Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATABASE SECURITY For CSCL (BIM).

Published byPatrick Parrish Modified over 5 years ago

Similar presentations

Presentation on theme: "DATABASE SECURITY For CSCL (BIM)."— Presentation transcript:

1 DATABASE SECURITY For CSCL (BIM)

2 Definition Database Security is
the mechanism that protect the database against intentional or accidental threats. We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality

3 Issues Legal and ethical issues regarding right to access certain information Private information should be accessed legally by unauthorized party Public information should be available to everyone Institutional policies What kind of information should be make (or should not be) make publicly available Social networking policies

4 Issues System related issue:
At system level at which various security function should be enforced. For example at the physical hardware level or at operating system level or the DBMS level

5 DBMS level External level (view level) Conceptual level
Internal level (physical level)

6 DBMS level

7 External level (view level)
External Level is described by a schema i.e. it consists of definition of logical records and relationship in the external view. It also contains the method of deriving the objects in the external view from the objects in the conceptual view.

8 Conceptual level Conceptual Level represents the entire database.
Conceptual schema describes the records and relationship included in the Conceptual view. It also contains the method of deriving the objects in the conceptual view from the objects in the internal view.

9 Internal level (physical level)
Internal level indicates how the data will be stored and described the data structures and access method to be used by the database. It contains the definition of stored record and method of representing the data fields and access aid used.

10 Multiple security level
Identify multiple security level Categorize the data and user based on Top Secret Secret Confidential Unclassified

11 Threats Any intentional or accidental event that may adversely affect the database. Loss of integrity Loss of availability Loss of confidentiality

12 Loss of integrity Should be protected from improper modification
Modification includes creation, insertion, updating, changing status of data and deletion Integrity lost if unauthorized change are made either intentional or accidental Result in inaccuracy, fraud and erroneous decisions

13 Loss of availability Availability refers to making objects available to human user or program to which they have legitimate right

14 Loss of confidentiality
Confidentiality refers protection of data from unauthorized disclosure Result in loss of public confidence, embarrassment, or legal action against the organization

15 Security Mechanism Discretionary Security Mechanism
Mandatory Security Mechanism Grant privileges to user Privileges includes access specific data files, records or fields in a specific mode (such as read, insert, delete or update)

16 Security Mechanism (2) Mandatory Security Mechanism
Enforce multilevel security by classifying the data and users into various security class (level) Typical security policy is to permit user at certain classification(clearance) User can access to that classification level or lower level

17 Control Measure To protect database against threats four find of control measure are used Access Control Inference Control Flow Control Data Encryption

18 Access Control Preventing unauthorized person from accessing the system itself Security Mechanism of DBMS must include provision for restricting access to the database system Access control is handled by creating user account and password

19 Inference Control Computer security inference control is the attempt to prevent users to infer classified information from rightfully accessible chunks of information with lower classification.  Used in statistical database

20 Flow Control Another security issue is that of flow control, which prevents information from flowing in such a way that it reaches unauthorized users. Suitable for database over multiuser system or network

21 Encryption Data is encoded using some encryption algorithm
Can be used to encrypt data as well as data transaction over network

Download ppt "DATABASE SECURITY For CSCL (BIM)."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Auditing Computer Systems

Auditing Computer Systems
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.

Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Information Security Principles & Applications

Information Security Principles & Applications
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/24 II. Selected Database Issues Part 1: Security Lecture 1 Lecturer: Chris Clack 3C13/D6.
© Pearson Education Limited, 20041 Chapter 5 Database Administration and Security Transparencies.

© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

Similar presentations

Ads by Google