Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.

Published byEarl O’Neal’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17."— Presentation transcript:

1 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17

2 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke2 Introduction to DB Security v Secrecy: Users should not be able to see things they are not supposed to. – E.g., A student can ’ t see other students ’ grades. v Integrity: Users should not be able to modify things they are not supposed to. – E.g., Only instructors can assign grades. v Availability: Users should be able to see and modify things they are allowed to.

3 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke3 Access Controls v A security policy specifies who is authorized to do what. v A security mechanism allows us to enforce a chosen security policy. v Two main mechanisms at the DBMS level: – Discretionary access control – Mandatory access control

4 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke4 Discretionary Access Control v Based on the concept of access rights or privileges for objects (tables and views), and mechanisms for giving users privileges (and revoking privileges). v Creator of a table or a view automatically gets all privileges on it. – DMBS keeps track of who subsequently gains and loses privileges, and ensures that only requests from users who have the necessary privileges (at the time the request is issued) are allowed.

5 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke5 GRANT Command  The following privileges can be specified:  SELECT : Can read all columns (including those added later via ALTER TABLE command).  INSERT (col-name): Can insert tuples with non-null or non- default values in this column.  INSERT means same right with respect to all columns.  DELETE : Can delete tuples.  REFERENCES (col-name): Can define foreign keys (in other tables) that refer to this column.  If a user has a privilege with the GRANT OPTION, can pass privilege on to other users (with or without passing on the GRANT OPTION ).  Only owner can execute CREATE, ALTER, and DROP. GRANT privileges ON object TO users [WITH GRANT OPTION]

6 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke6 Mandatory Access Control v Based on system-wide policies that cannot be changed by individual users. – Each DB object is assigned a security class. – Each subject (user or user program) is assigned a clearance for a security class. – Rules based on security classes and clearances govern who can read/write which objects. v Most commercial systems do not support mandatory access control. Versions of some DBMSs do support it; used for specialized (e.g., military) applications.

7 Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke7 Why Mandatory Control? v Discretionary control has some flaws, e.g., the Trojan horse problem: – Dick creates Horsie and gives INSERT privileges to Justin (who doesn ’ t know about this). – Dick modifes the code of an application program used by Justin to additionally write some secret data to table Horsie. – Now, Justin can see the secret info. v The modification of the code is beyond the DBMSs control, but it can try and prevent the use of the database as a channel for secret information.

Download ppt "Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Management Systems, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.

Database Management Systems, R. Ramakrishnan and J. Gehrke1 The Relational Model Chapter 3.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Query Security

Database Query Security
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.

Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Database Management System

Database Management System
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Security and Transaction Management Pertemuan 8 Matakuliah: T0413/Current Popular IT II Tahun: 2007.

Security and Transaction Management Pertemuan 8 Matakuliah: T0413/Current Popular IT II Tahun: 2007.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’

A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’

Similar presentations

Ads by Google