This document discusses database security. It introduces common threats to databases like loss of confidentiality, integrity and availability. The key database security requirements are then outlined as confidentiality, integrity, availability and non-repudiation. Two main types of access control are described - discretionary access control (DAC) using privileges and mandatory access control (MAC) using security classifications. The role of the database administrator to implement access controls is also discussed.
This document discusses database security and various techniques used to protect databases. It covers four main countermeasures: access control, inference control, flow control, and encryption. Access control includes discretionary access control (DAC) using privileges and mandatory access control (MAC) using security levels. DAC is enforced through granting and revoking SQL privileges at both the account and relation levels. MAC enforces the simple security and star properties based on subject and object security classes. The document also discusses data encryption techniques like DES and AES, as well as symmetric and public key encryption algorithms. The database administrator plays a key role in managing security and assigning privileges.
Database Management System Security.pptxRoshni814224
A security policy specifies who can access what in a database. Access control mechanisms enforce this policy. The two main mechanisms at the DBMS level are discretionary access control and mandatory access control. Discretionary access control is based on access privileges for database objects like tables and views. Mandatory access control assigns security classes to objects and clearances to users, governing access based on these classifications. Most commercial databases only support discretionary access control.
The document discusses various topics related to database security including discretionary access control based on granting and revoking privileges, mandatory access control and role-based access control for multilevel security, statistical database security, flow control, encryption, and public key infrastructures. It provides examples of how discretionary access control works by granting privileges to users and revoking privileges. It also describes how mandatory access control enforces multilevel security by classifying data and users into security classes and how role-based access control associates permissions with roles.
The document discusses database security. It covers types of security like access control, inference control, flow control and encryption. It describes threats like loss of integrity, availability and confidentiality. It also discusses discretionary and mandatory security mechanisms, and the role of the database administrator in managing security through creating user accounts, assigning privileges, and performing audits. Specific security techniques covered include access control lists, views, privilege propagation using grants, and revoking privileges.
Database Security Introduction,Methods for database security
Discretionary access control method
Mandatory access control
Role base access control for multilevel security.
Use of views in security enforcement
This document discusses SQL security concepts including users, database objects, privileges, and how the security scheme is established. It defines users as those making requests to the database, database objects as items security can be applied to like tables and views, and privileges as actions users can perform on objects like select, insert, update, delete. The security scheme is established using GRANT and REVOKE statements to specify which users have which privileges on which database objects. Views can also be used to restrict user access to only selected data. Examples show granting and revoking privileges on different database objects for various users.
security and privacy in dbms and in sql databasegourav kottawar
This document discusses database security and privacy. It covers various topics related to database security such as discretionary access control using privileges, mandatory access control for multilevel security, encryption, and public key infrastructures. It also discusses legal and ethical issues regarding access to information, and threats to database security goals like integrity, availability and confidentiality of data. Common security mechanisms like access control, flow control and encryption are described for protecting databases against security threats.
This document discusses database security and various techniques used to protect databases. It covers four main countermeasures: access control, inference control, flow control, and encryption. Access control includes discretionary access control (DAC) using privileges and mandatory access control (MAC) using security levels. DAC is enforced through granting and revoking SQL privileges at both the account and relation levels. MAC enforces the simple security and star properties based on subject and object security classes. The document also discusses data encryption techniques like DES and AES, as well as symmetric and public key encryption algorithms. The database administrator plays a key role in managing security and assigning privileges.
Database Management System Security.pptxRoshni814224
A security policy specifies who can access what in a database. Access control mechanisms enforce this policy. The two main mechanisms at the DBMS level are discretionary access control and mandatory access control. Discretionary access control is based on access privileges for database objects like tables and views. Mandatory access control assigns security classes to objects and clearances to users, governing access based on these classifications. Most commercial databases only support discretionary access control.
The document discusses various topics related to database security including discretionary access control based on granting and revoking privileges, mandatory access control and role-based access control for multilevel security, statistical database security, flow control, encryption, and public key infrastructures. It provides examples of how discretionary access control works by granting privileges to users and revoking privileges. It also describes how mandatory access control enforces multilevel security by classifying data and users into security classes and how role-based access control associates permissions with roles.
The document discusses database security. It covers types of security like access control, inference control, flow control and encryption. It describes threats like loss of integrity, availability and confidentiality. It also discusses discretionary and mandatory security mechanisms, and the role of the database administrator in managing security through creating user accounts, assigning privileges, and performing audits. Specific security techniques covered include access control lists, views, privilege propagation using grants, and revoking privileges.
Database Security Introduction,Methods for database security
Discretionary access control method
Mandatory access control
Role base access control for multilevel security.
Use of views in security enforcement
This document discusses SQL security concepts including users, database objects, privileges, and how the security scheme is established. It defines users as those making requests to the database, database objects as items security can be applied to like tables and views, and privileges as actions users can perform on objects like select, insert, update, delete. The security scheme is established using GRANT and REVOKE statements to specify which users have which privileges on which database objects. Views can also be used to restrict user access to only selected data. Examples show granting and revoking privileges on different database objects for various users.
security and privacy in dbms and in sql databasegourav kottawar
This document discusses database security and privacy. It covers various topics related to database security such as discretionary access control using privileges, mandatory access control for multilevel security, encryption, and public key infrastructures. It also discusses legal and ethical issues regarding access to information, and threats to database security goals like integrity, availability and confidentiality of data. Common security mechanisms like access control, flow control and encryption are described for protecting databases against security threats.
Security Violations,Reasons of Security violation are,security measures,Authorization,form of authorization,Difference between drop and delete authorization ,Authorization and Views,View example ,View Query ,Granting of Privileges,Example of Granting of Privileges,Example of Granting of Privileges,Authorization grant graph ,Notion of Roles,Audit Trails ,Audit Trails ,Authorization in SQL,Read Authorization ,Update authorization ,Role creation ,The Privilege to Grant Privileges ,revoke an authorization,Cascading of Revoke
This document discusses discretionary access control in database systems through granting and revoking privileges at both the account and relational levels. It describes how privileges can be assigned and propagated through accounts, as well as techniques for limiting propagation like horizontal and vertical limits. Key points covered include the use of views to restrict access, revoking privileges to prevent further propagation, and specifying limits on propagation to control privilege spread.
This document discusses database security and privacy. It covers various types of security including discretionary access control based on granting and revoking privileges, mandatory access control and role-based access control. It also discusses threats to database security such as loss of integrity, availability and confidentiality. Methods to protect against these threats include access control, flow control, encryption and decryption. The document also covers public key infrastructure and encryption standards such as DES and AES.
Database security and security in networksG Prachi
The document discusses database security and network security, including security requirements for databases like reliability, integrity and access control, threats in networks like firewalls and intrusion detection systems, and issues around sensitive data in databases like inference where sensitive data can be deduced from aggregate queries and statistical databases. It also covers security models for databases including discretionary access control using views, roles and privileges and mandatory access control using security labels.
Data modeling is the process of exploring data structures and relationships. It involves identifying entity types, attributes, relationships and applying normalization. Conceptual, logical and physical data models are used at different stages of the design process. Database security involves techniques like access control, encryption and firewalls to protect data confidentiality, integrity and availability. Issues like SQL injection occur when user input is not sanitized before passing to the database.
Triggers allow applications to monitor and respond to database events. They execute automatically in response to data manipulation language (DML) statements like insert, update, delete or database definition language (DDL) statements like create, alter, drop. Triggers enforce business rules, data integrity, auditing and more. They are defined on tables, views, schemas or databases and specify when they are executed based on events and optional conditions. Triggers can update or insert data, prevent invalid transactions and maintain referential integrity across distributed databases.
This document discusses database security. It covers access protection through user accounts and audits. It also describes different access control methods like discretionary access control, mandatory access control and role-based access control. Discretionary access control allows owners to grant and revoke access to objects. Mandatory access control assigns security levels and clearances to subjects and objects. The document also briefly mentions encryption and inference control for database protection.
This document discusses implementing security for Oracle databases. It covers DBA responsibilities like applying the principle of least privilege and enabling standard auditing. It describes specifying audit options, reviewing audit information, and maintaining the audit trail. Industry regulations and security best practices for authentication, authorization, monitoring, and patching are also outlined.
The document provides an overview of DB2 security features including authorization, authentication, LBAC, RCAC, backup and recovery, data encryption, trusted contexts, and InfoSphere data replication. It discusses authorization at the instance, database, and object levels and covers row and column access controls. The document also outlines different data encryption options in DB2, backup approaches, and trusted connections. It concludes with references for further information.
This chapter discusses database security and authorization. It covers types of database security including access control, discretionary access control through granting and revoking privileges, and mandatory access control. It also discusses statistical database security, flow control, and encryption. The chapter outlines the role of the database administrator in managing security and authorization, including creating user accounts, granting privileges, and performing audits. It describes different types of privileges that can be granted at the account and relation levels.
International Journal of Engineering Inventions (IJEI) provides a multidisciplinary passage for researchers, managers, professionals, practitioners and students around the globe to publish high quality, peer-reviewed articles on all theoretical and empirical aspects of Engineering and Science.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
This document discusses database security and the use of GRANT and REVOKE statements in SQL. It defines authorization identifiers as database users assigned by the DBA. The owner of an object can grant privileges on it to other users using GRANT, and revoke those privileges using REVOKE. GRANT allows specifying privileges like SELECT, INSERT, UPDATE, DELETE etc. and REVOKE removes privileges that were previously granted. Both statements identify the user or users, object, and privileges involved.
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
This document provides an overview of database integrity and security concepts. It discusses domain constraints and referential integrity, which enforce data validity. It then covers database security topics like authentication, access control using methods like discretionary access control and mandatory access control. Role-based access control is described for assigning user permissions. The use of views for security enforcement and an overview of encryption techniques like symmetric and public key encryption are also summarized. The document is presented as part of a course on database concepts by an assistant professor.
The document discusses controlling user access in an Oracle database. It covers creating users and roles to manage privileges, using GRANT and REVOKE statements to assign and remove privileges, and creating database links to access data on remote databases. Key topics include granting system and object privileges to users and roles, revoking privileges, and using data dictionary views to check privileges.
The document discusses Oracle Database Vault, which provides an integrated security framework to control access to databases based on factors like network, users, privileges, roles, and SQL commands. It achieves separation of duties and prevents misuse of powerful privileges. Database Vault enforces compliance requirements and supports database consolidation while requiring no application changes and having minimal performance impact.
Access Control Facilities in Oracle Database 11g r2Amin Saqi
The document discusses access control facilities in Oracle Database 11gR2. It describes how user groups can be implemented through profiles or roles. Hierarchical role-based access control and role-based access control with separation of duty using Oracle Database Vault are also covered. The document outlines how time-based and location-based access constraints can be achieved and discusses cascading revocation and conflict resolution. Mandatory access control using Oracle Label Security and tools for administering access policies are also introduced.
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
Security Implementation Mechanisms
The characteristics of an application should be considered when deciding the layer and type of security to be provided for applications. The following sections discuss the characteristics of the common mechanisms that can be used to secure Java EE applications. Each of these mechanisms can be used individually or with others to provide protection layers based on the specific needs of your implementation.
Java SE Security Implementation Mechanisms
Java SE provides support for a variety of security features and mechanisms, including:
Java Authentication and Authorization Service (JAAS): JAAS is a set of APIs that enable services to authenticate and enforce access controls upon users. JAAS provides a pluggable and extensible framework for programmatic user authentication and authorization. JAAS is a core Java SE API and is an underlying technology for Java EE security mechanisms.
Java Generic Security Services (Java GSS-API): Java GSS-API is a token-based API used to securely exchange messages between communicating applications. The GSS-API offers application programmers uniform access to security services atop a variety of underlying security mechanisms, including Kerberos.
Java Cryptography Extension (JCE): JCE provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. Block ciphers operate on groups of bytes while stream ciphers operate on one byte at a time. The software also supports secure streams and sealed objects.
Java Secure Sockets Extension (JSSE): JSSE provides a framework and an implementation for a Java version of the SSL and TLS protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication to enable secure Internet communications.
Simple Authentication and Security Layer (SASL): SASL is an Internet standard (RFC 2222) that specifies a protocol for authentication and optional establishment of a security layer between client and server applications. SASL defines how authentication data is to be exchanged but does not itself specify the contents of that data. It is a framework into which specific authentication mechanisms that specify the contents and semantics of the authentication data can fit.
This document provides an overview of administering user security in a database. It covers how to create and manage database user accounts by authenticating users, assigning default tablespaces, granting and revoking privileges, and creating and managing roles. It also discusses how to create and manage profiles to implement standard password security features and control resource usage by users. The predefined SYS and SYSTEM accounts and their privileges are described. Methods for unlocking user accounts, assigning privileges to roles, and assigning roles to users are also summarized.
The document discusses various security concepts in SAP BI 7 including differences from BW 3.x, restricting reporting user access, authorization trace, creation and assignment of analysis authorizations, securing access to workbooks, additional security features in BI 7 like analysis authorizations and new authorization objects. It provides details on securing data access at different levels like InfoCube, characteristic, and key figure and describes options for securing data access like using queries or info objects.
The document discusses DB2 security concepts including authentication, authorization, administrative authorities, and database object privileges. It describes how authentication can be configured on the server and client. The major DB2 administrative authorities like SYSADM, SYSCTRL, and DBADM are explained along with how privileges can be granted and revoked for database objects, schemas, tables, indexes, and packages. Examples are provided for granting privileges using SQL statements. The document also includes a case study about troubleshooting a user not having insert privileges on a table.
Security Violations,Reasons of Security violation are,security measures,Authorization,form of authorization,Difference between drop and delete authorization ,Authorization and Views,View example ,View Query ,Granting of Privileges,Example of Granting of Privileges,Example of Granting of Privileges,Authorization grant graph ,Notion of Roles,Audit Trails ,Audit Trails ,Authorization in SQL,Read Authorization ,Update authorization ,Role creation ,The Privilege to Grant Privileges ,revoke an authorization,Cascading of Revoke
This document discusses discretionary access control in database systems through granting and revoking privileges at both the account and relational levels. It describes how privileges can be assigned and propagated through accounts, as well as techniques for limiting propagation like horizontal and vertical limits. Key points covered include the use of views to restrict access, revoking privileges to prevent further propagation, and specifying limits on propagation to control privilege spread.
This document discusses database security and privacy. It covers various types of security including discretionary access control based on granting and revoking privileges, mandatory access control and role-based access control. It also discusses threats to database security such as loss of integrity, availability and confidentiality. Methods to protect against these threats include access control, flow control, encryption and decryption. The document also covers public key infrastructure and encryption standards such as DES and AES.
Database security and security in networksG Prachi
The document discusses database security and network security, including security requirements for databases like reliability, integrity and access control, threats in networks like firewalls and intrusion detection systems, and issues around sensitive data in databases like inference where sensitive data can be deduced from aggregate queries and statistical databases. It also covers security models for databases including discretionary access control using views, roles and privileges and mandatory access control using security labels.
Data modeling is the process of exploring data structures and relationships. It involves identifying entity types, attributes, relationships and applying normalization. Conceptual, logical and physical data models are used at different stages of the design process. Database security involves techniques like access control, encryption and firewalls to protect data confidentiality, integrity and availability. Issues like SQL injection occur when user input is not sanitized before passing to the database.
Triggers allow applications to monitor and respond to database events. They execute automatically in response to data manipulation language (DML) statements like insert, update, delete or database definition language (DDL) statements like create, alter, drop. Triggers enforce business rules, data integrity, auditing and more. They are defined on tables, views, schemas or databases and specify when they are executed based on events and optional conditions. Triggers can update or insert data, prevent invalid transactions and maintain referential integrity across distributed databases.
This document discusses database security. It covers access protection through user accounts and audits. It also describes different access control methods like discretionary access control, mandatory access control and role-based access control. Discretionary access control allows owners to grant and revoke access to objects. Mandatory access control assigns security levels and clearances to subjects and objects. The document also briefly mentions encryption and inference control for database protection.
This document discusses implementing security for Oracle databases. It covers DBA responsibilities like applying the principle of least privilege and enabling standard auditing. It describes specifying audit options, reviewing audit information, and maintaining the audit trail. Industry regulations and security best practices for authentication, authorization, monitoring, and patching are also outlined.
The document provides an overview of DB2 security features including authorization, authentication, LBAC, RCAC, backup and recovery, data encryption, trusted contexts, and InfoSphere data replication. It discusses authorization at the instance, database, and object levels and covers row and column access controls. The document also outlines different data encryption options in DB2, backup approaches, and trusted connections. It concludes with references for further information.
This chapter discusses database security and authorization. It covers types of database security including access control, discretionary access control through granting and revoking privileges, and mandatory access control. It also discusses statistical database security, flow control, and encryption. The chapter outlines the role of the database administrator in managing security and authorization, including creating user accounts, granting privileges, and performing audits. It describes different types of privileges that can be granted at the account and relation levels.
International Journal of Engineering Inventions (IJEI) provides a multidisciplinary passage for researchers, managers, professionals, practitioners and students around the globe to publish high quality, peer-reviewed articles on all theoretical and empirical aspects of Engineering and Science.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
This document discusses database security and the use of GRANT and REVOKE statements in SQL. It defines authorization identifiers as database users assigned by the DBA. The owner of an object can grant privileges on it to other users using GRANT, and revoke those privileges using REVOKE. GRANT allows specifying privileges like SELECT, INSERT, UPDATE, DELETE etc. and REVOKE removes privileges that were previously granted. Both statements identify the user or users, object, and privileges involved.
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
This document provides an overview of database integrity and security concepts. It discusses domain constraints and referential integrity, which enforce data validity. It then covers database security topics like authentication, access control using methods like discretionary access control and mandatory access control. Role-based access control is described for assigning user permissions. The use of views for security enforcement and an overview of encryption techniques like symmetric and public key encryption are also summarized. The document is presented as part of a course on database concepts by an assistant professor.
The document discusses controlling user access in an Oracle database. It covers creating users and roles to manage privileges, using GRANT and REVOKE statements to assign and remove privileges, and creating database links to access data on remote databases. Key topics include granting system and object privileges to users and roles, revoking privileges, and using data dictionary views to check privileges.
The document discusses Oracle Database Vault, which provides an integrated security framework to control access to databases based on factors like network, users, privileges, roles, and SQL commands. It achieves separation of duties and prevents misuse of powerful privileges. Database Vault enforces compliance requirements and supports database consolidation while requiring no application changes and having minimal performance impact.
Access Control Facilities in Oracle Database 11g r2Amin Saqi
The document discusses access control facilities in Oracle Database 11gR2. It describes how user groups can be implemented through profiles or roles. Hierarchical role-based access control and role-based access control with separation of duty using Oracle Database Vault are also covered. The document outlines how time-based and location-based access constraints can be achieved and discusses cascading revocation and conflict resolution. Mandatory access control using Oracle Label Security and tools for administering access policies are also introduced.
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
Security Implementation Mechanisms
The characteristics of an application should be considered when deciding the layer and type of security to be provided for applications. The following sections discuss the characteristics of the common mechanisms that can be used to secure Java EE applications. Each of these mechanisms can be used individually or with others to provide protection layers based on the specific needs of your implementation.
Java SE Security Implementation Mechanisms
Java SE provides support for a variety of security features and mechanisms, including:
Java Authentication and Authorization Service (JAAS): JAAS is a set of APIs that enable services to authenticate and enforce access controls upon users. JAAS provides a pluggable and extensible framework for programmatic user authentication and authorization. JAAS is a core Java SE API and is an underlying technology for Java EE security mechanisms.
Java Generic Security Services (Java GSS-API): Java GSS-API is a token-based API used to securely exchange messages between communicating applications. The GSS-API offers application programmers uniform access to security services atop a variety of underlying security mechanisms, including Kerberos.
Java Cryptography Extension (JCE): JCE provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. Block ciphers operate on groups of bytes while stream ciphers operate on one byte at a time. The software also supports secure streams and sealed objects.
Java Secure Sockets Extension (JSSE): JSSE provides a framework and an implementation for a Java version of the SSL and TLS protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication to enable secure Internet communications.
Simple Authentication and Security Layer (SASL): SASL is an Internet standard (RFC 2222) that specifies a protocol for authentication and optional establishment of a security layer between client and server applications. SASL defines how authentication data is to be exchanged but does not itself specify the contents of that data. It is a framework into which specific authentication mechanisms that specify the contents and semantics of the authentication data can fit.
This document provides an overview of administering user security in a database. It covers how to create and manage database user accounts by authenticating users, assigning default tablespaces, granting and revoking privileges, and creating and managing roles. It also discusses how to create and manage profiles to implement standard password security features and control resource usage by users. The predefined SYS and SYSTEM accounts and their privileges are described. Methods for unlocking user accounts, assigning privileges to roles, and assigning roles to users are also summarized.
The document discusses various security concepts in SAP BI 7 including differences from BW 3.x, restricting reporting user access, authorization trace, creation and assignment of analysis authorizations, securing access to workbooks, additional security features in BI 7 like analysis authorizations and new authorization objects. It provides details on securing data access at different levels like InfoCube, characteristic, and key figure and describes options for securing data access like using queries or info objects.
The document discusses DB2 security concepts including authentication, authorization, administrative authorities, and database object privileges. It describes how authentication can be configured on the server and client. The major DB2 administrative authorities like SYSADM, SYSCTRL, and DBADM are explained along with how privileges can be granted and revoked for database objects, schemas, tables, indexes, and packages. Examples are provided for granting privileges using SQL statements. The document also includes a case study about troubleshooting a user not having insert privileges on a table.
Job Finding Apps Everything You Need to Know in 2024SnapJob
SnapJob is revolutionizing the way people connect with work opportunities and find talented professionals for their projects. Find your dream job with ease using the best job finding apps. Discover top-rated apps that connect you with employers, provide personalized job recommendations, and streamline the application process. Explore features, ratings, and reviews to find the app that suits your needs and helps you land your next opportunity.
Leadership Ambassador club Adventist modulekakomaeric00
Aims to equip people who aspire to become leaders with good qualities,and with Christian values and morals as per Biblical teachings.The you who aspire to be leaders should first read and understand what the ambassador module for leadership says about leadership and marry that to what the bible says.Christians sh
Resumes, Cover Letters, and Applying OnlineBruce Bennett
This webinar showcases resume styles and the elements that go into building your resume. Every job application requires unique skills, and this session will show you how to improve your resume to match the jobs to which you are applying. Additionally, we will discuss cover letters and learn about ideas to include. Every job application requires unique skills so learn ways to give you the best chance of success when applying for a new position. Learn how to take advantage of all the features when uploading a job application to a company’s applicant tracking system.
5 Common Mistakes to Avoid During the Job Application Process.pdfAlliance Jobs
The journey toward landing your dream job can be both exhilarating and nerve-wracking. As you navigate through the intricate web of job applications, interviews, and follow-ups, it’s crucial to steer clear of common pitfalls that could hinder your chances. Let’s delve into some of the most frequent mistakes applicants make during the job application process and explore how you can sidestep them. Plus, we’ll highlight how Alliance Job Search can enhance your local job hunt.
A Guide to a Winning Interview June 2024Bruce Bennett
This webinar is an in-depth review of the interview process. Preparation is a key element to acing an interview. Learn the best approaches from the initial phone screen to the face-to-face meeting with the hiring manager. You will hear great answers to several standard questions, including the dreaded “Tell Me About Yourself”.
How to Prepare for Fortinet FCP_FAC_AD-6.5 Certification?NWEXAM
Begin Your Preparation Here: https://bit.ly/3VfYStG — Access comprehensive details on the FCP_FAC_AD-6.5 exam guide and excel in the Fortinet Certified Professional - Network Security certification. Gather all essential information including tutorials, practice tests, books, study materials, exam questions, and the syllabus. Solidify your knowledge of Fortinet FCP_FAC_AD-6.5 certification. Discover everything about the FCP_FAC_AD-6.5 exam, including the number of questions, passing percentage, and the time allotted to complete the test.
Jill Pizzola's Tenure as Senior Talent Acquisition Partner at THOMSON REUTERS...dsnow9802
Jill Pizzola's tenure as Senior Talent Acquisition Partner at THOMSON REUTERS in Marlton, New Jersey, from 2018 to 2023, was marked by innovation and excellence.
5. Introduction
Slide 1-5
Fundamental data security
requirements
Confidentiality
Integrity
Availability
Non-
repudation
Protection of data from
unauthorized disclosure
6. Introduction
Slide 1-6
Fundamental data security
requirements
Confidentiality
Integrity
Availability
Non-
repudation
Only authorized users
should be allowed to
modify data.
7. Introduction
Slide 1-7
Fundamental data security
requirements
Confidentiality
Integrity
Availability
Non-
repudation
Making data available to the
authorized users & application
programs
8. Introduction
Slide 1-8
Fundamental data security
requirements
Confidentiality
Integrity
Availability
Non-
repudation
The ability to prevent the
effective denial of an act.
9. Countermeasures
To protect databases against these
types of threats four kinds of
countermeasures can be
implemented:
◦ Access control
◦ Inference control
◦ Flow control
◦ Encryption
10. Access control
The security mechanism of a DBMS
for restricting access to the database
as a whole
◦ Handled by creating user accounts and
passwords to control login process by the
DBMS.
Two types of database security
mechanisms:
◦ Discretionary security mechanisms
(DAC)
◦ Mandatory security mechanisms (MAC)
11. Inference control
The security problem associated with
databases is that of controlling the access
to a statistical database, which is used
to provide statistical information or
summaries of values based on various
criteria.
The countermeasures to statistical
database security problem is called
inference control measures.
12. Flow control
Flow control prevents information from
flowing in such a way that it reaches
unauthorized users.
Channels that are pathways for
information to flow implicitly in ways
that violate the security policy of an
organization are called covert
channels.
13. Data encryption
Data encryption is used to protect
sensitive data (such as credit card
numbers) that is being transmitted via
some type communication network.
The data is encoded using some
encoding algorithm.
◦ An unauthorized user who access encoded
data will have difficulty deciphering it, but
authorized users are given decoding or
decrypting algorithms (or keys) to decipher
14. Database Security and the DBA
The database administrator (DBA) is
the central authority for managing a
database system.
◦ The DBA’s responsibilities include
granting privileges to users who need to use
the system
classifying users and data in accordance with
the policy of the organization
The DBA is responsible for the overall
security of the database system.
Slide 1-14
15. Database Security and the
DBA
The DBA has a DBA account in the DBMS
◦ Sometimes these are called a system or
super user account
◦ These accounts provide powerful
capabilities such as:
Account creation
Privilege granting
Privilege revocation
Security level assignment
16. Discretionary Access Control
The typical method of enforcing
discretionary access control in a
database system is based on the granting
and revoking privileges.
Slide 1-16
17. Types of Discretionary
Privileges
The account level:
◦ At this level, the DBA specifies the
particular privileges that each account
holds independently of the relations in
the database.
The relation level (or table level):
◦ At this level, the DBA can control the
privilege to access each individual
relation or view in the database.
18. Types of Discretionary
Privileges
SQL standard supports DAC through
the GRANT and REVOKE commands:
◦ The GRANT command gives privileges to
users
◦ The REVOKE command takes away
privileges
19. Types of Discretionary
Privileges
The privileges at the account level apply can
include
◦ the CREATE SCHEMA or CREATE TABLE
privilege, to create a schema or base relation;
◦ the CREATE VIEW privilege;
◦ the ALTER privilege, to apply schema changes
such adding or removing attributes from
relations;
◦ the DROP privilege, to delete relations or views;
◦ the MODIFY privilege, to insert, delete, or update
tuples;
◦ the SELECT privilege, to retrieve information
from the database by using a SELECT query.
Slid
e 1-
19
20. Types of Discretionary
Privileges
The relation level of privileges applies to base relations
and virtual (view) relations.
Notice that to create a view, the account must have
SELECT privilege on all relations involved in the view
definition.
21. Types of Discretionary
Privileges
To control the granting and revoking of relation
privileges, for each relation R in a database:
◦ The owner of a relation is given all privileges
on that relation.
◦ The owner account holder can pass
privileges on any of the owned relation to
other users by granting privileges to their
accounts.
◦ The owner account holder can also take back
the privileges by revoking privileges from
their accounts.
22. Types of Discretionary
Privileges
In SQL the following types of privileges can be
granted on each individual relation R:
◦ SELECT (retrieval or read) privilege on R
◦ MODIFY privileges on R
UPDATE, DELETE, and INSERT privileges
INSERT and UPDATE privileges can specify
that only certain attributes can be updated by
the account.
◦ REFERENCES privilege on R
This gives the account the capability to
reference relation R when specifying integrity
constraints.
The privilege can also be restricted to
specific attributes of R.
23. Specifying Privileges Using
Views
The mechanism of views is an
important discretionary authorization
mechanism in its own right.
◦ Column level security
Owner A (of R) can create a view V of R that includes
several attributes and then grant SELECT on V to B.
◦ Row level security
Owner A (of R) can create a view V’ which selects
several tuples from R and then grant SELECT on V’ to
B.
24. Propagation of Privileges
using the GRANT OPTION
Whenever the owner A of a relation R grants a
privilege on R to another account B, privilege can
be given to B with or without the GRANT OPTION.
B can also grant that privilege on R to other
accounts.
If B grants the privilege on R to C with GRANT
OPTION
Privileges on R can propagate to other accounts
without the knowledge of the owner of R
25. Propagation of Privileges
using the GRANT OPTION
If the owner account A now revokes the
privilege granted to B, all the privileges that B
propagated based on that privilege should
automatically be revoked by the system.
26. An Example
Suppose that the DBA creates four accounts
◦ A1, A2, A3, A4
A1: Create table privilege
GRANT CREATE TABLE TO A1;
Suppose that A1 creates the two base relations
EMPLOYEE and DEPARTMENT
A1 is then owner of these two relations and
hence all the relation privileges on each of
them.
28. An Example
A1 wants to grant A2 the privilege to
insert and delete tuples in both of these
relations, but A1 does not want A2 to be
able to propagate these privileges to
additional accounts:
GRANT INSERT, DELETE ON
EMPLOYEE, DEPARTMENT TO
A2;
29. An Example
A1 wants to allow A3 to retrieve information
from either of the two tables and also to be able
to propagate the SELECT privilege to other
accounts.
GRANT SELECT ON EMPLOYEE,
DEPARTMENT TO A3
WITH GRANT OPTION;
A3 can grant SELECT privilege to A4 to retrieve
information from the Employee relation
GRANT SELECT ON EMPLOYEE TO A4;
Notice that A4 can’t propagate the SELECT
privilege because GRANT OPTION was not
given to A4
30. An Example
A1 decides to revoke the SELECT
privilege on the EMPLOYEE relation
from A3
REVOKE SELECT ON EMPLOYEE FROM
A3;
The DBMS must now automatically
revoke the SELECT privilege on
EMPLOYEE from A4, too, because A3
granted that privilege to A4 and A3 does
not have the privilege any more.
31. An Example
A1 wants to give back to A3 a limited capability
to SELECT from the EMPLOYEE relation and
wants to allow A3 to be able to propagate the
privilege.
◦ The limitation is to retrieve only the NAME,
BDATE, and ADDRESS attributes and only for
the tuples with DNO=5.
A1 then create the view:
CREATE VIEW A3EMPLOYEE AS
SELECT NAME, BDATE, ADDRESS
FROM EMPLOYEE
WHERE DNO = 5;
And then,
GRANT SELECT ON A3EMPLOYEE TO A3
WITH GRANT OPTION;
32. An Example
A1 wants to allow A4 to update only the SALARY
attribute of EMPLOYEE;
A1 can issue:
GRANT UPDATE ON EMPLOYEE (SALARY) TO
A4;
Slid
e 1-
32
33. Mandatory Access Control
Mandatory Access Control (MAC):
◦ MAC applies to large amounts of information
requiring strong protect in environments where
both the system data and users can be classified
clearly.
◦ MAC is a mechanism for enforcing multiple
level of security.
The commonly used model for multilevel security,
known as the Bell-LaPadula model
Slid
e 1-
33
34. Security Classes
Classifies subjects and objects based on security
classes.
Security class:
◦ Classification level
◦ Category
A subject classification reflects the degree of trust
and the application area.
A object classification reflects the sensitivity of the
information.
Slid
e 1-
34
35. Security Classes
Typical classification level are:
◦ Top secret (TS)
◦ Secret (S)
◦ Confidential (C)
◦ Unclassified (U)
Where TS is the highest level and U is the lowest:
TS ≥ S ≥ C ≥ U
Categories tend to reflect the system areas or
departments of the organization
Slid
e 1-
35
36. Security Classes
A security class is defined as follow:
SC = (A, C)
A: classification level
C: category
A relation of partial order on the
security classes: SC ≤ SC’ is verified,
only if:
A ≤ A’ and C’ C
Slid
e 1-
36
37. MAC Properties
Simple security property: A subject S is not
allowed to read or access to an object O unless
class(S) ≥ class(O).
No read-up
Star property (or * property): A subject S is not
allowed to write an object O unless
class(S) ≤ class(O)
No write-down
Slid
e 1-
37
38. Multilevel Relation
Multilevel relation: MAC + relational database
model
Data objects: attributes and tuples
Each attribute A is associated with a
classification attribute C
A tuple classification attribute TC is to
provide a classification for each tuple as a
whole, the highest of all attribute classification
values.
R(A1,C1,A2,C2, …, An,Cn,TC)
Slid
e 1-
38
40. Slid
e 1-
40
A user with security level U
SELECT * FROM EMPLOYEE
Multilevel Relation
41. Pros and Cons of MAC
Pros:
◦ Provide a high degree of protection – in a way of
preventing any illegal flow of information.
◦ Suitable for military types of applications.
Cons:
◦ Not easy to apply: require a strict classification of
subjects and objects into security levels.
◦ Applicable for very few environments.
Slid
e 1-
41
42. Data Encryption
Encryption is a means of maintaining secure data
in an insecure environment.
Encryption consists of applying an encryption
algorithm to data using some prespecified
encryption key.
The resulting data has to be decrypted using a
decryption key to recover the original data.
Slid
e 1-
42
43. The Data and Advanced
Encryption Standards
The Data Encryption Standard (DES) is a system
developed by the U.S. government for use by the
general public.
◦ It has been widely accepted as a cryptographic
standard both in the United States and abroad.
DES can provide end-to-end encryption on the
channel between the sender A and receiver B.
Slid
e 1-
43
44. The Data and Advanced
Encryption Standards(2)
DES algorithm is a careful and complex
combination of two of the fundamental building
blocks of encryption:
◦ substitution and permutation (transposition).
The DES algorithm derives its strength from
repeated application of these two techniques for a
total of 16 cycles.
◦ Plaintext (the original form of the message) is
encrypted as blocks of 64 bits.
Slid
e 1-
44
45. The Data and Advanced
Encryption Standards(3)
After questioning the adequacy of
DES, the National Institute of
Standards (NIST) introduced the
Advanced Encryption Standards
(AES).
◦ This algorithm has a block size of 128
bits and thus takes longer time to crack.
Slid
e 1-
45
46. Symmetric Key Algorithms
A symmetric key is one key that is used for both
encryption and decryption.
A message encrypted with a secret key can be
decrypted only with the same secret key.
Algorithms used for symmetric key encryption are
called secret-key algorithms.
The major liability associated with secret-key
algorithms is the need for sharing the secret key.
Slid
e 1-
46
47. Public Key Encryption
In 1976 Diffie and Hellman proposed a new kind of
cryptosystem, which they called public key
encryption.
Public key algorithms are based on
mathematical functions.
◦ They also involve the use of two separate keys
in contrast to conventional encryption, which uses only
one key.
◦ The use of two keys can have profound
consequences in the areas of confidentiality, key
distribution, and authentication.
Slid
e 1-
47
48. Public Key Encryption(2)
The two keys used for public key
encryption are referred to as the
public key and the private key.
◦ the private key is kept secret, but it is
referred to as private key rather than a
secret key.
Slid
e 1-
48
49. Public Key Encryption(3)
A public key encryption scheme, or infrastructure,
has six ingredients:
◦ Plaintext: This is the data or readable message that
is fed into the algorithm as input.
◦ Encryption algorithm: The encryption algorithm
performs various transformations on the plaintext.
◦ Public and private keys: These are pair of keys that
have been selected so that if one is used for
encryption, the other is used for decryption.
The exact transformations performed by the encryption
algorithm depend on the public or private key that is
provided as input.
Slid
e 1-
49
50. Public Key Encryption(4)
A public key encryption scheme, or
infrastructure, has six ingredients
(contd.):
◦ Ciphertext:
This is the scrambled message produced as
output. It depends on the plaintext and the
key.
For a given message, two different keys will
produce two different ciphertexts.
◦ Decryption algorithm:
This algorithm accepts the ciphertext and the
matching key and produces the original
Slid
e 1-
50
51. Public Key Encryption(5)
Public key is made for public and private key is
known only by owner.
A general-purpose public key cryptographic
algorithm relies on
◦ one key for encryption and
◦ a different but related key for decryption.
Slid
e 1-
51
52. Public Key Encryption(6)
The essential steps are as follows:
◦ Each user generates a pair of keys to be used for
the encryption and decryption of messages.
◦ Each user places one of the two keys in a public
register or other accessible file. This is the public
key. The companion key is kept private (private key).
◦ If a sender wishes to send a private message to a
receiver, the sender encrypts the message using the
receiver’s public key.
◦ When the receiver receives the message, he or she
decrypts it using the receiver’s private key.
No other recipient can decrypt the message because
only the receiver knows his or her private key.
Slid
e 1-
52
53. References
Elmasri, R., &Navathe, S.
(2010). Fundamentals of database
systems. Pearson Education India.
Slid
e 1-
53
Editor's Notes
The same information may be kept in several different place (files).
Data inconsistency which means various copies of the same data are conflicting ; waste storage space and duplication of effort
Data values must satisfy certain consistency contraints which are specified in the application programs.
It is difficult to add change the programs to enforce new constraint
A DBMS is a very complex software system that consists of many components, or modules, including modules for implementing the catalog, query language processing, interface processing, accessing and buffering data, controlling concurrency, and handling data recovery and security.