Presentation is loading. Please wait.

Presentation is loading. Please wait.

D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar.

Published byRosalind Harrell Modified over 9 years ago

Similar presentations

Presentation on theme: "D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar."— Presentation transcript:

1 D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar

2 O BJECTIVES The scope of database security. Why database security is a serious concern for an organization. The type of threats that can affect a database system. 2

3 O BJECTIVES How to protect a computer system using computer-based controls. The security measures provided by Microsoft Office Access and Oracle DBMSs. Approaches for securing a DBMS on the Web. 3

4 D ATABASE S ECURITY Data is a valuable resource that must be strictly controlled and managed, as with any corporate resource. Part or all of the corporate data may have strategic importance and therefore needs to be kept secure and confidential. 4

5 D ATABASE S ECURITY Mechanisms that protect the database against intentional or accidental threats. Security considerations do not only apply to the data held in a database. Breaches of security may affect other parts of the system, which may in turn affect the database. 5

6 D ATABASE S ECURITY Involves measures to avoid: Theft and fraud Loss of confidentiality (secrecy) Loss of privacy Loss of integrity Loss of availability 6

7 D ATABASE S ECURITY Threat Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization. 7

8 S UMMARY OF T HREATS TO C OMPUTER S YSTEMS 8

9 T YPICAL M ULTI - USER C OMPUTER E NVIRONMENT 9

10 C OUNTERMEASURES – C OMPUTER -B ASED C ONTROLS Concerned with physical controls to administrative procedures and includes: Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology 10

11 C OUNTERMEASURES – C OMPUTER -B ASED C ONTROLS Most DBMS provide an approach called Discretionary Access Control (DAC). SQL standard supports DAC through the GRANT and REVOKE commands. The GRANT command gives privileges to users, and the REVOKE command takes away privileges. 11

12 C OUNTERMEASURES – C OMPUTER -B ASED C ONTROLS DAC while effective has certain weaknesses. In particular an unauthorized user can trick an authorized user into disclosing sensitive data. To avoid such tricks, an additional approach is required called Mandatory Access Control (MAC). 12

13 C OUNTERMEASURES – C OMPUTER -B ASED C ONTROLS MAC based on system-wide policies that cannot be changed by individual users. MAC is described in term of Objects – Relations, Views, Tuples and atributes etc Subjects – Users and Programs Security Class ; Security Level Class of objects (Top Secret TS, Secret S etc Clearance : Security clearance certificate of subjects Each database object is assigned a security class and each user is assigned a clearance for a security class, and rules are imposed on reading and writing of database objects by users. 13

14 C OUNTERMEASURES – C OMPUTER -B ASED C ONTROLS MAC determines whether a user can read or write an object based on rules that involve the security level of the object and the clearance of the user. These rules ensure that sensitive data can never be ‘passed on’ to another user without the necessary clearance. The SQL standard does not include support for MAC. 14

15 RAID (R EDUNDANT A RRAY OF I NDEPENDENT D ISKS ) T ECHNOLOGY Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures. 15

16 RAID (R EDUNDANT A RRAY OF I NDEPENDENT D ISKS ) T ECHNOLOGY The main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans. Disk drives are the most vulnerable components with the shortest times between failure of any of the hardware components. 16

17 RAID (R EDUNDANT A RRAY OF I NDEPENDENT D ISKS ) T ECHNOLOGY One solution is to provide a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance. 17

18 RAID (R EDUNDANT A RRAY OF I NDEPENDENT D ISKS ) T ECHNOLOGY Performance is increased through data striping : the data is segmented into equal- size partitions (the striping unit ), which are transparently distributed across multiple disks. Reliability is improved through storing redundant information across the disks using a parity scheme or an error-correcting scheme. 18

19 RAID (R EDUNDANT A RRAY OF I NDEPENDENT D ISKS ) T ECHNOLOGY There are a number of different disk configurations called RAID levels. RAID 0 Nonredundant (Stripping unit is block) RAID 1 Mirrored (redundant data) RAID 0+1 Nonredundant and Mirrored RAID 2 Memory-Style Error-Correcting Codes (Stripping Unit is Bit) RAID 3 Bit-Interleaved Parity(1 disk store parity bit that is used to recover lost bit) RAID 4 Block-Interleaved Parity (Parity unit is block) RAID 5 Block-Interleaved Distributed Parity (parity block is mirrored ) RAID 6 P+Q Redundancy (same as RAID 5 but capable to handle failure of multiple disks 19

20 RAID 0 AND RAID 1 20

21 RAID 2 AND RAID 3 21

22 RAID 4 AND RAID 5 22

23 S ECURITY IN M ICROSOFT O FFICE A CCESS DBMS Provides two methods for securing a database: setting a password for opening a database (system security); user-level security, which can be used to limit the parts of the database that a user can read or update (data security). 23

24 DBMS S AND W EB S ECURITY Internet communication relies on TCP/IP as the underlying protocol. However, TCP/IP and HTTP were not designed with security in mind. Without special software, all Internet traffic travels ‘in the clear’ and anyone who monitors traffic can read it. 24

25 DBMS S AND W EB S ECURITY Must ensure while transmitting information over the Internet that: inaccessible to anyone but sender and receiver (privacy); not changed during transmission (integrity); receiver can be sure it came from sender (authenticity); sender can be sure receiver is genuine (non- fabrication); sender cannot deny he or she sent it (non- repudiation). 25

26 H OW S ECURE E LECTRONIC T RANSACTIONS (SET) W ORKS 26

Download ppt "D ATABASE A DMINISTRATION L ECTURE N O 4 Muhammad Abrar."

Similar presentations

RAID A RRAYS Redundant Array of Inexpensive Discs.

RAID A RRAYS Redundant Array of Inexpensive Discs.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Database Management System

Database Management System
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:

Web Site Security ISYS 512/812. Authentication Authentication is the process that determines the identity of a user. Web.config file – node Options: –Windows:
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Manajemen Basis Data Pertemuan 1 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.

IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
DATABASE ADMINISTRATION AND SECURITY

DATABASE ADMINISTRATION AND SECURITY
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.

1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
RAID Ref: Stallings. Introduction The rate in improvement in secondary storage performance has been considerably less than the rate for processors and.

RAID Ref: Stallings. Introduction The rate in improvement in secondary storage performance has been considerably less than the rate for processors and.

Similar presentations

Ads by Google