ET
Uploaded byERSHUBHAM TIWARI
PPTX, PDF7,217 views

Application security models

This document discusses 5 different application security models: database role based, application role based, application function based, application role and function based, and application table based. For each model, it describes the key tables used to implement the model, how privileges are assigned, and some characteristics of the model. The models aim to provide data security and access protection at the table level through different approaches to assigning privileges to users.

Embed presentation

Downloaded 117 times
Introduction  We examine five different application security models that are commonly used by the industry to provide data security and access protection at the table level.  Database role based.  Application role based.  Application function based.  Application role and function based.  Application table based.
Security Model Based on Database Roles  This model depend on the application to authentication the application users by maintain all end users in a table with their encryption password.  In this model, each end user is assigned a database role, which has specific database privilege for accessing application table.  The user can access whatever privileges are assigned to the role
Security Model Based on Database Roles  This model, proxy user is needed to activate assigned roles.  All roles are assigned to the proxy user.
Security Model Based on Database Roles
Security Model Based on Database Roles  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APLLICATION_USERS_ROLES:  Contains all roles defined by application and for each role that privilege is assigned; privilege can be read, write, read/write.
Security Model Based on Database Roles  The architectural view of the model has common control columns prefixed with CTL.  These control columns contains information about manipulate record.
Security Model Based on Database Roles  CTL_INS_DTTM contains the date and time when the record was created.  CTL_UPD_DTTM contains the date and time when the record was last updated.  CTL_UPD_USER contains the date name that created the record or last updated the record.  CTL_REC_STAT can be used to indicate the status of the record. We can use this column for any purpose, we may set this column to “A” as an indicator that the record active and I as inactive
Security Model Based on Database Roles
Security Model Based on Database Roles  Implementing in Oracle  create a proxy user called APP_PROXY that will be assigned to all application role and will work on behalf of the application user APP_USER to gain access to all tables owned by the application owner called APP_OWNER.
Security Model Based on Database Roles
Security Model Based on Database Roles
Security Model Based on Database Roles
Security Model Based on Database Roles
Security Model Based on Application Roles  The concept of an application role security model are similar to the concept of database role security model in that they are both methods for organizing and administrating privileges.  Application roles are typically mapped specifically to real business roles
Security Model Based on Application Roles
Security Model Based on Application Roles  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APPLICATION_ROLES  All roles defined by the application and for each role a privilege are assigned. The privilege can be read, write, or read/write
Security Model Based on Application Roles  The security model that is based on application roles depends on the application to authenticate the application users.  Authentication is accomplished by maintaining all end users in a table with their encrypted password.
Security Model Based on Application Roles  In this model, each end user is assigned an application role, and the application role is provided with application privileges to read/write specific modules of the application.
Security Model Based on Application Roles
Security Model Based on Application Roles  The point need to be considered during security Model  This model does not allow the flexibility required to make changes necessary for security.  For example a user called Scott who has a clerk role, and the clerk has privileges to read, add, and modify. This means that Scott can perform these operations on all modules of the application.
Security Model Based on Application Roles  Privileges are limited to any combination of the following.  read  add  delete  update  admin
Security Model Based on Application Roles  This model isolates the application security from the database, which make implementation of database independent.  Only one role is assigned to an application user.  Maintenance of the application security does not require specific database privilege. This lowers the risk of database violation.
Security Model Based on Application Roles  Passwords must be securely encrypted. preferably using private and public keys
Security Model based on Application Functions  The security model that is based on application function depends on the application to authenticate the application user by maintaining all end user in a table with their encrypted password.
Security Model based on Application Functions  In this model the application is divided into functions.  For instance, if you were using an inventory application we need to have a function name CUSTOMER that maintain customers and another function name PRODUCTS for maintain products, and so on
Security Model based on Application Functions
Security Model based on Application Functions  Tables used in this security model  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords  Application Functions:  This table contains all logical functions of the application
Security Model based on Application Functions  Tables used in this security model  Application_Functions_Privileges  This table stores all privileges for functions such as : read, write, read/write  Application_Users_Functions  This table contains all end users and their application function privileges.
Security Model based on Application Functions  The following list presents characteristics of this security model:  In this model the application security from the database, this makes implementation independent.  Maintenance of the application security does not require specific database privileges which lower the risk of database violations.
Security Model based on Application Functions  Password must be securely encrypted, preferably using private and public key. In this case we must modify the structure of the APPLICATION_USERS table by adding columns to store public and private keys.  The application must be designed in a granular fashion.  The more granular the privileges, the more effort are needed to implement them
Security Model based on Application Roles and Functions  This security model is a combination of both the role and function security models.  The application roles and functions security model depends on the application to authenticate the application users.
Security Model based on Application Roles and Functions  The application authenticates users by maintaining all end users in a table with their encrypted passwords.  In this model the application is divided into function and roles are assigned to function that are in turn assigned to users.
Security Model based on Application Roles and Functions
Security Model based on Application Roles and Functions  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords  APPLICATION_FUNCTIONS:  This table contains all logical functions of the application
Security Model based on Application Roles and Functions  APPLICATION_USER_ROLES  Contains all roles assigned to users  APPLICATION_ROLES  Contains all roles defined by the application and for each role assigned
Security Model based on Application Roles and Functions  APPLICATION_ROLE_FUNCTIONS  Contains all functions and privileges that are assigned to each role.  APPLICATION_FUNCTION_PRIVILEGES  Stores all privileges for function : read, write, read/write
Security Model based on Application Roles and Functions
Security Model based on Application Roles and Functions  The following list present characteristics of this security model:  This model provides flexibility for implementing application security.  This model isolates the application security from the database, which make implementation database independent
Security Model based on Application Roles and Functions  Maintenance of the application security does not require specific database privileges, which lower the risk of database violations.  Password must be securely encrypted, preferably using private and public keys. In this case the structure of the APPLICATION_USER table by adding columns to store public and private key
Security Model based on Application Roles and Functions  The application must use a real database user to log on and connect to the application database.  The user name and password must be encrypted and stored in a configuration file.
Security Model based on Application Roles and Functions  The application must be designed in a very granular fashion, which means that the function or modules of the application perform specific task and do not encompass a wide variety of tasks that are cross- functional.
Security Model based on Application Roles and Functions  The more granular the privileges, the more effort needed to implement them.
Security model based on Application Table  This application security model depends on the application to authenticate users by maintaining all end users in a table with their encrypted passwords.  The application provides privileges to the user based on tables, not on a role or a function.
Security model based on Application Table
Security model based on Application Table  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APPLICATION_USER_TABLES  Contains all tables assigned to users.
Security model based on Application Table  APPLICATION_TABLES  Contains all tables owned by application.  APPLICATION_TABLE_PRIVILEGES  0- no access  1- read  2-read and add  3-read, add and modify  4- read, add, modify and delete  5- read, add, modify ,delete and admin
Security model based on Application Table  An application user many be granted a read privilege on an application bye adding an entry in APPLICATION_USER_TABLES.
Security model based on Application Table
Security model based on Application Table  The following list present characteristics of this security model:  This model isolates the application security from the database, which make implementation database independent.  Maintenance of the application security does not require specific database privileges, which lowers the risk of database violations.
Security model based on Application Table  Password must be securely encrypted, preferably using private and public keys.  The application must use a real database user to log on and connect to the application database.  Security is implemented easily by using table access privileges that are assigned to each end user.
Comparison
Comparison
54 Data Encryption  Passwords should be kept confidential and preferably encrypted  Passwords should be compared encrypted:  Never decrypt the data  Hash the passwords and compare the hashes
55 Data Encryption (continued)

More Related Content

PPTX
Access Control authentication and authorization .pptx
bybirhanugirmay559
 
PPT
DB security
byERSHUBHAM TIWARI
 
PPTX
Database Security And Authentication
bySudeb Das
 
PPT
Database Security
byalraee
 
PPTX
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
PPTX
A5: Security Misconfiguration
byTariq Islam
 
PPTX
Rootkits
byTharinduUdaraRanasin
 
PPTX
Database Security
byShingalaKrupa
 
Access Control authentication and authorization .pptx
bybirhanugirmay559
 
DB security
byERSHUBHAM TIWARI
 
Database Security And Authentication
bySudeb Das
 
Database Security
byalraee
 
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
A5: Security Misconfiguration
byTariq Islam
 
Rootkits
byTharinduUdaraRanasin
 
Database Security
byShingalaKrupa
 

What's hot

PDF
Google App Engine
bySoftware Park Thailand
 
DOCX
Job portal project documentary
byUmang_jain
 
PPSX
Student feedback system
byAkshay Surve
 
PDF
Network security & cryptography full notes
bygangadhar9989166446
 
PPT
Cloud service management
bygaurav jain
 
PPTX
Vehicles Parking Management System project presentation 2020
byVikram Singh
 
PPTX
Railway booking & management system
byNikhil Raj
 
DOCX
Android Based Application Project Report.
byAbu Kaisar
 
PPTX
Final project presentation CSE
byHumayra Khanum
 
PDF
Token, Pattern and Lexeme
byA. S. M. Shafi
 
PPTX
vehicle management system project
byAshik Khan
 
PPTX
PPT steganography
byparvez Sharaf
 
PPTX
face recognition
byvipin varghese
 
DOCX
Vehicle management system
byMohd Saddam
 
PPTX
Rc4
byAmjad Rehman
 
PPTX
ONLINE STUDENT FEEDBACK SYSTEM
byVENKATA RAMANA PRABHALAVEEDU
 
PPTX
Unit 3
byRavi Kumar
 
DOC
Android Report
byGanesh Waghmare
 
DOCX
Cake shop billing system
byAkshita Pillai
 
PPTX
Key management and distribution
byRiya Choudhary
 
Google App Engine
bySoftware Park Thailand
 
Job portal project documentary
byUmang_jain
 
Student feedback system
byAkshay Surve
 
Network security & cryptography full notes
bygangadhar9989166446
 
Cloud service management
bygaurav jain
 
Vehicles Parking Management System project presentation 2020
byVikram Singh
 
Railway booking & management system
byNikhil Raj
 
Android Based Application Project Report.
byAbu Kaisar
 
Final project presentation CSE
byHumayra Khanum
 
Token, Pattern and Lexeme
byA. S. M. Shafi
 
vehicle management system project
byAshik Khan
 
PPT steganography
byparvez Sharaf
 
face recognition
byvipin varghese
 
Vehicle management system
byMohd Saddam
 
Rc4
byAmjad Rehman
 
ONLINE STUDENT FEEDBACK SYSTEM
byVENKATA RAMANA PRABHALAVEEDU
 
Unit 3
byRavi Kumar
 
Android Report
byGanesh Waghmare
 
Cake shop billing system
byAkshita Pillai
 
Key management and distribution
byRiya Choudhary
 

Viewers also liked

PPTX
Database modeling and security
byNeeharika Nidadavolu
 
PPTX
Cellular network
byshreb
 
PDF
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
byInSync2011
 
PPTX
Secure360 - Extracting Password from Windows
byScott Sutherland
 
PPT
Cellular phones
byKhurram Burjees
 
PDF
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
byAkshay Anand
 
PDF
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
byAkshay Anand
 
PDF
Mobile Medical Apps and FDA Regulatory Approach
byAkshay Anand
 
PDF
Database security
bykeerthusandeepreddy
 
PPTX
SECURE AND EFFICIENT DATA TRANSMISSION FOR CLUSTER-BASED WIRELESS SENSOR NETW...
byRoshith S Pai
 
PDF
Network Security‬ and Big ‪‎Data Analytics‬
byAllot Communications
 
PPTX
Killed by code - mobile medical devices
byFlaskdata.io
 
PPTX
Drug Dependence & Abuse - Presentation by Akshay Anand
byAkshay Anand
 
PPTX
Security Analytics and Big Data: What You Need to Know
byMapR Technologies
 
PDF
Securing MQTT - BuildingIoT 2016 slides
byDominik Obermaier
 
PDF
Object-Relational Database Systems(ORDBMSs)
bySahan Walpitagamage
 
PDF
ISO 22000 Food Safety Management Systems - A Presentation by Akshay Anand
byAkshay Anand
 
PPTX
Secure Data Transmission
bybjp4642
 
PDF
Regulatory Approval Process for Medical Devices in EU - Presentation by Aksha...
byAkshay Anand
 
PDF
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
byDenim Group
 
Database modeling and security
byNeeharika Nidadavolu
 
Cellular network
byshreb
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
byInSync2011
 
Secure360 - Extracting Password from Windows
byScott Sutherland
 
Cellular phones
byKhurram Burjees
 
Drug Registration in GCC (Gulf Cooperation Council) - by Akshay Anand
byAkshay Anand
 
D&C Act 1940 Schedule Y - A Presentation by Akshay Anand
byAkshay Anand
 
Mobile Medical Apps and FDA Regulatory Approach
byAkshay Anand
 
Database security
bykeerthusandeepreddy
 
SECURE AND EFFICIENT DATA TRANSMISSION FOR CLUSTER-BASED WIRELESS SENSOR NETW...
byRoshith S Pai
 
Network Security‬ and Big ‪‎Data Analytics‬
byAllot Communications
 
Killed by code - mobile medical devices
byFlaskdata.io
 
Drug Dependence & Abuse - Presentation by Akshay Anand
byAkshay Anand
 
Security Analytics and Big Data: What You Need to Know
byMapR Technologies
 
Securing MQTT - BuildingIoT 2016 slides
byDominik Obermaier
 
Object-Relational Database Systems(ORDBMSs)
bySahan Walpitagamage
 
ISO 22000 Food Safety Management Systems - A Presentation by Akshay Anand
byAkshay Anand
 
Secure Data Transmission
bybjp4642
 
Regulatory Approval Process for Medical Devices in EU - Presentation by Aksha...
byAkshay Anand
 
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
byDenim Group
 

Similar to Application security models

PPT
ch05_2.pptfsfsffsfsfsfsfsfssffsfsfsfsfsff
byDiaaUliyan
 
PPTX
Database security and security in networks
byPrachi Gulihar
 
PPTX
Security of the database
byPratik Tamgadge
 
PPT
DBSecurity-Overview.ppt
byuzairAsif268
 
PPT
DBSecurity-Overview database securityPPT
byPriyankaPatil919748
 
PPT
Database Security
byRabiaIftikhar10
 
PPTX
Database security and privacy
byMd. Ahasan Hasib
 
PPTX
Database security
bySoftware Engineering
 
PDF
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
byDr Amit Phadikar
 
PDF
uu (2).pdf
byuzairAsif268
 
PPTX
Database concepts
byshanthishyam
 
PPTX
MobileDBSecurity.pptx
bymissionsk81
 
PDF
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
byDATAVERSITY
 
PDF
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
PPTX
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
PPTX
Presentation on Database Security in DBMS
byGaurav977214
 
PPTX
Database managementsystemes_Unit-7.pptxe
bychnrketan
 
PPTX
Group 8 - Database Security Version 1.pptx
byHenryQuang1
 
PPT
Lecture 7 Database security managent such as backup, replication.ppt
byAnnKingori
 
PPT
Sql Server Security
byVinod Kumar
 
ch05_2.pptfsfsffsfsfsfsfsfssffsfsfsfsfsff
byDiaaUliyan
 
Database security and security in networks
byPrachi Gulihar
 
Security of the database
byPratik Tamgadge
 
DBSecurity-Overview.ppt
byuzairAsif268
 
DBSecurity-Overview database securityPPT
byPriyankaPatil919748
 
Database Security
byRabiaIftikhar10
 
Database security and privacy
byMd. Ahasan Hasib
 
Database security
bySoftware Engineering
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
byDr Amit Phadikar
 
uu (2).pdf
byuzairAsif268
 
Database concepts
byshanthishyam
 
MobileDBSecurity.pptx
bymissionsk81
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
byDATAVERSITY
 
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
Unit 2 - Chapter 7 (Database Security).pptx
bySakshiGawde6
 
Presentation on Database Security in DBMS
byGaurav977214
 
Database managementsystemes_Unit-7.pptxe
bychnrketan
 
Group 8 - Database Security Version 1.pptx
byHenryQuang1
 
Lecture 7 Database security managent such as backup, replication.ppt
byAnnKingori
 
Sql Server Security
byVinod Kumar
 

Recently uploaded

PPT
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
DOCX
Project Management(BOE 070) notes Unite 4 AKTU
by26dsyogam
 
PPTX
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Network Security v1.0 - Module 2.pptx
byssuserb1479b
 
PDF
22PEOIT4C Artificial Intelligence Syllab
bymailmegokilavani
 
PPTX
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
PPTX
Network intrusion detection system .pptx
byvenomghost09082000
 
PPTX
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
PPTX
2_Consequence of threats, E-mail threats, Web.pptx
bydolly475229
 
PPTX
KTU 2024 SCHEME -PEMET 413 COMPOSITE MATERIALS MODULE 1 LECTURE 1.pptx
byVinayB68
 
PDF
Bee problems on the basic engineering of electrical
byVinodkumar941730
 
PDF
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
PDF
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
PPTX
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPTX
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
PDF
PROPEX-RAG: Prompt-Driven GraphRAG for Multi-Hop QA
byapurvakarne
 
PDF
Sensor & Instrument MODULE 3 REVISION PPT.pdf
by26dsyogam
 
PPTX
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
PPTX
22PEOIT4C Session 9 Local search in continuous space.pptx
bymailmegokilavani
 
Tutorial-security-privacy-cloud intro duction about cloud compting its services
byHEmansuSingh
 
Project Management(BOE 070) notes Unite 4 AKTU
by26dsyogam
 
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Network Security v1.0 - Module 2.pptx
byssuserb1479b
 
22PEOIT4C Artificial Intelligence Syllab
bymailmegokilavani
 
A7383 3D Printing UNIT-III : 3D printing techniques
byVishnuVardhan909561
 
Network intrusion detection system .pptx
byvenomghost09082000
 
22PEOIT4C Session 7 A searching algorithm.pptx
bymailmegokilavani
 
2_Consequence of threats, E-mail threats, Web.pptx
bydolly475229
 
KTU 2024 SCHEME -PEMET 413 COMPOSITE MATERIALS MODULE 1 LECTURE 1.pptx
byVinayB68
 
Bee problems on the basic engineering of electrical
byVinodkumar941730
 
A Guide to Components and Operation of Refrigeration Plant - Part 1
byMahmoud Moghtaderi
 
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
Environmental and Ecology UNIT 4 - Global Warming-1.pptx
byMinakshiSultania
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
Civil_Engineering_Technician_Skill_Assessment_2025_2026_Presentation.pptx
byCDR Australia Engineer
 
PROPEX-RAG: Prompt-Driven GraphRAG for Multi-Hop QA
byapurvakarne
 
Sensor & Instrument MODULE 3 REVISION PPT.pdf
by26dsyogam
 
Industrial Plant Safety – Comprehensive Guide for Workplace Safety & Risk Pre...
byMaintWiz Technologies Private Limited
 
22PEOIT4C Session 9 Local search in continuous space.pptx
bymailmegokilavani
 

Application security models

  • 2.
    Introduction  We examinefive different application security models that are commonly used by the industry to provide data security and access protection at the table level.  Database role based.  Application role based.  Application function based.  Application role and function based.  Application table based.
  • 3.
    Security Model Basedon Database Roles  This model depend on the application to authentication the application users by maintain all end users in a table with their encryption password.  In this model, each end user is assigned a database role, which has specific database privilege for accessing application table.  The user can access whatever privileges are assigned to the role
  • 4.
    Security Model Basedon Database Roles  This model, proxy user is needed to activate assigned roles.  All roles are assigned to the proxy user.
  • 5.
    Security Model Basedon Database Roles
  • 6.
    Security Model Basedon Database Roles  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APLLICATION_USERS_ROLES:  Contains all roles defined by application and for each role that privilege is assigned; privilege can be read, write, read/write.
  • 7.
    Security Model Basedon Database Roles  The architectural view of the model has common control columns prefixed with CTL.  These control columns contains information about manipulate record.
  • 8.
    Security Model Basedon Database Roles  CTL_INS_DTTM contains the date and time when the record was created.  CTL_UPD_DTTM contains the date and time when the record was last updated.  CTL_UPD_USER contains the date name that created the record or last updated the record.  CTL_REC_STAT can be used to indicate the status of the record. We can use this column for any purpose, we may set this column to “A” as an indicator that the record active and I as inactive
  • 9.
    Security Model Basedon Database Roles
  • 10.
    Security Model Basedon Database Roles  Implementing in Oracle  create a proxy user called APP_PROXY that will be assigned to all application role and will work on behalf of the application user APP_USER to gain access to all tables owned by the application owner called APP_OWNER.
  • 11.
    Security Model Basedon Database Roles
  • 12.
    Security Model Basedon Database Roles
  • 13.
    Security Model Basedon Database Roles
  • 14.
    Security Model Basedon Database Roles
  • 15.
    Security Model Basedon Application Roles  The concept of an application role security model are similar to the concept of database role security model in that they are both methods for organizing and administrating privileges.  Application roles are typically mapped specifically to real business roles
  • 16.
    Security Model Basedon Application Roles
  • 17.
    Security Model Basedon Application Roles  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APPLICATION_ROLES  All roles defined by the application and for each role a privilege are assigned. The privilege can be read, write, or read/write
  • 18.
    Security Model Basedon Application Roles  The security model that is based on application roles depends on the application to authenticate the application users.  Authentication is accomplished by maintaining all end users in a table with their encrypted password.
  • 19.
    Security Model Basedon Application Roles  In this model, each end user is assigned an application role, and the application role is provided with application privileges to read/write specific modules of the application.
  • 20.
    Security Model Basedon Application Roles
  • 21.
    Security Model Basedon Application Roles  The point need to be considered during security Model  This model does not allow the flexibility required to make changes necessary for security.  For example a user called Scott who has a clerk role, and the clerk has privileges to read, add, and modify. This means that Scott can perform these operations on all modules of the application.
  • 22.
    Security Model Basedon Application Roles  Privileges are limited to any combination of the following.  read  add  delete  update  admin
  • 23.
    Security Model Basedon Application Roles  This model isolates the application security from the database, which make implementation of database independent.  Only one role is assigned to an application user.  Maintenance of the application security does not require specific database privilege. This lowers the risk of database violation.
  • 24.
    Security Model Basedon Application Roles  Passwords must be securely encrypted. preferably using private and public keys
  • 25.
    Security Model basedon Application Functions  The security model that is based on application function depends on the application to authenticate the application user by maintaining all end user in a table with their encrypted password.
  • 26.
    Security Model basedon Application Functions  In this model the application is divided into functions.  For instance, if you were using an inventory application we need to have a function name CUSTOMER that maintain customers and another function name PRODUCTS for maintain products, and so on
  • 27.
    Security Model basedon Application Functions
  • 28.
    Security Model basedon Application Functions  Tables used in this security model  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords  Application Functions:  This table contains all logical functions of the application
  • 29.
    Security Model basedon Application Functions  Tables used in this security model  Application_Functions_Privileges  This table stores all privileges for functions such as : read, write, read/write  Application_Users_Functions  This table contains all end users and their application function privileges.
  • 30.
    Security Model basedon Application Functions  The following list presents characteristics of this security model:  In this model the application security from the database, this makes implementation independent.  Maintenance of the application security does not require specific database privileges which lower the risk of database violations.
  • 31.
    Security Model basedon Application Functions  Password must be securely encrypted, preferably using private and public key. In this case we must modify the structure of the APPLICATION_USERS table by adding columns to store public and private keys.  The application must be designed in a granular fashion.  The more granular the privileges, the more effort are needed to implement them
  • 32.
    Security Model basedon Application Roles and Functions  This security model is a combination of both the role and function security models.  The application roles and functions security model depends on the application to authenticate the application users.
  • 33.
    Security Model basedon Application Roles and Functions  The application authenticates users by maintaining all end users in a table with their encrypted passwords.  In this model the application is divided into function and roles are assigned to function that are in turn assigned to users.
  • 34.
    Security Model basedon Application Roles and Functions
  • 35.
    Security Model basedon Application Roles and Functions  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords  APPLICATION_FUNCTIONS:  This table contains all logical functions of the application
  • 36.
    Security Model basedon Application Roles and Functions  APPLICATION_USER_ROLES  Contains all roles assigned to users  APPLICATION_ROLES  Contains all roles defined by the application and for each role assigned
  • 37.
    Security Model basedon Application Roles and Functions  APPLICATION_ROLE_FUNCTIONS  Contains all functions and privileges that are assigned to each role.  APPLICATION_FUNCTION_PRIVILEGES  Stores all privileges for function : read, write, read/write
  • 38.
    Security Model basedon Application Roles and Functions
  • 39.
    Security Model basedon Application Roles and Functions  The following list present characteristics of this security model:  This model provides flexibility for implementing application security.  This model isolates the application security from the database, which make implementation database independent
  • 40.
    Security Model basedon Application Roles and Functions  Maintenance of the application security does not require specific database privileges, which lower the risk of database violations.  Password must be securely encrypted, preferably using private and public keys. In this case the structure of the APPLICATION_USER table by adding columns to store public and private key
  • 41.
    Security Model basedon Application Roles and Functions  The application must use a real database user to log on and connect to the application database.  The user name and password must be encrypted and stored in a configuration file.
  • 42.
    Security Model basedon Application Roles and Functions  The application must be designed in a very granular fashion, which means that the function or modules of the application perform specific task and do not encompass a wide variety of tasks that are cross- functional.
  • 43.
    Security Model basedon Application Roles and Functions  The more granular the privileges, the more effort needed to implement them.
  • 44.
    Security model basedon Application Table  This application security model depends on the application to authenticate users by maintaining all end users in a table with their encrypted passwords.  The application provides privileges to the user based on tables, not on a role or a function.
  • 45.
    Security model basedon Application Table
  • 46.
    Security model basedon Application Table  APPLICATION_USERS:  This is used to store and maintain all end users of the application with their encrypted passwords.  APPLICATION_USER_TABLES  Contains all tables assigned to users.
  • 47.
    Security model basedon Application Table  APPLICATION_TABLES  Contains all tables owned by application.  APPLICATION_TABLE_PRIVILEGES  0- no access  1- read  2-read and add  3-read, add and modify  4- read, add, modify and delete  5- read, add, modify ,delete and admin
  • 48.
    Security model basedon Application Table  An application user many be granted a read privilege on an application bye adding an entry in APPLICATION_USER_TABLES.
  • 49.
    Security model basedon Application Table
  • 50.
    Security model basedon Application Table  The following list present characteristics of this security model:  This model isolates the application security from the database, which make implementation database independent.  Maintenance of the application security does not require specific database privileges, which lowers the risk of database violations.
  • 51.
    Security model basedon Application Table  Password must be securely encrypted, preferably using private and public keys.  The application must use a real database user to log on and connect to the application database.  Security is implemented easily by using table access privileges that are assigned to each end user.
  • 52.
  • 53.
  • 54.
    54 Data Encryption  Passwordsshould be kept confidential and preferably encrypted  Passwords should be compared encrypted:  Never decrypt the data  Hash the passwords and compare the hashes
  • 55.