Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005."— Presentation transcript:

1 Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005

2 u The scope of database security. u Why database security is a serious concern for an organization. u The type of threats that can affect a database system. Chapter 8 - Objectives

3 u How to protect a computer system using computer-based controls. u The security measures provided by Microsoft Office Access and Oracle DBMSs. u Approaches for securing a DBMS on the Web. Chapter 8 - Objectives

4 Database Integrity, Security and Recovery u Database integrity u Database security u Database recovery

5 Database Integrity u Database integrity – refers to correct processing of a database such as applying the appropriate business rules when performing a database operations u Means that data stored in a database are accurate

6 u Several ways to ensure data integrity: –Domain integrity –Entity integrity constraint –Referential integrity –Business rules –Database consistency Database Integrity

7 u Domain integrity –Means entries in a field or column from the same domain (example : IC No.) –Validation rules (XXXXXX-XX-XXXX) can be applied to trap errors u Entity integrity constraint –Each row in a relation must be unique –Primary key shows the uniqueness of a rows, cannot be NULL (called entity integrity constraint) u Referential integrity –Means that if a table has a foreign key, then a row of the key must be exist in the referenced table Database Integrity

8 u Business rules –Relationship between entities define the business rules (student can register only 6 courses in a semester) u Database consistency –Must be consistent before and after a transaction –All database integrity constraints are satisfied Database Integrity

9 u Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. u Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential. Database Security

10 u Mechanisms that protect the database against intentional or accidental threats. u Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. Database Security

11 u Involves measures to avoid: –Theft and fraud –Loss of confidentiality (secrecy) –Loss of privacy –Loss of integrity –Loss of availability Database Security

12 u Threat –Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization. Database Security

13 u All data must be protected from all types of threats –Accidental threats – caused by accidents such as operator carelessness, power failure, disk crashes and fire. –Intentional – caused by human, to exploit weaknesses in the system for personal gain. Such as unauthorized access to database. Hack the system. Database Security

14 Countermeasures – Computer-Based Controls u Concerned with physical controls to administrative procedures and includes: –Authorization –Access controls –Views –Backup and recovery –Integrity –Encryption –RAID technology © Pearson Education Limited 1995, 2005

15 Countermeasures – Computer-Based Controls u Authorization –The granting of a right or privilege, which enables a subject to legitimately have access to a system or a system’s object. –Authorization is a mechanism that determines whether a user is, who he or she claims to be. © Pearson Education Limited 1995, 2005

16 Countermeasures – Computer-Based Controls u Access control –Based on the granting and revoking of privileges. –A privilege allows a user to create or access (that is read, write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities. –Privileges are granted to users to accomplish the tasks required for their jobs. © Pearson Education Limited 1995, 2005

17 Countermeasures – Computer-Based Controls u Most DBMS provide an approach called Discretionary Access Control (DAC). u SQL standard supports DAC through the GRANT and REVOKE commands. u The GRANT command gives privileges to users, and the REVOKE command takes away privileges. © Pearson Education Limited 1995, 2005

18 Countermeasures – Computer-Based Controls u DAC while effective has certain weaknesses. In particular an unauthorized user can trick an authorized user into disclosing sensitive data. u An additional approach is required called Mandatory Access Control (MAC). © Pearson Education Limited 1995, 2005

19 Countermeasures – Computer-Based Controls u DAC based on system-wide policies that cannot be changed by individual users. u Each database object is assigned a security class and each user is assigned a clearance for a security class, and rules are imposed on reading and writing of database objects by users. © Pearson Education Limited 1995, 2005

20 Countermeasures – Computer-Based Controls u DAC determines whether a user can read or write an object based on rules that involve the security level of the object and the clearance of the user. These rules ensure that sensitive data can never be ‘passed on’ to another user without the necessary clearance. u The SQL standard does not include support for MAC. © Pearson Education Limited 1995, 2005

21 Countermeasures – Computer-Based Controls u View –Is the dynamic result of one or more relational operations operating on the base relations to produce another relation. –A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. © Pearson Education Limited 1995, 2005

22 Countermeasures – Computer-Based Controls u Backup –Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media. u Journaling –Process of keeping and maintaining a log file (or journal) of all changes made to database to enable effective recovery in event of failure. © Pearson Education Limited 1995, 2005

23 Countermeasures – Computer-Based Controls u Integrity –Prevents data from becoming invalid, and hence giving misleading or incorrect results. u Encryption –The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. © Pearson Education Limited 1995, 2005

24 RAID (Redundant Array of Independent Disks) Technology u Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. u Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures. © Pearson Education Limited 1995, 2005

25 RAID (Redundant Array of Independent Disks) Technology u The main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans. u Disk drives are the most vulnerable components with the shortest times between failure of any of the hardware components. © Pearson Education Limited 1995, 2005

26 RAID (Redundant Array of Independent Disks) Technology u One solution is to provide a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance. © Pearson Education Limited 1995, 2005

27 Security in Microsoft Office Access DBMS u Provides two methods for securing a database: –setting a password for opening a database (system security); –user-level security, which can be used to limit the parts of the database that a user can read or update (data security). © Pearson Education Limited 1995, 2005

28 Securing the DreamHome database using a password © Pearson Education Limited 1995, 2005

29 User and Group Accounts dialog box for the DreamHome database © Pearson Education Limited 1995, 2005

30 User and Group Permissions dialog box © Pearson Education Limited 1995, 2005

31 Creation of a new user with password authentication set © Pearson Education Limited 1995, 2005

32 Log on dialog box © Pearson Education Limited 1995, 2005

33 Setting the Insert, Select, and Update privileges © Pearson Education Limited 1995, 2005

34 u Several approaches to recover from system failures –Backup failure – makes a copies of the database –Journalizing facilities – used to store the audit trails of transactions and database changes (system log) –Checkpoint facilities – will refuse to accept any new transaction –Recovery manager – restore the database correctly after a failure has occurred Database Recovery

35 u Types of database failure –Aborted transaction – to correct the errors, the system must roll back by undoing the steps for the transaction –Incorrect data – updating a database correctly but with incorrect data –System failure – power failure, disk crashed –Database destruction – part of database may be destroyed Database Recovery

36 u END

Download ppt "Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Systems Analysis and Design in a Changing World, 6th Edition

Systems Analysis and Design in a Changing World, 6th Edition
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.

Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
DBMS Functions Data, Storage, Retrieval, and Update

DBMS Functions Data, Storage, Retrieval, and Update
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Similar presentations

Ads by Google