Database Security


Published on

Published in: Education
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Database Security

  1. 1. Presentation on Database Security Submitted to:Charmi Purohit Prepared By: Kumbhani Minaxi Limbasiya Jignasha Minaxi & Jignasha 1/24 Database Security
  2. 2. Index  Definition  Data security Lifecycle  Countermeasures - Authorization - Views - Backup And Recovery - Integrity - Encryption - RAID Technology Minaxi & Jignasha 2/24 Database Security
  3. 3. What is Database Security?  Database Security is the mechanism that protect the database against intentional or accidental threats.  Security policy describes the security measures enforced.  Security mechanisms of the underlying DBMS must be utilized to enforce the policy. Minaxi & Jignasha 3/24 Database Security
  4. 4. Requirements Security curriculum is relatively light in database systems area Focus currently on protecting information through network configuration, systems administration, application security Need to specifically consider database system security issues Minaxi & Jignasha 4/24 Database Security
  5. 5. Goals Understand security issues in: a general database system environment a specific DBMS (Oracle) environment Consider database security issues in context of general security principles and ideas Consider issues relating to both database storage and database system communication with other applications Minaxi & Jignasha 5/24 Database Security
  6. 6. Main Message  Database system security is more than securing the database • Secure database • Secure DBMS • Secure applications/application development • Secure operating system in relation to database system • Secure web server in relation to database system • Secure network environment in relation to database system Minaxi & Jignasha 6/24 Database Security
  7. 7. Purpose  We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality - Loss of privacy - Loss of integrity - Loss of availability Minaxi & Jignasha 7/24 Database Security
  8. 8. Data Security Lifecycle Minaxi & Jignasha 8/24 Database Security
  9. 9. Threat  Threat is any intentional or accidental event that may adversely affect the system.  Examples of threats: - Using another person’s log-in name to access data - Unauthorized copying data - Program/Data alteration - Illegal entry by hacker - Viruses Minaxi & Jignasha 9/24 Database Security
  10. 10. Countermeasures  A Countermeasures is an action that you take on order to weaken the effect of another action, a situation, or to make it harmless.  Because the threat never developed, We didn’t need to take any real countermeasures. Minaxi & Jignasha 10/24 Database Security
  11. 11. Countermeasures  Computer-Based Controls: - Authorization - Authenticating - Views - Backup and Recovery - Integrity - Encryption - Privileges,Roles,GrantRevoke - RAID Technology Minaxi & Jignasha 11/24 Database Security
  12. 12. Authorization  The granting of a privilege that enable a user to have a legitimate access to a system.  They are sometimes referred as access controls.  The process of authorization involves authenticating the user requesting access to objects. Minaxi & Jignasha 12/24 Database Security
  13. 13. Authenticating  Means a mechanism that determines whether a user is who he/she claim to be.  A system administrator is responsible for allowing users to have access to the system by creating individual user accounts. Minaxi & Jignasha 13/24 Database Security
  14. 14.  Four Authenticating Users to the Database: 1)Introduction to User Authentication 2)password for Authentication 3)Strong Authentication 4)Proxy Authentication and Authorization Minaxi & Jignasha 14/24 Database Security
  15. 15. Views  A view is virtual relation that does not actually exit in the database, but is produced upon request by a particular user, at the time of request.  The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users.  The user is not aware of the existence of any attributes or rows that are missing from the view. Minaxi & Jignasha 15/24 Database Security
  16. 16. Backup and Recovery  DBMS should provide backup facilities to assist with the recovery of a database failure.  backup and recovery refers to the various strategies and procedures involved in protecting your database against data loss and reconstructing the database after any kind of data loss. Minaxi & Jignasha 16/24 Database Security
  17. 17.  Backups can be divided into physical backups and logical backups.  Backup have two distinct purpose: 1)Primary purpose is to recover data After it’s loss, be it by data deletion or corruption. 2)Secondary purpose of backup is to recover data from an earlier time. Minaxi & Jignasha 17/24 Database Security
  18. 18. Integrity  Data integrity is a fundamental component of information security.  Maintaining a secure database system by preventing data from becoming invalid.  Only authorized users should be allowed to modify data.  Numeric columns should not accept alphabetic data.  For example, students Minaxi & Jignasha 18/24 Database Security
  19. 19. Encryption  The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key.  It also protects the data transmitted over communication lines. Plain-Data Encrypted Data Algorithm and Password Minaxi & Jignasha 19/24 Database Security
  20. 20. privilege  A privilege allows a user to access some data object in a certain manner (e.g., to read or to modify).  SQL-92 supports access control through GRANT and REVOKE commands.  GRANT command: Give users privileges to base tables and views.  REVOKE command: intended to achieve the reverse, to withdraw the granted privilege from the user. Minaxi & Jignasha 20/24 Database Security
  21. 21. Grant and Revoke Black Brown (owner) Red White GRANT SELECT ON Employee TO Red GRANT SELECT ON Employee TO Black WITH GRANT OPTION ? Brown revokes grant given to Black ? Brown does not want Red to access the Employee relationGRANT UPDATE(Salary) ON Employee TO White Minaxi & Jignasha 21/24 Database Security
  22. 22. RAID Technology  Redundant Array of Independent Disks  The DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. One solution is the use of RAID technology.  RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance. Minaxi & Jignasha 22/24 Database Security
  23. 23. References    Minaxi & Jignasha 23/24 Database Security