Security and Integrity


Published on


  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security and Integrity

  1. 1. Security and Integrity
  2. 2. n Security n Violation n Levels n Authorization n Views n Encryptionn Integrity n Constraints n Triggers 2
  3. 3. Security and Integrityn Security n Protection of the data against unauthorized disclosure or destruction.n Integrity n Maintaining the accuracy or validity of the data 3
  4. 4. Violationn Malicious n Unauthorized reading of data n Unauthorized modification n Unauthorized destructionn Accidental n Crashes n Concurrent access anomalies n Violation of database consistency constraints. 4
  5. 5. Securityn Database system level n Authentication and authorization mechanisms to allow specific users access only to required data n We concentrate on authorization in the first part of this sessionn Operating system level n Operating system super-users can do anything they want to the database! Good operating system level security is required.n Network level: must use encryption to prevent n Eavesdropping (unauthorized reading of messages) n Masquerading (pretending to be an authorized user or5 sending messages supposedly from authorized users)
  6. 6. Security (Cont...)n Physical level n Physical access to computers allows destruction of data by intruders; traditional lock-and-key security is needed n Computers must also be protected from floods, fire, etc.n Human level n Users must be screened to ensure that authorized users do not give access to intruders n Users should be trained on password selection and secrecy 6
  7. 7. AuthorizationForms of authorization on parts of the database:n Read authorization - allows reading, but not modification of data.n Insert authorization - allows insertion of new data, but not modification of existing data.n Update authorization - allows modification, but not deletion of data.n Delete authorization - allows deletion of data 7
  8. 8. Viewsn Users can be given permission on views, without being given any permission on the base table used in the view definitionn Ability of views to hide data serves both to simplify usage of the system and to enhance security by allowing users access only to data they need for their jobn A combination of relational-level security and view- level security can be used to limit a user’s access to precisely the data that user needs. 8
  9. 9. View Examplen Suppose a bank clerk needs to know the names of the customers of each branch, but is not authorized to see specific loan information. n Approach: Deny direct access to the loan base table , but grant access to the view cust-loan, which consists only of the names of customers and the branches at which they have a loan. n The cust-loan view is defined in SQL as follows: create view cust-loan as select branchname, customer-name from borrower, loan where = 9
  10. 10. View Example (Cont.)n The clerk is authorized to see the result of the query: select * from cust-loann When the query processor translates the result into a query on the actual base table in the database, we obtain a query on borrower and loan.n Permission must be checked on the clerk’s query before query processing begins. 10
  11. 11. Permission on Viewsn Creation of view does not require resources authorization since no real relation is being createdn The creator of a view gets only those privileges that provide no additional authorization beyond that he already had.n E.g. if creator of view cust-loan had only read permission on borrower and loan, he gets only read authorization on cust-loan 11
  12. 12. Security Specification in SQLn The grant statement is used to confer authorization grant <privilege list> on <relation name or view name> to <user list>n <user list> is: n a user-id n public, which allows all valid users the privilege granted n A role (more on this later) 12
  13. 13. Delegation of granting privilegen with grant option: allows a user who is granted a privilege to pass the privilege on to other users. n Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant ‘select’ privilege to others U1 can give command Grant select on branch to U2 13
  14. 14. Revoking Authorizationn The revoke statement is used to revoke authorization. revoke<privilege list> on <relation name or view name> from <user list> [restrict|cascade]n Revocation of a privilege from a user may cause other users also to lose that privilege; referred to as cascading of the revoke.n We can prevent cascading by specifying restrict:n revoke select on branch from U1, U2, U3 restrict 14
  15. 15. Encryptionn Data may be encrypted when database authorization provisions do not offer sufficient protection.n Properties of good encryption technique: n Relatively simple for authorized users to encrypt and decrypt data. n Encryption scheme depends not on the secrecy of the algorithm but on the secrecy of a parameter of the algorithm called the encryption key. n Extremely difficult for an intruder to determine the encryption key. 15
  16. 16. To ensure integrity of database Define n Entity constraints (Primary key constraint) n Domain constraints n Referential integrity n Triggers 16
  17. 17. Entity Constraintsn Entity integrity enforcement guarantees that each row in a table is uniquely identified by non-null values contained in its primary key columns.n Integrity constraints guard against accidental damage to the database, by ensuring that authorised changes to the database do not result in the loss of data consistency.n Semantic integrity constraint is concerned with ensuring that the database is correct even though users/programmers try to modify it incorrectly. 17
  18. 18. Domain constraintsn Domain constraints are most elementary form of integrity constraints.n They test values inserted in the databasen Examples n On insertion of item into order_item table the quantity must be greater that 0. n On update the new salary must be greater than old salary. n On insertion a new employee into EMP table value of Manager must exists as an EMP. 18
  19. 19. Referential Integrity in SQL(Cont…) Example n Create table account (AccountNo char(10) not null, BranchName char(15), balance integer, primary key(AccountNo) foreign key(BranchName) references branch) 19
  20. 20. Triggern A Trigger is statement that is executed automatically by the system as a side effect of a modification to the database.n To design a trigger mechanism, we must specify the condition under which trigger is to be executed and action to be taken.n Triggers were standardized in SQL-99 20
  21. 21. Trigger Examplen Suppose that instead of allowing negative account balances, the bank deal with overdrafts by - setting the account balance to zero. - creating loan in the amount of the overdraft. - giving this loan a loan number identical to the account number of the overdraft account.n The condition for executing the trigger is an update to the account relation that results in negative balance value. 21
  22. 22. Triggering Events and Actions in SQLn Triggering event can be insert, delete or updaten Triggers on update can be restricted to specific attributes n E.g. create trigger overdraft-trigger after update of balance on accountn Triggers can be activated before an event, which can serve as extra constraints. E.g. convert blanks to null. create trigger setnull-trigger before update on r referencing new row as nrow for each row when = set number =null 22
  23. 23. Trigger example in SQLcreate trigger overdraft-trigger after update on account referencing new row as nrow for each row when nrow.balance < 0 begin atomic insert into borrower (select customer-name, account-number from depositor where nrow.account-number = depositor.account- number); insert into loan values (n.row.account-number, nrow.branch-name,– nrow.balance); update account set balance = 0 where account.account-number = nrow.account-number end 23