object.  Authorization is a mechanism that determines whether a user is, who he or she claims to be. Countermeasures – Computer-Based Controls

ISOM 11 Access control  Based on the granting and revoking of privileges.  A privilege allows a user to create or access (that is read, write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities.  Privileges are granted to users to accomplish the tasks required for their jobs. Countermeasures – Computer-Based Controls

ISOM 12 Most DBMS provide an approach called Discretionary Access Control (DAC). SQL standard supports DAC through the GRANT and REVOKE commands. The GRANT command gives privileges to users, and the REVOKE command takes away privileges. Countermeasures – Computer-Based Controls

ISOM 13 DAC while effective has certain weaknesses. In particular an unauthorized user can trick an authorized user into disclosing sensitive data. An additional approach is required called Mandatory Access Control (MAC). The SQL standard does not include support for MAC. Countermeasures – Computer-Based Controls

ISOM 14 DAC determines whether a user can read or write an object based on rules that involve the security level of the object and the clearance of the user. These rules ensure that sensitive data can never be ‘passed on’ to another user without the necessary clearance. Countermeasures – Computer-Based Controls

ISOM 15 View  Is the dynamic result of one or more relational operations operating on the base relations to produce another relation.  A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. Countermeasures – Computer-Based Controls

ISOM 16 Backup  Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media. Journaling  Process of keeping and maintaining a log file (or journal) of all changes made to database to enable effective recovery in event of failure. Integrity  Prevents data from becoming invalid, and hence giving misleading or incorrect results. Encryption  The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. Countermeasures – Computer-Based Controls

ISOM 17 DBMSs and Web Security Internet communication relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it.

ISOM 18 DBMSs and Web Security Measures include:  Proxy servers  Firewalls  Message digest algorithms and digital signatures  Digital certificates  Kerberos  Secure sockets layer (SSL) and Secure HTTP (S- HTTP)  Java security

ISOM Security Breach Example – SQL Injection Attacker makes assumptions on underlying SQL structure and injects SQL through user inputs Most common form: Password authentication Prevention:  Use uncommon table names by adding a prefix  Use parameterized SQL queries  Check User inputs for potential threats