SlideShare a Scribd company logo

Database Security

Ferdous Pathan
Ferdous Pathan

Database Security with main aspect of CIA

TechnologyBusiness
1 of 96
Download to read offline
Database Security Ghezal Ahmad Zia Information Systems Department Faculty of Computer Science Kabul University ghezalahmadzia@yahoo.com May 16, 2014 Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 1 / 42
Contents I 1 Introduction 2 Main Aspect of Database Security Integrity Confidentiality Availability 3 Access Control Discretionary Access Control Mandatory Access Control 4 Conclusion 5 References Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 2 / 42
How to think about Insecurity? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
How to think about Insecurity? People are part of the problem... Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
How to think about Insecurity? People are part of the problem... Bad guys don’t follow rules Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
How to think about Insecurity? People are part of the problem... Bad guys don’t follow rules Need to understand what sort of attack possible to compromise a system Prerequisite to understand what to protect in a system! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
Causes of Software Security Incidents Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Economic factors Consumers do not care about security Security is difficult, expensive and takes time Few security audits Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Economic factors Consumers do not care about security Security is difficult, expensive and takes time Few security audits Human Factor Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
Human Factor Who are the attackers? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 5 / 42
Human Factor Who are the attackers? Why do the attack systems? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 5 / 42
What is Database security? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
What is Database security? Database It is a collection of information stored in a computer Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Database Security It is the mechanisms that protect the database against intentional or accidental threats. OR Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Database Security It is the mechanisms that protect the database against intentional or accidental threats. OR Protection from malicious attempts to steal (view) or modify data. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
What is Threats? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
What is Threats? Threats - Any situation or event, whether intensional or accidental, that may adversely affect a system and consequently the organization. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
What is Threats? Threats - Any situation or event, whether intensional or accidental, that may adversely affect a system and consequently the organization. Computer Systems Databases Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
Threats Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 8 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 9 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 10 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 11 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 12 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 13 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 14 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Programmers/ Operators o  Creating trapdoors o  Program alteration (such as creating software that is insecure) o  Inadequate staff training o  Inadequate security policies and procedure User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 15 / 42
Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Programmers/ Operators o  Creating trapdoors o  Program alteration (such as creating software that is insecure) o  Inadequate staff training o  Inadequate security policies and procedure User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Data/Database Administrator o  Inadequate security o  Policies and procedures Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 16 / 42
Definition of Database security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
Definition of Database security Database Security is defined as the process by which ”Confidentiality, Integrity, and Availability”of the database can be protected Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
Definition of Database security Database Security is defined as the process by which ”Confidentiality, Integrity, and Availability”of the database can be protected Countermeasures authorization access control views backup and recovery encryption RAID technology Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
Database security Concepts Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
Database security Concepts Three Main Aspects Confidentiality Integrity Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Loss of Integrity Loss of Availability Loss of Confidentiality Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
Confidentiality Confidentiality No one can read our data / communication unless we want them to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. For example: The employees should not see the salaries of their managers. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
Confidentiality Confidentiality involves: privacy: protection of private data, secrecy: protection of organisational data Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 20 / 42
Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Protecting the database from authorized users. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Protecting the database from authorized users. Ensures that what users are trying to do is correct For example: An employee should be able to modify his or her own information. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
Integrity ”Making sure that everything is as it is supposed to be.” Preventing unauthorized writing or modifications Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 22 / 42
Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Authorized users should be able to access data for Legal Purposes as necessary Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Authorized users should be able to access data for Legal Purposes as necessary For example: Payment orders regarding taxes should be made on time by the tax law. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
Availability Services are accessible and useable (without delay) whenever needed by an authorized entity. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 24 / 42
Relationship between Confidentiality Integrity and Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 25 / 42
Relationship between Confidentiality Integrity and Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 26 / 42
Thanks for your attention! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 27 / 42
Integrity How is data integrity preserved? Through Data integrity Constraints Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 28 / 42
Integrity How is data integrity preserved? Through Data integrity Constraints Constraints restrict data values that can be inserted or updated Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 28 / 42
Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Validity Checking Example INSERT INTO test values(55, ’ Hiess’ ); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Validity Checking Example INSERT INTO test values(55, ’ Hiess’ ); ERROR-Check constraints violated Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
Referential Integrity Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 30 / 42
Confidentiality Example: How to ensure data confidentiality? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
Confidentiality Example: How to ensure data confidentiality? Cryptography Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
Confidentiality Example: How to ensure data confidentiality? Cryptography Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
Confidentiality Example: How to ensure data confidentiality? Cryptography Strong Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
Confidentiality Example: How to ensure data confidentiality? Cryptography Strong Access Control Limiting number of places where data can appear Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
Access Control An identity permits access to resources In computer security this is called Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Objects (upon what an action is performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Objects (upon what an action is performed) Operations (the type of action performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: 1 Discretionary access control (DAC) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: 1 Discretionary access control (DAC) 2 Mandatory access control (MAC) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
Discretionary Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Users can grant privileges to other users at their own discretion. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Users can grant privileges to other users at their own discretion. Implementation: GRANT and REVOKE commands Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
Granting/Revoking Privileges GRANT SELECT ON database.* TO user@’localhost’; Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 35 / 42
Granting/Revoking Privileges GRANT SELECT ON database.* TO user@’localhost’; GRANT SELECT ON database.* TO user@’localhost’ IDENTIFIED BY ’password’; Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 35 / 42
DBMSs and Web Security Countermeasures Proxy servers Firewalls Secure Socket Layer or SSL Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 36 / 42
DBMSs and Web Security Countermeasures Proxy servers Firewalls Secure Socket Layer or SSL Which is used extensively to secure e-commerce on the Internet today. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 36 / 42
Proxy Servers Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
Proxy Servers Definition Proxy servers is a computer that sits between a Web browser and a Web servers. It intercepts all requests for web pages and saves them locally for some times. Proxy server provides improvement in performance and filters requests. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
Proxy Servers Definition Proxy servers is a computer that sits between a Web browser and a Web servers. It intercepts all requests for web pages and saves them locally for some times. Proxy server provides improvement in performance and filters requests. Computer A Computer B Proxy-server Internet Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
Firewalls Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 38 / 42
Firewalls Firewalls Is a system that prevents unauthorized access to or from private network. Implemented in software, hardware or both. Packet filter Application gateway Proxy server Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 38 / 42
Conclusion Data security is critical. Requires security at different levels. Several technical solutions . But human training is essential. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 39 / 42
References Mark Stamp INFORMATION SECURITY PRINCIPLES AND PRACTICE Mark Stamp Database Systems Security , Chapter 19, 541 Michael Gertz Handbook of Database Security Applications and Trends Dorothy Elizabeth Robling Denning Cryptography and Data Security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 40 / 42
Thanks for your attention! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 41 / 42

Recommended

Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database security
Database securityDatabase security
Database securityArpana shree
 

Recommended

Database security
Database securityDatabase security
Database securityafzaalkhalid1
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Database security
Database securityDatabase security
Database securityMurchana Borah
 
DB security
DB security DB security
DB securityERSHUBHAM TIWARI
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Database security
Database securityDatabase security
Database securityArpana shree
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Database security
Database securityDatabase security
Database securityCAS
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of DataAdeel Riaz
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITYWasim Raza
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 
Database security
Database securityDatabase security
Database securityZubair Rahim
 
Database Security
Database SecurityDatabase Security
Database SecurityRabiaIftikhar10
 
System security
System securitySystem security
System securityReachLocal Services India
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 

More Related Content

What's hot

Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Database security
Database securityDatabase security
Database securityCAS
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of DataAdeel Riaz
 
Database security
Database securityDatabase security
Database securityBirju Tank
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Security of the database
Security of the databaseSecurity of the database
Security of the databasePratik Tamgadge
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Database Security
Database SecurityDatabase Security
Database Securityalraee
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-dbuncleRhyme
 

What's hot (20)

Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Database security
Database securityDatabase security
Database security
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Database security
Database securityDatabase security
Database security
 
Database security
Database securityDatabase security
Database security
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of Data
 
Database security
Database securityDatabase security
Database security
 
DBMS SECURITY
DBMS SECURITYDBMS SECURITY
DBMS SECURITY
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Security of the database
Security of the databaseSecurity of the database
Security of the database
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database Security
 
Database Security
Database SecurityDatabase Security
Database Security
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
Database security
Database securityDatabase security
Database security
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
 
Database security
Database securityDatabase security
Database security
 
Database Security
Database SecurityDatabase Security
Database Security
 
System security
System securitySystem security
System security
 

Viewers also liked

Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Securityamiable_indian
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
database recovery techniques
database recovery techniques database recovery techniques
database recovery techniques Kalhan Liyanage
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlMike Thompson
 
141118 Thales contributions and benefits
141118 Thales contributions and benefits141118 Thales contributions and benefits
141118 Thales contributions and benefitsSINTAS
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Data base testing
Data base testingData base testing
Data base testingBugRaptors
 
Testing the technology
Testing the technologyTesting the technology
Testing the technologyHamza Bhamla
 
Information Retrieval Models Part I
Information Retrieval Models Part IInformation Retrieval Models Part I
Information Retrieval Models Part IIngo Frommholz
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgEric Vanderburg
 
Mobile database security threats
Mobile database security threatsMobile database security threats
Mobile database security threatsAkhil Kumar
 

Viewers also liked (20)

Database security issues
Database security issuesDatabase security issues
Database security issues
 
Database Systems Security
Database Systems SecurityDatabase Systems Security
Database Systems Security
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
database recovery techniques
database recovery techniques database recovery techniques
database recovery techniques
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
SSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath ControlSSL/TLS Eavesdropping with Fullpath Control
SSL/TLS Eavesdropping with Fullpath Control
 
141118 Thales contributions and benefits
141118 Thales contributions and benefits141118 Thales contributions and benefits
141118 Thales contributions and benefits
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Data base testing
Data base testingData base testing
Data base testing
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
Testing the technology
Testing the technologyTesting the technology
Testing the technology
 
Information Retrieval Models Part I
Information Retrieval Models Part IInformation Retrieval Models Part I
Information Retrieval Models Part I
 
Leya 10.15
Leya 10.15Leya 10.15
Leya 10.15
 
Information Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric VanderburgInformation Security Lesson 6 - Web Security - Eric Vanderburg
Information Security Lesson 6 - Web Security - Eric Vanderburg
 
Mobile database security threats
Mobile database security threatsMobile database security threats
Mobile database security threats
 
Reading process
Reading processReading process
Reading process
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
Reading Workshop
Reading WorkshopReading Workshop
Reading Workshop
 

Similar to Database Security

Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Phil Agcaoili
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxmalbert5
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfAnSHiKa187943
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
ISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxpriestmanmable
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyMohammad Febri
 
Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Nawanan Theera-Ampornpunt
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data BreachesSymantec
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
 

Similar to Database Security (20)

Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say? Data Breaches. Are you next? What does the data say?
Data Breaches. Are you next? What does the data say?
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Network Security
Network Security Network Security
Network Security
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Ch13 - Security Engineering
Ch13 - Security EngineeringCh13 - Security Engineering
Ch13 - Security Engineering
 
databasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdfdatabasesecurit-phpapp01.pdf
databasesecurit-phpapp01.pdf
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is Failing
 
ISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docxISYS 2394 Business Globalisation and Business IT.docx
ISYS 2394 Business Globalisation and Business IT.docx
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
uu (2).pdf
uu (2).pdfuu (2).pdf
uu (2).pdf
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 
Health Information Privacy and Security
Health Information Privacy and SecurityHealth Information Privacy and Security
Health Information Privacy and Security
 
Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)Health Information Privacy and Security (October 30, 2019)
Health Information Privacy and Security (October 30, 2019)
 
3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches3 Perspectives Around Data Breaches
3 Perspectives Around Data Breaches
 
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Lessons Learned From Heartbleed, Struts, and The Neglected 90%
Lessons Learned From Heartbleed, Struts, and The Neglected 90%
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Database Security

  • 1. Database Security Ghezal Ahmad Zia Information Systems Department Faculty of Computer Science Kabul University ghezalahmadzia@yahoo.com May 16, 2014 Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 1 / 42
  • 2. Contents I 1 Introduction 2 Main Aspect of Database Security Integrity Confidentiality Availability 3 Access Control Discretionary Access Control Mandatory Access Control 4 Conclusion 5 References Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 2 / 42
  • 3. How to think about Insecurity? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
  • 4. How to think about Insecurity? People are part of the problem... Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
  • 5. How to think about Insecurity? People are part of the problem... Bad guys don’t follow rules Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
  • 6. How to think about Insecurity? People are part of the problem... Bad guys don’t follow rules Need to understand what sort of attack possible to compromise a system Prerequisite to understand what to protect in a system! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 3 / 42
  • 7. Causes of Software Security Incidents Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 8. Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 9. Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 10. Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 11. Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Economic factors Consumers do not care about security Security is difficult, expensive and takes time Few security audits Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 12. Causes of Software Security Incidents Buggy software and wrong configurations Unsafe program languages Complex programs Lack of awareness and education Few courses in computer security Programming text books do not emphasize security Poor usability Security sometimes makes things harder to use Economic factors Consumers do not care about security Security is difficult, expensive and takes time Few security audits Human Factor Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 4 / 42
  • 13. Human Factor Who are the attackers? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 5 / 42
  • 14. Human Factor Who are the attackers? Why do the attack systems? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 5 / 42
  • 15. What is Database security? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
  • 16. What is Database security? Database It is a collection of information stored in a computer Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
  • 17. What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
  • 18. What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Database Security It is the mechanisms that protect the database against intentional or accidental threats. OR Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
  • 19. What is Database security? Database It is a collection of information stored in a computer Security It is being free from danger Database Security It is the mechanisms that protect the database against intentional or accidental threats. OR Protection from malicious attempts to steal (view) or modify data. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 6 / 42
  • 20. What is Threats? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
  • 21. What is Threats? Threats - Any situation or event, whether intensional or accidental, that may adversely affect a system and consequently the organization. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
  • 22. What is Threats? Threats - Any situation or event, whether intensional or accidental, that may adversely affect a system and consequently the organization. Computer Systems Databases Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 7 / 42
  • 23. Threats Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 8 / 42
  • 24. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 9 / 42
  • 25. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 10 / 42
  • 26. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 11 / 42
  • 27. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 12 / 42
  • 28. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 13 / 42
  • 29. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 14 / 42
  • 30. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Programmers/ Operators o  Creating trapdoors o  Program alteration (such as creating software that is insecure) o  Inadequate staff training o  Inadequate security policies and procedure User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 15 / 42
  • 31. Threats Hardware Fire/Flood/bombs Data corruption due to power loss or surge Failure of security mechanisms giving greater access Theft of equipment Physical damage of equipment DBMS and Application Software Failure of security mechanism giving greater access Program alteration Theft of programs Communication Networks Wire tapping Breaking or disconnection of cables Electronic interference and radiation Database Unauthorized amendment or copying of data Theft of data Data corruption due to power loss or surge Programmers/ Operators o  Creating trapdoors o  Program alteration (such as creating software that is insecure) o  Inadequate staff training o  Inadequate security policies and procedure User o  Using another person’s means of access o  Viewing and disclosing unauthorized data o  Inadequate staff training o  Illegal entry by hacker o  Blackmail o  Introduction of viruses Data/Database Administrator o  Inadequate security o  Policies and procedures Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 16 / 42
  • 32. Definition of Database security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
  • 33. Definition of Database security Database Security is defined as the process by which ”Confidentiality, Integrity, and Availability”of the database can be protected Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
  • 34. Definition of Database security Database Security is defined as the process by which ”Confidentiality, Integrity, and Availability”of the database can be protected Countermeasures authorization access control views backup and recovery encryption RAID technology Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 17 / 42
  • 35. Database security Concepts Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
  • 36. Database security Concepts Three Main Aspects Confidentiality Integrity Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
  • 37. Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
  • 38. Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
  • 39. Database security Concepts Three Main Aspects Confidentiality Integrity Availability Threats to databases: Loss of Integrity Loss of Availability Loss of Confidentiality Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 18 / 42
  • 40. Confidentiality Confidentiality No one can read our data / communication unless we want them to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
  • 41. Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
  • 42. Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
  • 43. Confidentiality Confidentiality No one can read our data / communication unless we want them to It is protecting the database from unauthorized users. Ensures that users are allowed to do the things they are trying to do. For example: The employees should not see the salaries of their managers. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 19 / 42
  • 44. Confidentiality Confidentiality involves: privacy: protection of private data, secrecy: protection of organisational data Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 20 / 42
  • 45. Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
  • 46. Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Protecting the database from authorized users. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
  • 47. Integrity Integrity No one can manipulate our data / processing / communication unless we want them to Protecting the database from authorized users. Ensures that what users are trying to do is correct For example: An employee should be able to modify his or her own information. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 21 / 42
  • 48. Integrity ”Making sure that everything is as it is supposed to be.” Preventing unauthorized writing or modifications Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 22 / 42
  • 49. Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
  • 50. Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Authorized users should be able to access data for Legal Purposes as necessary Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
  • 51. Availability Availability We can access our data / conduct our processing / use our communication capabilities when we want to Authorized users should be able to access data for Legal Purposes as necessary For example: Payment orders regarding taxes should be made on time by the tax law. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 23 / 42
  • 52. Availability Services are accessible and useable (without delay) whenever needed by an authorized entity. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 24 / 42
  • 53. Relationship between Confidentiality Integrity and Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 25 / 42
  • 54. Relationship between Confidentiality Integrity and Availability Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 26 / 42
  • 55. Thanks for your attention! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 27 / 42
  • 56. Integrity How is data integrity preserved? Through Data integrity Constraints Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 28 / 42
  • 57. Integrity How is data integrity preserved? Through Data integrity Constraints Constraints restrict data values that can be inserted or updated Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 28 / 42
  • 58. Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
  • 59. Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
  • 60. Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
  • 61. Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Validity Checking Example INSERT INTO test values(55, ’ Hiess’ ); Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
  • 62. Column CHECK constraints Example Validity Checking Example CREATE TABLE test (rollno number(2) check (rollno between 1 and 50), name varchar2(15)); Validity Checking Example INSERT INTO test values(45, ’ Willy’ ); 1 row inserted Validity Checking Example INSERT INTO test values(55, ’ Hiess’ ); ERROR-Check constraints violated Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 29 / 42
  • 63. Referential Integrity Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 30 / 42
  • 64. Confidentiality Example: How to ensure data confidentiality? Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
  • 65. Confidentiality Example: How to ensure data confidentiality? Cryptography Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
  • 66. Confidentiality Example: How to ensure data confidentiality? Cryptography Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
  • 67. Confidentiality Example: How to ensure data confidentiality? Cryptography Strong Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
  • 68. Confidentiality Example: How to ensure data confidentiality? Cryptography Strong Access Control Limiting number of places where data can appear Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 31 / 42
  • 69. Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
  • 70. Access Control An identity permits access to resources In computer security this is called Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
  • 71. Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
  • 72. Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Objects (upon what an action is performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
  • 73. Access Control An identity permits access to resources In computer security this is called Access Control Authorization We talk about: Subjects (for whom an action is performed) Objects (upon what an action is performed) Operations (the type of action performed) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 32 / 42
  • 74. Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
  • 75. Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
  • 76. Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: 1 Discretionary access control (DAC) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
  • 77. Access Control Models A DBMS provides access control mechanisms to help implement a security policy. Two complementary types of mechanism: 1 Discretionary access control (DAC) 2 Mandatory access control (MAC) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 33 / 42
  • 78. Discretionary Access Control Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 79. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 80. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 81. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 82. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 83. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Users can grant privileges to other users at their own discretion. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 84. Discretionary Access Control Idea Achieve security based on the concept of access rights: 1 privileges for objects (certain access rights for tables, columns, etc.), and 2 a mechanism for giving users privileges (and revoking privileges) Users are given privileges to access the appropriate schema objects (tables, views). Users can grant privileges to other users at their own discretion. Implementation: GRANT and REVOKE commands Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 34 / 42
  • 85. Granting/Revoking Privileges GRANT SELECT ON database.* TO user@’localhost’; Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 35 / 42
  • 86. Granting/Revoking Privileges GRANT SELECT ON database.* TO user@’localhost’; GRANT SELECT ON database.* TO user@’localhost’ IDENTIFIED BY ’password’; Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 35 / 42
  • 87. DBMSs and Web Security Countermeasures Proxy servers Firewalls Secure Socket Layer or SSL Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 36 / 42
  • 88. DBMSs and Web Security Countermeasures Proxy servers Firewalls Secure Socket Layer or SSL Which is used extensively to secure e-commerce on the Internet today. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 36 / 42
  • 89. Proxy Servers Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
  • 90. Proxy Servers Definition Proxy servers is a computer that sits between a Web browser and a Web servers. It intercepts all requests for web pages and saves them locally for some times. Proxy server provides improvement in performance and filters requests. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
  • 91. Proxy Servers Definition Proxy servers is a computer that sits between a Web browser and a Web servers. It intercepts all requests for web pages and saves them locally for some times. Proxy server provides improvement in performance and filters requests. Computer A Computer B Proxy-server Internet Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 37 / 42
  • 92. Firewalls Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 38 / 42
  • 93. Firewalls Firewalls Is a system that prevents unauthorized access to or from private network. Implemented in software, hardware or both. Packet filter Application gateway Proxy server Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 38 / 42
  • 94. Conclusion Data security is critical. Requires security at different levels. Several technical solutions . But human training is essential. Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 39 / 42
  • 95. References Mark Stamp INFORMATION SECURITY PRINCIPLES AND PRACTICE Mark Stamp Database Systems Security , Chapter 19, 541 Michael Gertz Handbook of Database Security Applications and Trends Dorothy Elizabeth Robling Denning Cryptography and Data Security Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 40 / 42
  • 96. Thanks for your attention! Ghezal Ahmad Zia (@ISD-CSF-KU) Database Security May 16, 2014 41 / 42