SlideShare a Scribd company logo

Database managementsystemes_Unit-7.pptxe

Download as PPTX, PDF
C
chnrketan

DBMS

Engineering
1 of 20
Database Management Systems Unit-7 Database Security
Topics to be covered • Introduction • Authentication and Authorization • Data encryption • Access control • DAC (Discretionary access control) • MAC (Mandatory access control) • RBAC models • Intrusion detection • SQL injection
What is data security?  Data security is the protection of the data from unauthorized users.  Only the authorized users are allowed to access the data.  Most of the users are allowed to access a part of database i.e., the data that is related to them or related to their department.  Mostly, the DBA or head of department can access all the data in the database.  Some users may be permitted only to retrieve data, whereas others are allowed to retrieve as well as to update data.
Security v/s Integrity Security Integrity Data security deals with protection of data. Data integrity deals with the validity of data. Data security is making sure that only the people who should have access to the data are the only ones who can access the data. Data integrity is making sure that the data is correct and not corrupt. Data security avoids from unauthorized access of data. Data integrity avoids from human errors, when data is entered. Data security is implemented through user account (passwords). Data integrity is implemented through constraints such as Primary key, Foreign key, Check constraints etc.
Authentication v/s Authorization Authentication Authorization Logging on to a PC or some website or app with username and password is authentication. Accessing a file (data) from hard disk or some database is authorization. It is the process of verifying who you are. It is the process of verifying what you are authorized to do or not to do. It is providing integrity control and security to the data. It is protecting the data to ensure privacy and access control of data. It is the process of validating a user on the credentials (username and password). It is the process of verifying whether access is allowed or not.
What is audit trail (audit log)?  An audit trail (audit log) is a record which will be generated for each and every transactions.  It will keep certain information about the transaction.  An audit trail (audit log) records 1. Who (user or the application program and a transaction number) 2. When (date and time) 3. From Where (location of the user and/or terminal) 4. What (identification of the data affected, as well as a before-and-after image of that portion of the database that was affected by the update operation)
• Encryption is a security method in which information is encoded in such a way that only authorized user can read (understand) it. • It uses encryption algorithm to generate ciphertext that can only be read if decrypted. What is data encryption?
Data encryption method (process) Sender Receiver Unauthorized Hello Khoor Hello Khoor Plaintext Ciphertext Should not access Plaintext Ciphertext Encryption Decryption
What is data encryption?  Data encryption is the process of encoding (translating) a message or information in such a way that only authorized persons can access it and those who are not authorized cannot.  Encryption is the process of translating plaintext data (plaintext) into something that appears to be meaningless (ciphertext).  Decryption is the process of converting ciphertext back to plaintext.
Types of Encryption  There are two types of encryptions schemes: 1. Symmetric key encryption / Private key encryption 2. Asymmetric key encryption / Public key encryption
Types of Encryption  Symmetric key encryption • Encryption and decryption keys are the same. • The same key is used by the sender to encrypt the data, and again by the receiver to decrypt the data. • Symmetric key encryption is fast in execution.  Asymmetric key encryption • Encryption and decryption keys are the different (Public Key and Private Key). • Messages are encrypted by sender with one key (Public Key) and can be decrypted by receiver only by the other key (Private Key). • Asymmetric key encryption is slow in execution due to the high computational burden.
Access control methods of data security  There are two different methods of data access control: 1. Discretionary access control 2. Mandatory access control
Discretionary access control  In discretionary access control (DAC), the owner of the object specifies (decides) which subjects (user) can access the object.  In this method a single user can have different rights on different objects, as well as different user can have different rights on the same objects.  SQL support discretionary access control through the GRANT and REVOKE commands.  GRANT • This command gives rights to user for an object. • Syntax:- GRANT privilege ON object TO user [WITH GRANT OPTION]  REVOKE • This command takes back rights from user for an object. • Syntax:- REVOKE privilege ON object FROM user {RESTRICT/CASCADE}
Mandatory access control  In this method individual user cannot get rights.  But all the users as well as all the objects are classified into different categories.  Each user is assigned a clearance level and each object is assigned a security level.  A user can access object of particular security level only if he has proper clearance level.  The DBMS (system) determines whether the given user can read or write a given object based on some rules.  This rule makes sure that sensitive data can never be passed to a user without necessary clearance.
Mandatory access control  Mandatory access control technique for multi-level security uses four components as given below: 1. Subjects:- Such as users, accounts, programs etc. 2. Objects:- Such as relation (table), tuples (records), attribute (column), view etc. 3. Clearance level:- Such as top secret (TS), secret (S), confidential (C), Unclassified (U). Each subject is classified into one of these four classes. 4. Security level:- Such as top secret (TS), secret (S), confidential (C), Unclassified (U). Each object is classified into one of these four classes.  In the above system TS>S>C>U, where TS>S means class TS object is more sensitive than class S object.
Mandatory access control rules  A user can access data by following two rules 1. Security property:- • Security property states that a subject at a given security level may not read an object at a higher security level. 2. Star (*) security property:- • Star (*) property states that a subject at a given security level may not write to any object at a lower security level.
Role based access control (RBAC) rules  It restricts database access based on a person's role within an organization. The roles in RBAC refer to the levels of access that employees have to the network.  Employees are only allowed to access the information necessary to effectively perform their job duties.  Access can be based on several factors, such as authority, responsibility, and job competency.  In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file.  Lower-level employees usually do not have access to sensitive data if they do not need it to fulfil their responsibilities.  Using RBAC will help in securing your company’s sensitive data and important applications.
Intrusion detection  An Intrusion Detection System (IDS) is a system or software application that monitors network traffic or system for suspicious activity or policy violations and issues alerts when such activity is discovered.  It is a software application that scans a network or a system for harmful activity or policy breaching.  Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system.  A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms.
SQL injection  SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.  This information may include any number of items, including sensitive company data, user lists or private customer details.  A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables, gaining administrative rights to a database, all of which are highly detrimental to a business.
Questions asked in GTU 1. Describe GRANT and REVOKE commands with suitable example. 2. What is difference between authorization and authentication? Explain the use of audit trail. 3. Explain data encryption with its types. 4. Differentiate discretionary access control and mandatory access control. 5. What is the difference between data security and data integrity?

Recommended

MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Is4560
Is4560Is4560
Is4560Tara Hardin
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdfMohammedElkayesh
 
Paper2
Paper2Paper2
Paper2Vikas Khairnar
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxSaqibAhmedKhan4
 

Recommended

MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptxmissionsk81
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
The 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochThe 5 Layers of Security Testing by Alan Koch
The 5 Layers of Security Testing by Alan KochQA or the Highway
 
Is4560
Is4560Is4560
Is4560Tara Hardin
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdfMohammedElkayesh
 
Paper2
Paper2Paper2
Paper2Vikas Khairnar
 
Database Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxDatabase Security, Threats & Countermeasures.pptx
Database Security, Threats & Countermeasures.pptxSaqibAhmedKhan4
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Final year presentation
Final year presentationFinal year presentation
Final year presentationAbhishek Jain
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptxPradip Bhattarai
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptxselvapriyabiher
 
Security
SecuritySecurity
SecurityGanesh Vadulekar
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfDr Amit Phadikar
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.pptMohammedMohammed578197
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
NON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating systemNON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating systemchnrketan
 
priority interrupt computer organization
priority interrupt computer organizationpriority interrupt computer organization
priority interrupt computer organizationchnrketan
 

More Related Content

Similar to Database managementsystemes_Unit-7.pptxe

Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Final year presentation
Final year presentationFinal year presentation
Final year presentationAbhishek Jain
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system securityG Prachi
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.pptSwapnaPavan2
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control FundamentalsSetiya Nugroho
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseWinWire Technologies Inc
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfDr Amit Phadikar
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challengessidraasif9090
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security and management
Security and managementSecurity and management
Security and managementArtiSolanki5
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 

Similar to Database managementsystemes_Unit-7.pptxe (20)

Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Final year presentation
Final year presentationFinal year presentation
Final year presentation
 
Least privilege, access control, operating system security
Least privilege, access control, operating system securityLeast privilege, access control, operating system security
Least privilege, access control, operating system security
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
CNS Unit-I_final.ppt
CNS Unit-I_final.pptCNS Unit-I_final.ppt
CNS Unit-I_final.ppt
 
Access Control Fundamentals
Access Control FundamentalsAccess Control Fundamentals
Access Control Fundamentals
 
OWASP_Training.pptx
OWASP_Training.pptxOWASP_Training.pptx
OWASP_Training.pptx
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL DatabaseModern Data Security for the Enterprises – SQL Server & Azure SQL Database
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Security
SecuritySecurity
Security
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdfdatabase-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
 
Comprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security ChallengesComprehensive Analysis of Contemporary Information Security Challenges
Comprehensive Analysis of Contemporary Information Security Challenges
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Security and management
Security and managementSecurity and management
Security and management
 
4_5949547032388570388.ppt
4_5949547032388570388.ppt4_5949547032388570388.ppt
4_5949547032388570388.ppt
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 

More from chnrketan

NON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating systemNON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating systemchnrketan
 
priority interrupt computer organization
priority interrupt computer organizationpriority interrupt computer organization
priority interrupt computer organizationchnrketan
 
Seminar_ketan metaverse technology and a
Seminar_ketan metaverse technology and aSeminar_ketan metaverse technology and a
Seminar_ketan metaverse technology and achnrketan
 
Framing in DLL computer networks and layers
Framing in DLL computer networks and layersFraming in DLL computer networks and layers
Framing in DLL computer networks and layerschnrketan
 
Java programing language unit 1 introduction
Java programing language unit 1 introductionJava programing language unit 1 introduction
Java programing language unit 1 introductionchnrketan
 
Chapter -2 operating system presentation
Chapter -2 operating system presentationChapter -2 operating system presentation
Chapter -2 operating system presentationchnrketan
 

More from chnrketan (6)

NON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating systemNON-PREEMPTIVE_SCHEDULING operating system
NON-PREEMPTIVE_SCHEDULING operating system
 
priority interrupt computer organization
priority interrupt computer organizationpriority interrupt computer organization
priority interrupt computer organization
 
Seminar_ketan metaverse technology and a
Seminar_ketan metaverse technology and aSeminar_ketan metaverse technology and a
Seminar_ketan metaverse technology and a
 
Framing in DLL computer networks and layers
Framing in DLL computer networks and layersFraming in DLL computer networks and layers
Framing in DLL computer networks and layers
 
Java programing language unit 1 introduction
Java programing language unit 1 introductionJava programing language unit 1 introduction
Java programing language unit 1 introduction
 
Chapter -2 operating system presentation
Chapter -2 operating system presentationChapter -2 operating system presentation
Chapter -2 operating system presentation
 

Recently uploaded

Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 

Recently uploaded (20)

Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 

Database managementsystemes_Unit-7.pptxe

  • 2. Topics to be covered • Introduction • Authentication and Authorization • Data encryption • Access control • DAC (Discretionary access control) • MAC (Mandatory access control) • RBAC models • Intrusion detection • SQL injection
  • 3. What is data security?  Data security is the protection of the data from unauthorized users.  Only the authorized users are allowed to access the data.  Most of the users are allowed to access a part of database i.e., the data that is related to them or related to their department.  Mostly, the DBA or head of department can access all the data in the database.  Some users may be permitted only to retrieve data, whereas others are allowed to retrieve as well as to update data.
  • 4. Security v/s Integrity Security Integrity Data security deals with protection of data. Data integrity deals with the validity of data. Data security is making sure that only the people who should have access to the data are the only ones who can access the data. Data integrity is making sure that the data is correct and not corrupt. Data security avoids from unauthorized access of data. Data integrity avoids from human errors, when data is entered. Data security is implemented through user account (passwords). Data integrity is implemented through constraints such as Primary key, Foreign key, Check constraints etc.
  • 5. Authentication v/s Authorization Authentication Authorization Logging on to a PC or some website or app with username and password is authentication. Accessing a file (data) from hard disk or some database is authorization. It is the process of verifying who you are. It is the process of verifying what you are authorized to do or not to do. It is providing integrity control and security to the data. It is protecting the data to ensure privacy and access control of data. It is the process of validating a user on the credentials (username and password). It is the process of verifying whether access is allowed or not.
  • 6. What is audit trail (audit log)?  An audit trail (audit log) is a record which will be generated for each and every transactions.  It will keep certain information about the transaction.  An audit trail (audit log) records 1. Who (user or the application program and a transaction number) 2. When (date and time) 3. From Where (location of the user and/or terminal) 4. What (identification of the data affected, as well as a before-and-after image of that portion of the database that was affected by the update operation)
  • 7. • Encryption is a security method in which information is encoded in such a way that only authorized user can read (understand) it. • It uses encryption algorithm to generate ciphertext that can only be read if decrypted. What is data encryption?
  • 8. Data encryption method (process) Sender Receiver Unauthorized Hello Khoor Hello Khoor Plaintext Ciphertext Should not access Plaintext Ciphertext Encryption Decryption
  • 9. What is data encryption?  Data encryption is the process of encoding (translating) a message or information in such a way that only authorized persons can access it and those who are not authorized cannot.  Encryption is the process of translating plaintext data (plaintext) into something that appears to be meaningless (ciphertext).  Decryption is the process of converting ciphertext back to plaintext.
  • 10. Types of Encryption  There are two types of encryptions schemes: 1. Symmetric key encryption / Private key encryption 2. Asymmetric key encryption / Public key encryption
  • 11. Types of Encryption  Symmetric key encryption • Encryption and decryption keys are the same. • The same key is used by the sender to encrypt the data, and again by the receiver to decrypt the data. • Symmetric key encryption is fast in execution.  Asymmetric key encryption • Encryption and decryption keys are the different (Public Key and Private Key). • Messages are encrypted by sender with one key (Public Key) and can be decrypted by receiver only by the other key (Private Key). • Asymmetric key encryption is slow in execution due to the high computational burden.
  • 12. Access control methods of data security  There are two different methods of data access control: 1. Discretionary access control 2. Mandatory access control
  • 13. Discretionary access control  In discretionary access control (DAC), the owner of the object specifies (decides) which subjects (user) can access the object.  In this method a single user can have different rights on different objects, as well as different user can have different rights on the same objects.  SQL support discretionary access control through the GRANT and REVOKE commands.  GRANT • This command gives rights to user for an object. • Syntax:- GRANT privilege ON object TO user [WITH GRANT OPTION]  REVOKE • This command takes back rights from user for an object. • Syntax:- REVOKE privilege ON object FROM user {RESTRICT/CASCADE}
  • 14. Mandatory access control  In this method individual user cannot get rights.  But all the users as well as all the objects are classified into different categories.  Each user is assigned a clearance level and each object is assigned a security level.  A user can access object of particular security level only if he has proper clearance level.  The DBMS (system) determines whether the given user can read or write a given object based on some rules.  This rule makes sure that sensitive data can never be passed to a user without necessary clearance.
  • 15. Mandatory access control  Mandatory access control technique for multi-level security uses four components as given below: 1. Subjects:- Such as users, accounts, programs etc. 2. Objects:- Such as relation (table), tuples (records), attribute (column), view etc. 3. Clearance level:- Such as top secret (TS), secret (S), confidential (C), Unclassified (U). Each subject is classified into one of these four classes. 4. Security level:- Such as top secret (TS), secret (S), confidential (C), Unclassified (U). Each object is classified into one of these four classes.  In the above system TS>S>C>U, where TS>S means class TS object is more sensitive than class S object.
  • 16. Mandatory access control rules  A user can access data by following two rules 1. Security property:- • Security property states that a subject at a given security level may not read an object at a higher security level. 2. Star (*) security property:- • Star (*) property states that a subject at a given security level may not write to any object at a lower security level.
  • 17. Role based access control (RBAC) rules  It restricts database access based on a person's role within an organization. The roles in RBAC refer to the levels of access that employees have to the network.  Employees are only allowed to access the information necessary to effectively perform their job duties.  Access can be based on several factors, such as authority, responsibility, and job competency.  In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file.  Lower-level employees usually do not have access to sensitive data if they do not need it to fulfil their responsibilities.  Using RBAC will help in securing your company’s sensitive data and important applications.
  • 18. Intrusion detection  An Intrusion Detection System (IDS) is a system or software application that monitors network traffic or system for suspicious activity or policy violations and issues alerts when such activity is discovered.  It is a software application that scans a network or a system for harmful activity or policy breaching.  Any malicious venture or violation is normally reported either to an administrator or collected centrally using a security information and event management (SIEM) system.  A SIEM system integrates outputs from multiple sources and uses alarm filtering techniques to differentiate malicious activity from false alarms.
  • 19. SQL injection  SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.  This information may include any number of items, including sensitive company data, user lists or private customer details.  A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables, gaining administrative rights to a database, all of which are highly detrimental to a business.
  • 20. Questions asked in GTU 1. Describe GRANT and REVOKE commands with suitable example. 2. What is difference between authorization and authentication? Explain the use of audit trail. 3. Explain data encryption with its types. 4. Differentiate discretionary access control and mandatory access control. 5. What is the difference between data security and data integrity?