Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security Tampere University of Technology, 2003. 8102300 Introduction to Databases. Oleg Esin.

Published byHarold Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Security Tampere University of Technology, 2003. 8102300 Introduction to Databases. Oleg Esin."— Presentation transcript:

1 Database Security Tampere University of Technology, 2003. 8102300 Introduction to Databases. Oleg Esin. Oleg@cc.tut.fi

2 What is database security? Database security – The mechanisms that protect the database against intentional or accidental threats. Major areas of loss:  theft and fraud  loss of confidentiality  loss of privacy  loss of integrity  loss of availability

3 Threats Treat – Any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization.  Using another person’s means of access  Illegal entry by hacker  Creating “trapdoor” into system  Theft of data, programs, and equipment  Staff shortages or strikes  Inadequate staff training  Viewing and disclosing unauthorized data  Data corruption owning to power loss or surge  Physical damage to equipment  Introduction of viruses

4 Potential threats to computer system  DBMS and Application Software - Failure of security mechanisms giving greater access; Program alteration; Theft of programs.  Communication networks - Wire tapping; Breaking of cables; Electronic interference and radiation.  Data/Database Administrator - Inadequate security policies and procedures. zHardware - fire/flood/bombs; Data corruption due to power loss; Theft of equipment;  Database - Unauthorized amendment or copying of data; Theft of data; Data corruption due to power loss.  Users - Using another person’s means of access; Viewing and disclosing unauthorized data; Inadequate Staff training; Introduction of viruses.  Programmers/Operators - Creating trapdoors; Program alteration; Inadequate security policies; Staff shortage or strikes.

5 Countermeasures – Computer-Based Controls  Authorization and Authentication  Views  Backup and Recovery  Integrity  Encryption  RAID technology

6 Authorization and Authentication  Authorization – The granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s objects.  Authentication – A mechanism that determines whether a user is who he/she claims to be.

7 Views View - A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users.

8 Backup and Recovery Backup - The process of periodically taking a copy of the database and log file on to offline storage media. Journaling - The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure.

9 Encryption Encryption - The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. Symmetric encryption - DES, IDEA, RC4, BlowFish, AES. Asymmetric encryption - RSA, Diffie-Helman. Plain-data Algorithm and password Encrypted data

10 RAID - Redundant Array of Independent Disks RAID is a category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers running the databases.  Level 0: Provides data striping (spreading out blocks of each file across multiple disks) but no redundancy. This improves performance but does not deliver fault tolerance.  Level 1: Provides disk mirroring.  Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It provides good performance and some level of fault tolerance.  Level 5: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance.

11 Microsoft Access and Oracle DBMS Microsoft Access: System level security - password. User-level security - identification as a member of groups (Administrators and Users), permissions are granted (Open/Run, Read, Update, Delete, etc). Oracle DBMS: System level security - name, password. User-level security is based on a privilege, i.e a right to execute a particular type of SQL statements or to access another user’s object. System privileges and object privileges.

12 DBMSs and Web Security  Proxy servers  Firewalls  Message Digest Algorithms and Digital Signature  Digital Certificates  SSL and S-HTTP

13 Proxy servers Proxy servers is a computer that sits between a Web browser and a Web servers. It intercepts all requests for web pages and saves them locally for some time. Proxy server provides improvement in performance and filters requests. Computer A Computer B Proxy-server Internet

14 Firewalls Firewall - is a system that prevents unauthorized access to or from private network. Implemented in software, hardware or both.  Packet filter  Application gateway  Circuit-level gateway (TCP, UDP protocols)  Proxy server

15 Message Digest Algorithms and Digital Signatures Message digest algorithm is the one-way hash function that produces a fixed-length string (hash) from an arbitrary-sized message. It’s computationally infeasible that there is another message with the same digest, the digest does not reveal anything about the message. Digital signature consist of two parts: a string of bits that is computed from the message and the private key of organization. Digital signature is used to verify that the message comes from this organization.

16 Digital Certificates Digital Certificate is an attachment to an electronic message used for security purposes, most commonly to verify that a user sending a message is who he/she claims to be, and provide the receiver with the means to encrypt a reply. Protocol - X.509. Digital Certificate Authorities - VeriSign, Thwate.

17 Secure Sockets Layer and Secure HTTP SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely. S-HTTP is designed to transmit individual messages securely. Both use asymmetric encryption.  Allow Web browsers and servers to authenticate each other  Permit Web site owners to control access to particular servers, directories, files  Allow sharing of sensitive information (credit card numbers) only between browser and server  Ensure that data exchange between browser and server is reliable

Download ppt "Database Security Tampere University of Technology, 2003. 8102300 Introduction to Databases. Oleg Esin."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/20 II. Selected Database Issues Part 1: Security Lecture 2 Lecturer: Chris Clack 3C13/D6.
II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Chapter 19 Security.

Chapter 19 Security.
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
DATABASE ADMINISTRATION AND SECURITY

DATABASE ADMINISTRATION AND SECURITY

Similar presentations

Ads by Google