Submitted By: MD. Arafat Hossen ID: UG-02-22-09-012 Dept. of CSE Submitted To: Fernaz Nawrin Nur Lecturer Dept. Of CSE
Electronic commerce, commonly known as e- commerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Electronic commerce draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing,etc…
Introduction to security issues Mechanisms used to grant and revoke privilege in relational database in SQL An overview of the mechanisms for enforcing multiple levels of security Briefly discusses the security problem in statistical database Introduces flow control and mentions problems associated with convert channels. A brief summary of encryption and public key infrastructure schemes.
Types of Security • Legal and ethical issues regarding the right to access certain information. In US there are many laws governing privacy of information. • Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical records • System-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels. • The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.
Threatsto database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. • Loss of integrity • Loss of availability • Loss of confidentially
Database threats: E-commerce systems store user data and retrieve product information from databases connected to the web-server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non-secure way. If someone obtains user authentication information, then he or she can pretext as a legal database user and reveal private and costly information.
Integrity refer to requirement that information be protected from improper modification. Modification of data includes • Creation • Insertion • Modification • Deletion • Change the status of data Integrity is lost if unauthorized changes are make to the data by either intentional or accidental acts. If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision
Database availability refers to making objects available to human user or a program to which they have a legitimate right
Database confidentially refers to the protection of data from unauthorized disclosure. The impact range from • Violent of data privacy act to the damage of national security Unauthorized could result in loss of public confidence, embarrassment, or legal action against the organization.
Toprotect database against these types of 4 kinds of countermeasures can be implemented: • Access control • Inference control • Flow control • Encryption • Backup the Database regularly
Thank You Teacher and Class Any Questions????