Security of the database


Published on

If you really want to understand what exactly Database Security is all about,this presentation is yours.
You will understand it just by having one look at the slides.
Presentation contains things which are really simple to understand.

Published in: Education, Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security of the database

  1. 1. Security of the Database A Presentation By_ Pratik Tamgadge 1/14/2014 1
  2. 2. Contents • What is Database Security? • Issues in Database security • How to Secure? – – – – – – Access Control Mechanism Cryptography Backup and Recovery RAID Implementation Views Digital Signatures • Security in Microsoft Access and Oracle DBMS 1/14/2014 2
  3. 3. What is Database Security? • In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. • So do your Database. • As it stores your Personal, Confidential and Critical data. • If we look at the definition part of Database Security , we may say, It’s the mechanism that protects the database against intentional or accidental threats. 1/14/2014 3
  4. 4. Issues in Database Security • Unauthorized access to your Database. • Managing large amount of data which belongs to relatively large organization. • Keeping track of all the authorized Users of the Database. • Physical Security. • Network Security. 1/14/2014 4
  5. 5. Now How You’ll Secure it? Well, these are some basic security measures which you can have to your Databases. Access Control Mechanism » As the name “Access Control” itself describes that this mechanism is all about User’s Access to the Databases. » In this mechanism, we have three kinds of Access Control. 1. Discretionary Access Control 2. Mandatory Access Control. 3. Role based Access Control. 1/14/2014 5
  6. 6. Discretionary Access Control • The word “Discretionary” means to act in a way to avoid the Revealing of Confidential information. • In this method , we can GRANT and REVOKE privileges to different Users of the Database. Now you will think, what is this? GRANT? REVOKE? Privileges? Well, GRANT = “To allow” OR “To give some rights”, REVOKE = “To cancel the GRANT” i.e. “Not to allow” and Privileges = Permissions i.e. various commands like CREATE,UPDATE etc. • • GRANT and REVOKE are Database Commands used to operate Database. We will use these commands like this, » GRANT [Privileges] ON [Database Objects] TO USER [With GRANT Option]; » REVOKE [Privileges] ON [Database Object] FROM USER; 1/14/2014 6
  7. 7. Mandatory Access Control • • • This method provides Multilevel Security by Classifying data and Users into different SECURITY LEVELS. Now in this, Security has its class or level. Implementation of Mandatory Access Control is in, – Government of Nations – Military – Business Intelligence • Mandatory Access Control provides Security for extreme Confidential Information. • Security Classes are like, – – – – • • Top Security (TS) Secret (S) Confidential (C) Unclassified (U) Note : Intensity of Security is like, TS > S > C > U Now you will wonder how security is classified? Well, it is classified using Bell-LaPadula Model. 1/14/2014 7
  8. 8. Role Based Access Control • Roll based Access Control provides Security according to the ROLE of the User who is accessing the Database. • ROLE of the user is created using CREATE command. • Role gives permissions to only authorized users to access the data. • Thus Roles provides security in a smart and simple way. 1/14/2014 8
  9. 9. Cryptography • Cryptography is a way of enclosing the data called Encryption while Sending and disclosing that data called Decryption while it is received. • Have a look at this, 1/14/2014 9
  10. 10. Cryptography contd. • There are two types of Cryptography. – Symmetric Key Cryptography • In this , Both sender and receiver have the same key for Encryption and Decryption. – Asymmetric Key Cryptography • In this , Sender uses Public Key for Encryption and Receiver uses its own Private key for Decryption. 1/14/2014 10
  11. 11. Backup and Recovery • Backup - The process of periodically taking a copy of the database and log file on to offline storage media. • Journaling - The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure. 1/14/2014 11
  12. 12. RAID Implementation RAID i.e. Redundant Array of Inexpensive Disks, is a category of disk drives that employ two or more drives in combination for fault tolerance and Performance. This Array of Disks have levels as follows, • Level 0: Provides data striping (spreading out blocks of each file across multiple disks) but no redundancy. This improves performance but does not deliver fault tolerance. • Level 1: Provides disk mirroring. • Level 2: Error correcting Codes by using Parity Check. • Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It provides good performance and some level of fault tolerance. • Level 4: Uses Block level Stripping which keeps Parity block on a separate disk. • Level 5: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance. • Level 6: P+Q Redundancy Scheme i.e. Stores extra redundant information in case of disk failures. 1/14/2014 12
  13. 13. Views • A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. • The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. 1/14/2014 13
  14. 14. Message Digest Algorithms and Digital Signatures • Message digest algorithm is the one-way hash function that produces a fixed-length string (hash) from an arbitrary-sized message. It’s computationally infeasible that there is another message with the same digest, the digest does not reveal anything about the message. • Digital signature consist of two parts: a string of bits that is computed from the message and the private key of organization. • Digital signature is used to verify that the message comes from this organization. 1/14/2014 14
  15. 15. Security in Microsoft Access and Oracle DBMS Microsoft Access • System level security - password. • User-level security - identification as a member of groups (Administrators and Users), permissions are granted (Open/Run, Read, Update, Delete, etc). Oracle DBMS • System level security - name, password. • User-level security is based on a privilege, i.e a right to execute a particular type of SQL statements or to access another user’s object. • System privileges and object privileges. 1/14/2014 15 End of the Presentation
  16. 16. Thank You! 1/14/2014 16