Database Application Security Models Database Application Security Models 1.

Slides:



Advertisements
Similar presentations
Lecture-7/ T. Nouf Almujally
Advertisements

Internet Security Protocols
Management Information Systems, Sixth Edition
Objectives In this session, you will learn to:
Data - Information - Knowledge
8.
Technical Architectures
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Peoplesoft Fundamentals David Lewis 10/18/02 (adapted from Psoft Training Materials)
Client/Server Databases and the Oracle 10g Relational Database
Distributed Information Systems - The Client server model
The Architecture of Transaction Processing Systems
Chapter 4: Database Management. Databases Before the Use of Computers Data kept in books, ledgers, card files, folders, and file cabinets Long response.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 5 Database Application Security Models
System Analysis and Design
Chapter 2 Database Environment Pearson Education © 2014.
Introduction to Web Applications Instructor: Enoch E. Damson.
Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.
Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.
The Client/Server Database Environment
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
Web application architecture
Database Application Security Models
Database Environment 1.  Purpose of three-level database architecture.  Contents of external, conceptual, and internal levels.  Purpose of external/conceptual.
INTRODUCTION TO WEB DATABASE PROGRAMMING
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
Internet Basics Dr. Norm Friesen June 22, Questions What is the Internet? What is the Web? How are they different? How do they work? How do they.
CSC271 Database Systems Lecture # 4.
Simple Database.
® IBM Software Group © 2007 IBM Corporation J2EE Web Component Introduction
Tech Terminology for non-technical people Tim Bornholtz 2006 Annual Conference.
Dr. Mohamed Osman Hegazi 1 Database Systems Concepts Database Systems Concepts Course Outlines: Introduction to Databases and DBMS. Database System Concepts.
Unit – I CLIENT / SERVER ARCHITECTURE. Unit Structure  Evolution of Client/Server Architecture  Client/Server Model  Characteristics of Client/Server.
MACIASZEK, L.A. (2001): Requirements Analysis and System Design. Developing Information Systems with UML, Addison Wesley Chapter 6 - Tutorial Guided Tutorial.
An application architecture specifies the technologies to be used to implement one or more (and possibly all) information systems in terms of DATA, PROCESS,
The Client/Server Database Environment Ployphan Sornsuwit KPRU Ref.
Database Architectures Database System Architectures Considerations – Data storage: Where do the data and DBMS reside? – Processing: Where.
Lecture # 3 & 4 Chapter # 2 Database System Concepts and Architecture Muhammad Emran Database Systems 1.
MANAGING DATA RESOURCES ~ pertemuan 7 ~ Oleh: Ir. Abdul Hayat, MTI.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Bayu Adhi Tama, M.T.I 1 © Pearson Education Limited 1995, 2005.
Application Development
Strictly Business Using “StrictlyFused” to Create an Extensible Knowledge Portal.
Preface IIntroduction Objectives I-2 Course Overview I-3 1Oracle Application Development Framework Objectives 1-2 J2EE Platform 1-3 Benefits of the J2EE.
Chapter 13Oracle9i DBA II: Backup/Recovery and Network Administration 1 Chapter 13 Network Administration and Server-side Configuration.
Computer Security: Principles and Practice
Chapter 2 Database Environment.
1 LM 6 Database Applications Dr. Lei Li. Learning Objectives Explain three components of a client-server system Describe differences between a 2-tiered.
2 Copyright © Oracle Corporation, All rights reserved. Basic Oracle Net Architecture.
1 Copyright © 2008, Oracle. All rights reserved. Repository Basics.
Slide 1 © 2016, Lera Technologies. All Rights Reserved. Oracle Data Integrator By Lera Technologies.
Management Information Systems by Prof. Park Kyung-Hye Chapter 7 (8th Week) Databases and Data Warehouses 07.
James A. Senn’s Information Technology, 3rd Edition
Business System Development
CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr
Client/Server Databases and the Oracle 10g Relational Database
Chapter 2 Database System Concepts and Architecture
The Client/Server Database Environment
Server Concepts Dr. Charles W. Kann.
MVC and other n-tier Architectures
The Client/Server Database Environment
Chapter 2 Database Environment Pearson Education © 2009.
MANAGING DATA RESOURCES
Introduction to Databases Transparencies
Database Environment Transparencies
Presentation transcript:

Database Application Security Models Database Application Security Models 1

2 Objectives What we have learned –the necessary background and best practices for database security and its elements –how to create users and roles and to assign privileges to users Describe the different types of users in a database environment and the distinct purpose of each Identify and explain the concepts of five security models List the most commonly used application types

3 Objectives (continued) Implement the most common application security models Understand the use of data encryption within database applications

4 Types of Users Application: –Solves a problem –Performs a specific business function MS Word, Adobe Acrobat Reader, etc Database: collection of related data files used by an application Application user: a record created for a user within the application schema to be used for authentication to the application

5 Types of Users (continued) Types: –Application administrator –Application owner –Application user –Database administrator –Database user –Proxy user ( A database user that has specific roles and privileges assigned to it. Isolating application users from the database ) –Schema owner

6 Security Models Access Matrix Model: –Represents two main entities: objects and subjects: Columns represent objects Rows represent subjects –Objects: tables, views, procedures, database objects –Subjects: users, roles, privileges, modules –Authorization cell ( access details on the object granted to the subject. access, operation, or commands )

7 Security Models (continued)

8 Access Modes Model: –Uses objects and subjects –Specifies access modes: static and dynamic modes –Access levels: a subject has access to objects at its level and all levels below it

9 Security Models (continued)

10 Security Models (continued)

11 Application Types Client/Server applications: –Management Information System (MIS) department: Thirty year ago centralized information Developed mainframe projects Was a bottleneck –Personal computer was introduced. A better architecture had to be developed that could take advantage of the flexibility of the PC, overcome the bottlenecks of the MIS Department, and overcome the inability of the PC environment to grow with increasing data needs. –Based on the business model the client submits inquiries and the server responds with answers to these inquiries

12 Client/Server Applications

13 Client/Server Applications (continued) Provides a flexible and scalable structure Components: –User interface –Business logic –Data access Components usually spread out over several tiers: –Minimum two –Normally, four to five

14 Client/Server Applications (continued)

15 Client/Server Applications (continued)

16 Web Applications Evolved with the rise of dot-com and Web- based companies Uses the Web to connect and communicate to the server A Web application uses HTML pages created using: –ActiveX –Java applets or beans –ASP (Active Server Pages) –More

17 Web Applications (continued)

18 Web Applications (continued) Components: –Web browser layer A typical browser program that allows users to navigate through Web pages found on the Internet –Web server layer A software program residing on a computer connected to the Internet that responds to requests submitted by the Web browsers –Application server layer A software program residing on a computer that is used for data processing and for interfacing to the business logic and database server –Business logic layer A software program that implements business rules –Database server layer A software program that stores and manages data

19 Web Applications (continued)

20 Data Warehouse Applications Used in decision-support applications Collection of many types of data taken from a number of different databases Typically composed of a database server Accessed by software applications or reporting applications: online analytical processing (OLAP)

21 Data Warehouse Applications (continued)

22 Application Security Models Models: –Database role based –Application role based –Application function based –Application role and function based –Application table based

23 Security Model Based on Database Roles Application authenticates application users: maintain all users in a table Each user is assigned a role; roles have privileges assigned to them A proxy user is needed to activate assigned roles; all roles are assigned to the proxy user Model and privileges are database dependent

24 Security Model Based on Database Roles (continued)

25 Security Model Based on Database Roles (continued) Implementation in Oracle: –Create users –Add content to your tables –Add a row for an application user –Create a proxy user –Create roles –Grant roles to the proxy user –Look for application user’s role –Activate the role for this specific session

26 Security Model Based on Application Roles Application roles are mapped to real business roles (titles or positions) Application authenticates users Each user is assigned to an application role; application roles are provided with application privileges (read and write)

27 Security Model Based on Application Roles (continued)

28 Security Model Based on Application Functions Application authenticates users Application is divided into functions Considerations: –Isolates application security from database –Passwords must be securely encrypted –Must use a real database user

29 Security Model Based on Application Functions (continued)

30 Security Model Based on Application Roles and Functions Combination of models Application authenticates users Application is divided into functions: –Roles are assigned to functions –Functions are assigned to users Highly flexible model

31 Security Model Based on Application Roles and Functions (continued)

32 Security Model Based on Application Tables Depends on the application to authenticate users Application provides privileges to the user based on tables; not on a role or a function User is assigned access privilege to each table owned by the application owner

33 Security Model Based on Application Tables (continued)

34 Data Encryption Passwords should be kept confidential and preferably encrypted Passwords should be compared encrypted: –Never decrypt the data –Hash the passwords and compare the hashes A hash is an algorithm that converts a varying text message to a fixed-length message.

35 Data Encryption (continued)

36 Summary An application user is simply a record created for a user within the application schema; usually does not have database privileges or roles assigned Access matrix: –Columns represent objects –Rows represent subjects –Authorization cell Access mode

37 Summary (continued) Application types: client/server, Web, and Data Warehouse Application security models –Database roles –Application roles –Application functions –Roles and functions in the application –Application tables