Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.

Slides:



Advertisements
Similar presentations
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Advertisements

Database Management Systems, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.
Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Query Security
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Database Management System
Database Security - Farkas 1 Database Security and Privacy.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.
Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Security and Transaction Management Pertemuan 8 Matakuliah: T0413/Current Popular IT II Tahun: 2007.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Database Integrity and Security HAP 709 – Healthcare Databases George Mason University Janusz Wojtusiak, PhD Fall, 2010.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
COMP 5138 Relational Database Management Systems Semester 2, 2007 Lecture 6B Security with SQL.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
Information Security Databases and (Inter)Networks Prof. dr. P.M.E. De Bra Department of Computing Science Eindhoven University of Technology.
Lecture 7 Integrity & Veracity UFCE8K-15-M: Data Management.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
1 Database Administration. 2 Objectives  Understand, create, and drop views  Grant and revoke users’ privileges  Understand and obtain information.
Chapter 6 Database Administration
Introduction to DB Security
Database Management COP4540, SCS, FIU Constraints and security in SQL (Ch. 8.6, Ch22.2)
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
DATABASE SECURITY MODULE 5.
D ISCRETIONARY A CCESS C ONTROLS Truong Quynh Chi Faculty of Computer Science & Engineering HCMC University of Technology
1 Chapter 6 Database Administration. 2 Introduction Database administration The process of managing a database Database administrator A person or an entire.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Chapter 6 Data Integrity and Security.
1 SQL - II Data Constraints –Applying data constraints Types of data constraints –I/O constraints The PRIMARY KEY constraints The FOREIGN KEY constraints.
Chapter 9 Constraints. Chapter Objectives  Explain the purpose of constraints in a table  Distinguish among PRIMARY KEY, FOREIGN KEY, UNIQUE, CHECK,
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
CSC271 Database Systems Lecture # 17. Summary: Previous Lecture  View updatability  Advantages and disadvantages of views  View materialization.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
Database Security and Authorization. DB security Secrecy: Users should not be able to see things they are not supposed to. – E.g., A student can’t see.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Goals of Protection Operating.
Chapter 13Introduction to Oracle9i: SQL1 Chapter 13 User Creation and Management.
Chapter 9 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
Database Security and Authorization Introduction to DB Security Access Controls Database Security and the DBA Discretionary Access Control The privileges.
Database Security Database System Implementation CSE 507 Some slides adapted from Navathe et. Al.
Database Management Systems 3ed, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
Database Security Advanced Database Dr. AlaaEddin Almabhouh.
IST 210 Security. IST 210 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can’t.
Database System Implementation CSE 507
Protection and Security
Database Security and Authorization
Views and Security views and security.
A Guide to SQL, Eighth Edition
SQL .. An overview lecture3.
Access Control.
Chapter 14: Protection.
Access Control.
Presentation transcript:

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke2 Introduction to DB Security v Secrecy: Users should not be able to see things they are not supposed to. – E.g., A student can ’ t see other students ’ grades. v Integrity: Users should not be able to modify things they are not supposed to. – E.g., Only instructors can assign grades. v Availability: Users should be able to see and modify things they are allowed to.

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke3 Access Controls v A security policy specifies who is authorized to do what. v A security mechanism allows us to enforce a chosen security policy. v Two main mechanisms at the DBMS level: – Discretionary access control – Mandatory access control

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke4 Discretionary Access Control v Based on the concept of access rights or privileges for objects (tables and views), and mechanisms for giving users privileges (and revoking privileges). v Creator of a table or a view automatically gets all privileges on it. – DMBS keeps track of who subsequently gains and loses privileges, and ensures that only requests from users who have the necessary privileges (at the time the request is issued) are allowed.

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke5 GRANT Command  The following privileges can be specified:  SELECT : Can read all columns (including those added later via ALTER TABLE command).  INSERT (col-name): Can insert tuples with non-null or non- default values in this column.  INSERT means same right with respect to all columns.  DELETE : Can delete tuples.  REFERENCES (col-name): Can define foreign keys (in other tables) that refer to this column.  If a user has a privilege with the GRANT OPTION, can pass privilege on to other users (with or without passing on the GRANT OPTION ).  Only owner can execute CREATE, ALTER, and DROP. GRANT privileges ON object TO users [WITH GRANT OPTION]

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke6 Mandatory Access Control v Based on system-wide policies that cannot be changed by individual users. – Each DB object is assigned a security class. – Each subject (user or user program) is assigned a clearance for a security class. – Rules based on security classes and clearances govern who can read/write which objects. v Most commercial systems do not support mandatory access control. Versions of some DBMSs do support it; used for specialized (e.g., military) applications.

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke7 Why Mandatory Control? v Discretionary control has some flaws, e.g., the Trojan horse problem: – Dick creates Horsie and gives INSERT privileges to Justin (who doesn ’ t know about this). – Dick modifes the code of an application program used by Justin to additionally write some secret data to table Horsie. – Now, Justin can see the secret info. v The modification of the code is beyond the DBMSs control, but it can try and prevent the use of the database as a channel for secret information.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.