What is Database Security?
Database Security is the mechanism that protect the
database against intentional or accidental threats.
Security policy describes the security measures
Security mechanisms of the underlying DBMS must
be utilized to enforce the policy.
Minaxi & Jignasha 3/24
Security curriculum is relatively light in database
Focus currently on protecting information through
network configuration, systems administration,
Need to specifically consider database system security
Minaxi & Jignasha 4/24
Understand security issues in:
a general database system environment
a specific DBMS (Oracle) environment
Consider database security issues in context of general
security principles and ideas
Consider issues relating to both database storage and
database system communication with other
Minaxi & Jignasha 5/24
Database system security is more than securing the
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to database
• Secure web server in relation to database system
• Secure network environment in relation to
Minaxi & Jignasha 6/24
We consider database security in relation to the
- Theft and Fraud
- Loss of confidentiality
- Loss of privacy
- Loss of integrity
- Loss of availability
Minaxi & Jignasha 7/24
Data Security Lifecycle
Minaxi & Jignasha 8/24
Threat is any intentional or accidental event that
may adversely affect the system.
Examples of threats:
- Using another person’s log-in name to
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
Minaxi & Jignasha 9/24
A Countermeasures is an action that you take on
order to weaken the effect of another action, a
situation, or to make it harmless.
Because the threat never developed, We didn’t need
to take any real countermeasures.
Minaxi & Jignasha 10/24
The granting of a privilege that enable a user to have
a legitimate access to a system.
They are sometimes referred as access controls.
The process of authorization involves authenticating
the user requesting access to objects.
Minaxi & Jignasha 12/24
Means a mechanism that determines whether a user
is who he/she claim to be.
A system administrator is responsible for allowing
users to have access to the system by creating
individual user accounts.
Minaxi & Jignasha 13/24
Four Authenticating Users to the Database:
1)Introduction to User Authentication
2)password for Authentication
4)Proxy Authentication and Authorization
Minaxi & Jignasha 14/24
A view is virtual relation that does not actually exit in
the database, but is produced upon request by a
particular user, at the time of request.
The view mechanism provides a powerful and
flexible security mechanism by hiding parts of the
database from certain users.
The user is not aware of the existence of any
attributes or rows that are missing from the view.
Minaxi & Jignasha 15/24
Backup and Recovery
DBMS should provide backup facilities to assist with
the recovery of a database failure.
backup and recovery refers to the various strategies
and procedures involved in protecting your database
against data loss and reconstructing the database
after any kind of data loss.
Minaxi & Jignasha 16/24
Backups can be divided into physical backups and
Backup have two distinct purpose:
1)Primary purpose is to recover data After it’s loss,
be it by data deletion or corruption.
2)Secondary purpose of backup is to recover data
from an earlier time.
Minaxi & Jignasha 17/24
Data integrity is a fundamental component of
Maintaining a secure database system by preventing
data from becoming invalid.
Only authorized users should be allowed to modify
Numeric columns should not accept alphabetic data.
For example, students
Minaxi & Jignasha 18/24
The encoding of data by a special algorithm that
renders the data unreadable by any program without
the decryption key.
It also protects the data transmitted over
Minaxi & Jignasha 19/24
A privilege allows a user to access some data object
in a certain manner (e.g., to read or to modify).
SQL-92 supports access control through GRANT and
GRANT command: Give users privileges to base
tables and views.
REVOKE command: intended to achieve the reverse,
to withdraw the granted privilege from the user.
Minaxi & Jignasha 20/24
Grant and Revoke
GRANT SELECT ON
GRANT SELECT ON Employee
WITH GRANT OPTION
given to Black
Brown does not want
Red to access the
Employee relationGRANT UPDATE(Salary) ON
Employee TO White
Minaxi & Jignasha 21/24
Redundant Array of Independent Disks
The DBMS is running on must be fault-tolerant,
meaning that the DBMS should continue to operate
even if one of the hardware components fails.
One solution is the use of RAID technology.
RAID works on having a large disk array comprising
an arrangement of several independent disks that are
organized to improve reliability and at the same time
Minaxi & Jignasha 22/24