Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Database security


Published on

Negative database for data security....

Published in: Education, Technology

Database security

  1. 1. NEGATIVE DATABASE FOR DATA SECURITY Shivnandan Singh Chauhan Mtech (CSE) 1201102021 5/27/2014 1 ShivnandanSingh
  2. 2. DATABASE  A database is an organized collection of data. The data is typically organized to model relevant aspects of reality in a way that supports processes requiring this information. 5/27/2014 2 ShivnandanSingh
  3. 3. NEGATIVE DATABASE  A negative database can be defined as a database that contains huge amount of data which consists of counterfeit data along with the actual data.  A few approaches that describe this concept have been proposed but have not yet been implemented to work for real world databases. 5/27/2014 3 ShivnandanSingh
  4. 4. DATABASE SECURITY IMPORTANCE  Database Security has become an important issue in today’s world. Organizations have become highly dependent on the database for their daily operations.  The objective of database security is to prevent undesired information disclosure and modification of data while ensuring the availability of the necessary service. With the increase in the use of World Wide Web in recent years emphasize the web database security. 5/27/2014 4 ShivnandanSingh
  5. 5. CLASSIFICATION SCHEME In best of my knowledge database security are classified based on the type of information security and models.  Encryption  Negative Database  Web-based Database Security  Authentication and Access Control  Timeliness and Security in Real-time Database Systems  Testing Schemes for SQL Injections 5/27/2014 5 ShivnandanSingh
  6. 6. ENCRYPTION  This is the process of transforming plain text information using encryption algorithms (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.  The traditional database systems using plain text have many threats of data corruption and collapse of database. To avoid these threats, the data is stored in encrypted form in the database. 5/27/2014 6 ShivnandanSingh
  7. 7. WEB-BASED DATABASE SECURITY  Some Methods are proposed to establish security of Web database against illegitimate intrusion.  The data transmission from server to the client should be in a secured way (use Secure Socket Layer).  Host identity of an end system should be authenticated. 5/27/2014 7 ShivnandanSingh
  8. 8. TESTING SCHEMES FOR SQL INJECTIONS  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. 5/27/2014 8 ShivnandanSingh
  9. 9. TESTING SCHEME TO STOP SQL INJECTIONS IN THE BEGINNING  Database Security Testing Scheme to detect potential input points of SQL injection, automatically generate test cases and find vulnerability of databases by running these test cases to make a simulation attack to an application. 5/27/2014 9 ShivnandanSingh
  10. 10. CONCEPT OF NEGATIVE DATABASE TO HELP PREVENT DATA THEFT A framework which manipulates the original data and stores it in a database. This framework mainly consists of four modules  Database catching  Virtual database encryption  Database Encryption algorithm  Negative Database conversion algorithm. 5/27/2014 10 ShivnandanSingh
  11. 11. ARCHITECTURE 5/27/2014 11 ShivnandanSingh
  12. 12. DATABASE CACHING  In our framework we are using system-derived timestamps as keys. Thus the complexity of the database caching algorithm O(n), when the whole database needs to be searched for a particular tuple. 5/27/2014 12 ShivnandanSingh
  13. 13. VIRTUAL DATABASE ENCRYPTION  This layer depends on the timestamp generation and the conversion of the data into ASCII values. Thus the computation time is O(n) where n is the length of the used password. 5/27/2014 13 ShivnandanSingh
  14. 14. AUTHENTICATION AND ACCESS CONTROL  Authentication is used to check properly the identity of the user and Access Control controls the user actions or operations. Access Control gives different privileges to different authenticated users. 5/27/2014 14 ShivnandanSingh
  15. 15. Questions or Comments? 5/27/2014 15 ShivnandanSingh