Download presentation
Presentation is loading. Please wait.
Published byCody Nash Modified over 8 years ago
1
Overview of Database Security Introduction Security Problems Security Controls Designing Database Security
2
Security Problems Outline Threats to database security Database protection requirements
3
Security Problems Threats to Database Security What is a threat? Three Consequences Two Kind of threats
4
Security Problems What is a threat? A threat can be defined as a hostile agent that, either casually or by using specialized technique, disclose, modify or delete the information managed by a database management system.
5
Security Problems Three Consequences Improper release of information Improper modification of data Denial of service
6
Security Problems Two Kinds of Threat Accidental (Non-fraudulent) Intentional (fraudulent)
7
Security Problems Causes of Non-fraudulent Threat Natural or accidental disasters Errors or bugs in hardware or software Human errors
8
Security Problems Fraudulent Threat from Two Classes of User Authorized users Those who abuse their privileges and authority Hostile agents Those improper users (outsider or insiders) who attack the software and/or hardware system, or improperly read or write data in a database
9
Security Problems Three Typical Attacks Virus Trojan Horse Trapdoor
10
Security Problems Virus A code able to copy itself and to damage permanently and often irreparably the environment where it gets reproduced
11
Security Problems Trojan Horse A program which, under an apparent utility, collects information for its own fraudulent use
12
Security Problems Trapdoor A code segment hidden within a program; a special input will start this segment and allow its owner to skip the protection mechanisms and to access the database beyond his or her privileges
13
Security Problems Database Protection Requirements Protection from Improper Access It consists of granting access to a database only to authorized users Protection from Inference Users must be prevented from tracking back to information on individual entities starting from statistical aggregated information Integrity of the Database Ensuring the logical consistency of data in a database User Authentication Identifying uniquely the database users
14
Security Problems Database Protection Requirements Accountability and Auditing Recording all accesses to the database for analysis and for deterrence of unauthorized accesses Management and Protection of Sensitive Data Protecting the sensitive data from unauthorized users Multilevel Protection Information may be classified at various levels of protection Confinement To avoid undesired information transfer between systems
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.