SlideShare a Scribd company logo
1 of 40
Database Security
Dr. Dipali Meher
MCS, M.Phil, NET, Ph.D
Assistant Professor
Modern College of Arts, Science &
Commerce, Ganeshkhind, Pune 16
dipalimeher@moderncollegegk.org
1
Prof. Prerana Sherla
MCS
Assistant Professor
Modern College of Arts, Science & Commerce,
Ganeshkhind, Pune 16
Prerana.sherla@moderncollegegk.org
AGENDA
 Introduction to database security concepts
 Methods for database security
 Discretionary access control method
 Mandatory access control
 Role base access control for multilevel security.
 Use of views in security enforcement.
2
What is Database Security?
Database security can guard against a compromise of
your database, which can lead to financial loss, reputation
damage, consumer confidence disintegration, brand erosion,
and non-compliance of government and industry regulation.
3 objectives
confidentiality, integrity, and availability
3
What is Database Security?
 Database security refers to the collective measures used to protect and
secure a database or database management software from illegitimate use
and malicious cyber threats and attacks.
 Database security procedures are aimed at protecting not just the data
inside the database, but the database management system and all the
applications that access it from intrusion, misuse of data, and damage.
4
Threats for database security
 The biggest, most damaging and most widespread threat facing small businesses are
phishing attacks.
Some major database security threats are as follows:
 Loss of Privacy: loss of protection of an individual’s data files.
 Loss of Availability: unavailability of network, hardware or application because of which
data is unavailable to users.
 Loss of Integrity: data corruption
 Loss of Confidentiality: unauthorized users access the database.
 Any kind of Theft and fraud: Inadequate physical security of database.
 Accidental loss: due to software, hardware, network problems
5
Database should be protected from all
above threats at different levels
1) Physical Level: The machine which contains database should be secured from all ways.
2) Database System Level: Access to database by authorized users only.
3) Operating System Level: Strong operating system secures database also
4) Human(individual) Level: restrictions to access , modify and delete data from database by different
levels of users
5) Network: All database systems are accessed remotely so software level security should be provided
over network.
6
METHODS FOR DATABASE SECURITY
Following are different techniques used for database
security.
 Discretionary Access Control Method
 Mandatory Access Control Method
 Statistical Database Security
 Different Data Encryption Techniques
7
Discretionary access control method
Access to database from unauthorized users is secured by this methods.
1) Granting and revoking privileges to database users at different levels such as on
files, records, fields and on any specified mode such as read, insert, delete and
update
A privilege is a right to execute a particular type of SQL
statement or to access another user's object. e.g reading,
writing, updating and deleing from database.
8
Types of discretionary privileges
Account Level
CREATE SCHEMA/CREATE
TABLE
CREATE VIEW
DROP
ALTER
MODIFY
SELECT
Relation (table) level
System privilege
Object privilege
9
Account level privilege's
 CREATE SCHEMA/CREATE TABLE: This privilege is used to create schema or base
relation
 CREATE VIEW: This privilege is used to create view. This will be used for relation level
and virtual –view relations.
 DROP: This privilege is used to delete relation or view.
 ALTER: This privilege is used to apply schema changes to relations such as
adding/removing attribute column to a table.
 MODIFY: This privilege is used to insert, delete or update tuples in a database.
 SELECT: This privilege is use to retrieve information from database by using select
query.
10
GRANTING AND REVOKING
PRIVILEGES
 These privileges follow authorization model and access matrix or authorization matrix model.
Access matrix model (M):
 Rows: Represents subjects(users/accounts/programs)
 Columns: Objects(relations/records/columns/views/operations)
 M(i,j): This position is the matrix represents the types of privileges (read, write, update) that subject i
holds object j.
11
Example of privileges of relation
in SQL following types of privileges are granted to each relation (R)
 SELECT: This is read privileges on relation (R). Data from relation is retrieved
using this privilege.
 MODIFY: This privilege modify tuples from relation (R). This privilege gives
various commands like UPDATE (updating attributes), DELETE (deleting
attributes) and INSERT (inserting attributes) on relation (R).
 REFERENCES: This privilege modify the reference relation (R) using integrity
constraints. It can be restricted for specific relation (R).
12
Relation (table) level privileges
 System privilege: It is right to perform particular action on a
particular type of object. E.g. to create table, to delete rows of table
using CREATE, ALTER and DROP command.
 Object privilege: It is right to perform particular action on particular
type of table, relation, attribute, view, sequence, procedure, function
or package. E.g. to select, delete , insert data into table using
SELECT, INSERT, DELETE command.
13
GRANT COMMAND
Syntax:
GRANT privilege_name
ON < tablename| view name>
TO {user list| role name}
[WITH GRANT OPTION];
14
 Privilege name: access right like SELECT, INSERT, UPDATE, DELETE
etc. to be granted.
 Table name: relation name view name: specifies view name
 User list: specifies list of users to which privilege is to be granted
 Role name: specifies user role in database system
 WITH GRANT OPTION: specifies a user to grant access rights to
other user.
15
Example:
GRANT SELECT, DELETE, UPDATE //access rights with commands
ON EMPLOYEE // table name
TO RAJESH //user name
WITH GRANT OPTION; // allows user to grant access rights to
other users.
Meaning: RAJESH is authorized to perform SELECT, DELETE, UPDATE operation
on EMPLOYEE table and grant those privileges to other users of employee
table.
16
REVOKE COMMAND
Syntax
REVOKE privilege_name
ON < tablename| view name>
FROM {user list| role name} [restrict |cascade];
17
 Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be removed.
 Table name: relation name view name: specifies view name
 User list: specifies list of users to which privilege is to be granted
 Role name: specifies user role in database system
 restrict: the privilege will be removed only from specified user and not from other users
to whom the privilege is granted by specified user.
 cascade: The privilege will be removed from user and from other dependents users
also.
18
Example
REVOKE DELETE, UPDATE (emp-sal) //access rights with commands
to be removed
ON EMPLOYEE // table name
FROM RAJESH //user name
Explanation: DELETE and UPDATE rights on emp-sal will be removed
from user rajesh on table EMPLOYEE.
19
AUDIT TRAILS
Audit trail is a log of all changes (insert/delete/update)
performed on database along with the user information
and time. This is used to track fraud in database as it
gives security to the database.
20
A typical audit trail contains following entries
 Request (source text)
 Terminal (from which operation was performed)
 User( who performed the operation)
 Date
 Time
 Tuples ( on which tuples of relation R)
 Attributes ( of relation R)
 Old value (of tuple/ attribute/ relation R)
 New value (of tuple/ attribute/ relation R)
21
Advantages of DAC
 User-friendly: Users can manage their data and quickly access data
of other users.
 Flexible: Users can configure data access parameters without
administrators.
 Easy to maintain: Adding new objects and users doesn’t take much
time for the administrator.
 Granular: Users can configure access parameters for each piece of
data.
22
Disadvantages of DAC
 Low level of data protection — DAC can’t ensure reliable security
because users can share their data however they like.
 Obscure — There’s no centralized access management, so in order to
find out access parameters, you have to check each ACL
23
Mandatory Access Control
 Mandatory Access Control is a method of limiting access to resources based on the sensitivity of
the information that the resources contains and the authorization of the user to access
information with that level of sensitivity.
 This model of access control where the operating system provides users with access based on data
confidentiality and user clearance levels. In this model, access is granted on a need know basis.
 Before gaining the access you have to know the need of information
 It is most secure because this model is non- discretionary control model and implemented on zero
trust principle.
24
Advantages of MAC
 High level of data protection: An administrator defines access to
objects, and users can’t edit that access.
 Granular: An administrator sets user access rights and object access
parameters manually.
 Immune to Trojan Horse attacks: Users can’t declassify data or share
access to classified data.
25
Disadvantages of MAC
 Maintainability: Manual configuration of security levels and clearances requires
constant attention from administrators.
 Scalability: MAC doesn’t scale automatically.
 Not user-friendly: Users have to request access to each new piece of data; they
can’t configure access parameters for their own data.
26
Compare and contrast DAC and MAC
DAC MAC
A type of access control on which the owner of a
resource restricts access to the resource based on the
identity of the users.
A type of access control that restricts the access to
the resources based on the clearance of the subjects.
Stands of Discretionary access Control Stands for Mandatory Access Control
Resource owner determines who can access and
what privileges they have
Provides access to the users depending on the
clearance level of users. Access is determined by
the system
More flexible Less flexible
Not as secure as MAC More secure
Easier to implement Comparatively less easier to implement
27
Role Base Access Control (RBAC) For Multilevel
Security
Roles are collection of privileges or access rights that
are combined in a centralized unit which manages
users or objects of a database.
There are two types of roles namely application role and user role.
Application role: It is used for granting all the necessary privileges to run a given
database.
User role: It is used for creation of database user groups with common privilege
requirements.
28
RBAC
 Roles can be created using CREATE ROLE and deleted using DROP
ROLE command. GRANT and REVOKE commands under
Discretionary Access control are used to assign and revoke
privileges from roles.
 RABC is alternative to Discretionary Access control and Mandatory
Access control.
29
RBAC
 CREATION OF ROLES:
Syntax:
 CREATE ROLE role_name [IDENTIFIED BY password]
Example to create role of “developer” with password dev@123
CREATE ROLE DEVELOPER [IDENTIFIED BY dev@123]
DROPPING ROLES:
Syntax
DROP ROLE role_name;
Example DROP ROLE DEVELOPER;
30
USE OF VIEWS IN SECURITY ENFORCEMENT
A view is the result set of
a stored query on the data, which
the database users can query just as
they would in a persistent database
collection object. Views can represent
a subset of the data contained in a
table.
31
Advantages of views
 A view can limit the degree of exposure of the underlying tables to the outer world.
 Security: Each user can be given permission to access the database only through a
small set of views that contain the specific data the user is authorized to see, thus
restricting the user's access to stored data
 Query simplicity: A view can draw data from several different tables and present it as
a single table, turning multi-table queries into single-table queries against the view.
32
Advantages of views
 Structural simplicity: Views can give a user a "personalized" view of the database structure,
presenting the database as a set of virtual tables that make sense for that user.
 Consistency: A view can present a consistent, unchanged image of the structure of the
database, even if the underlying source tables are split, restructured, or renamed.
 Data Integrity: If data is accessed and entered through a view, the DBMS can automatically
check the data to ensure that it meets the specified integrity constraints.
 Logical data independence: View can make the application and database tables to a certain
extent independent. If there is no view, the application must be based on a table.
33
Disadvantages of views
 When a table is dropped, associated view become irrelevant.
 Since the view is created when a query requesting data from
view is triggered, it’s a bit slow.
 When views are created for large tables, it occupies more
memory.
34
Creation of views
Syntax:
 CREATE [TEMP| TEMPORARY] VIEW view_name AS
 SELECT column1, column2…
 FROM table_name
 WHERE [condition];
 TEMP| TEMPORARY keyword says that views are created in temporary
space. Temporary views are automatically dropped at the end of current
session.
35
Example of view
 consider student table
sno sname sbdate saddress sdiv scourse
1 Rajesh 12/06/1658 Kothrud A BCS
2 Kavita 14/09/1952 Deccan B BCA
3 Sadhana 18/02/1950 Aundh C MCA
4 Radha 28/09/1965 SB Road C BCS
5 Kalpana 01/01/1960 Deccan D BCA
36
Create a view for student no, name and division.
 CREATE VIEW S_view1 AS
 SELECT sno, sname, sdiv
 FROM STUDENT;
S_view1 will be as follows: sno sname sdiv
1 Rajesh A
2 Kavita B
3 Sadhana C
4 Radha C
5 Kalpana D
37
Create a view for student of C division.
 CREATE VIEW S_view2 AS
 SELECT *
 FROM STUDENT
 WHERE sdiv=’C’;
 S_view2 will be as follows:
sno sname sbdate saddress sdiv scourse
3 Sadhana 18/02/1950 Aundh C MCA
4 Radha 28/09/1965 SB Road C BCS
38
A view can be updated with the CREATE OR REPLACE VIEW statement.
Syntax
CREATE OR REPLACE VIEW view_name AS
SELECT column1, column2, ...
FROM table_name
WHERE condition;
Definition of view can be changed by using ALTER VIEW command.
User can also change name of the view using RENAME command
ALTER VIEW S_view1 RENAME TO St_view1;
39
Dropping views
A view is deleted with the DROP VIEW statement.
Syntax: DROP VIEW [IF EXISTS] view_name;
The view_name specifies the name of the view is to be dropped.
IF EXISTS will check that view exists or not. If view does not exists and user tries to drop
it then database shows error. To overcome this error IF EXISTS will be used.
Example
DROP VIEW IF EXISTS S_view1;
40

More Related Content

What's hot

Structured query language(sql)ppt
Structured query language(sql)pptStructured query language(sql)ppt
Structured query language(sql)pptGowarthini
 
User, roles and privileges
User, roles and privilegesUser, roles and privileges
User, roles and privilegesYogiji Creations
 
5. stored procedure and functions
5. stored procedure and functions5. stored procedure and functions
5. stored procedure and functionsAmrit Kaur
 
Database security
Database securityDatabase security
Database securityCAS
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
SQL Tutorial - Basic Commands
SQL Tutorial - Basic CommandsSQL Tutorial - Basic Commands
SQL Tutorial - Basic Commands1keydata
 
Data and database administration(database)
Data and database administration(database)Data and database administration(database)
Data and database administration(database)welcometofacebook
 
SQL Server Index and Partition Strategy
SQL Server Index and Partition StrategySQL Server Index and Partition Strategy
SQL Server Index and Partition StrategyHamid J. Fard
 
Relational algebra-and-relational-calculus
Relational algebra-and-relational-calculusRelational algebra-and-relational-calculus
Relational algebra-and-relational-calculusSalman Vadsarya
 

What's hot (20)

SQL
SQLSQL
SQL
 
Mysql
MysqlMysql
Mysql
 
Structured query language(sql)ppt
Structured query language(sql)pptStructured query language(sql)ppt
Structured query language(sql)ppt
 
Chapter 4 Structured Query Language
Chapter 4 Structured Query LanguageChapter 4 Structured Query Language
Chapter 4 Structured Query Language
 
User, roles and privileges
User, roles and privilegesUser, roles and privileges
User, roles and privileges
 
5. stored procedure and functions
5. stored procedure and functions5. stored procedure and functions
5. stored procedure and functions
 
Oracle sql material
Oracle sql materialOracle sql material
Oracle sql material
 
Sql Server Basics
Sql Server BasicsSql Server Basics
Sql Server Basics
 
SQL Commands
SQL Commands SQL Commands
SQL Commands
 
Database security
Database securityDatabase security
Database security
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
SQL Tutorial - Basic Commands
SQL Tutorial - Basic CommandsSQL Tutorial - Basic Commands
SQL Tutorial - Basic Commands
 
Introduction to-sql
Introduction to-sqlIntroduction to-sql
Introduction to-sql
 
Data and database administration(database)
Data and database administration(database)Data and database administration(database)
Data and database administration(database)
 
Basic SQL
Basic SQLBasic SQL
Basic SQL
 
Oracle SQL Basics
Oracle SQL BasicsOracle SQL Basics
Oracle SQL Basics
 
SQL Server Index and Partition Strategy
SQL Server Index and Partition StrategySQL Server Index and Partition Strategy
SQL Server Index and Partition Strategy
 
Sql Tutorials
Sql TutorialsSql Tutorials
Sql Tutorials
 
SQL Overview
SQL OverviewSQL Overview
SQL Overview
 
Relational algebra-and-relational-calculus
Relational algebra-and-relational-calculusRelational algebra-and-relational-calculus
Relational algebra-and-relational-calculus
 

Similar to Database Security Methods, DAC, MAC,View

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql securityMukesh Tekwani
 
Database Management System Security.pptx
Database Management System  Security.pptxDatabase Management System  Security.pptx
Database Management System Security.pptxRoshni814224
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.pptmissionsk81
 
2nd chapter dbms.pptx
2nd chapter dbms.pptx2nd chapter dbms.pptx
2nd chapter dbms.pptxkavitha623544
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.pptDharaDarji5
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security ModeluniqueYGB
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxhaymanot taddesse
 

Similar to Database Security Methods, DAC, MAC,View (20)

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
 
Chapter23
Chapter23Chapter23
Chapter23
 
En ch23
En ch23En ch23
En ch23
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
 
Database Management System Security.pptx
Database Management System  Security.pptxDatabase Management System  Security.pptx
Database Management System Security.pptx
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
 
2nd chapter dbms.pptx
2nd chapter dbms.pptx2nd chapter dbms.pptx
2nd chapter dbms.pptx
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.ppt
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security Model
 
Lecture 15-16.pdf
Lecture 15-16.pdfLecture 15-16.pdf
Lecture 15-16.pdf
 
Database concepts
Database conceptsDatabase concepts
Database concepts
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptx
 
ELNA6eCh24.ppt
ELNA6eCh24.pptELNA6eCh24.ppt
ELNA6eCh24.ppt
 

More from Dr-Dipali Meher

More from Dr-Dipali Meher (17)

Version Stamps in NOSQL Databases
Version Stamps in NOSQL DatabasesVersion Stamps in NOSQL Databases
Version Stamps in NOSQL Databases
 
DataPreprocessing.pptx
DataPreprocessing.pptxDataPreprocessing.pptx
DataPreprocessing.pptx
 
Literature Review
Literature ReviewLiterature Review
Literature Review
 
Research Problem
Research ProblemResearch Problem
Research Problem
 
Formulation of Research Design
Formulation of Research DesignFormulation of Research Design
Formulation of Research Design
 
Types of Research
Types of ResearchTypes of Research
Types of Research
 
Research Methodology-Intorduction
Research Methodology-IntorductionResearch Methodology-Intorduction
Research Methodology-Intorduction
 
Introduction to Research
Introduction to ResearchIntroduction to Research
Introduction to Research
 
Neo4j session
Neo4j sessionNeo4j session
Neo4j session
 
Introduction to NoSQL
Introduction to NoSQLIntroduction to NoSQL
Introduction to NoSQL
 
Consistency in NoSQL
Consistency in NoSQLConsistency in NoSQL
Consistency in NoSQL
 
Data models in NoSQL
Data models in NoSQLData models in NoSQL
Data models in NoSQL
 
Schema migrations in no sql
Schema migrations in no sqlSchema migrations in no sql
Schema migrations in no sql
 
Polyglot Persistence
Polyglot Persistence Polyglot Persistence
Polyglot Persistence
 
Naive bayesian classification
Naive bayesian classificationNaive bayesian classification
Naive bayesian classification
 
Data mining an introduction
Data mining an introductionData mining an introduction
Data mining an introduction
 
Function Pointer
Function PointerFunction Pointer
Function Pointer
 

Recently uploaded

ClimART Action | eTwinning Project
ClimART Action    |    eTwinning ProjectClimART Action    |    eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...liera silvan
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 

Recently uploaded (20)

ClimART Action | eTwinning Project
ClimART Action    |    eTwinning ProjectClimART Action    |    eTwinning Project
ClimART Action | eTwinning Project
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY -  GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...
EmpTech Lesson 18 - ICT Project for Website Traffic Statistics and Performanc...
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 

Database Security Methods, DAC, MAC,View

  • 1. Database Security Dr. Dipali Meher MCS, M.Phil, NET, Ph.D Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 dipalimeher@moderncollegegk.org 1 Prof. Prerana Sherla MCS Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 Prerana.sherla@moderncollegegk.org
  • 2. AGENDA  Introduction to database security concepts  Methods for database security  Discretionary access control method  Mandatory access control  Role base access control for multilevel security.  Use of views in security enforcement. 2
  • 3. What is Database Security? Database security can guard against a compromise of your database, which can lead to financial loss, reputation damage, consumer confidence disintegration, brand erosion, and non-compliance of government and industry regulation. 3 objectives confidentiality, integrity, and availability 3
  • 4. What is Database Security?  Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious cyber threats and attacks.  Database security procedures are aimed at protecting not just the data inside the database, but the database management system and all the applications that access it from intrusion, misuse of data, and damage. 4
  • 5. Threats for database security  The biggest, most damaging and most widespread threat facing small businesses are phishing attacks. Some major database security threats are as follows:  Loss of Privacy: loss of protection of an individual’s data files.  Loss of Availability: unavailability of network, hardware or application because of which data is unavailable to users.  Loss of Integrity: data corruption  Loss of Confidentiality: unauthorized users access the database.  Any kind of Theft and fraud: Inadequate physical security of database.  Accidental loss: due to software, hardware, network problems 5
  • 6. Database should be protected from all above threats at different levels 1) Physical Level: The machine which contains database should be secured from all ways. 2) Database System Level: Access to database by authorized users only. 3) Operating System Level: Strong operating system secures database also 4) Human(individual) Level: restrictions to access , modify and delete data from database by different levels of users 5) Network: All database systems are accessed remotely so software level security should be provided over network. 6
  • 7. METHODS FOR DATABASE SECURITY Following are different techniques used for database security.  Discretionary Access Control Method  Mandatory Access Control Method  Statistical Database Security  Different Data Encryption Techniques 7
  • 8. Discretionary access control method Access to database from unauthorized users is secured by this methods. 1) Granting and revoking privileges to database users at different levels such as on files, records, fields and on any specified mode such as read, insert, delete and update A privilege is a right to execute a particular type of SQL statement or to access another user's object. e.g reading, writing, updating and deleing from database. 8
  • 9. Types of discretionary privileges Account Level CREATE SCHEMA/CREATE TABLE CREATE VIEW DROP ALTER MODIFY SELECT Relation (table) level System privilege Object privilege 9
  • 10. Account level privilege's  CREATE SCHEMA/CREATE TABLE: This privilege is used to create schema or base relation  CREATE VIEW: This privilege is used to create view. This will be used for relation level and virtual –view relations.  DROP: This privilege is used to delete relation or view.  ALTER: This privilege is used to apply schema changes to relations such as adding/removing attribute column to a table.  MODIFY: This privilege is used to insert, delete or update tuples in a database.  SELECT: This privilege is use to retrieve information from database by using select query. 10
  • 11. GRANTING AND REVOKING PRIVILEGES  These privileges follow authorization model and access matrix or authorization matrix model. Access matrix model (M):  Rows: Represents subjects(users/accounts/programs)  Columns: Objects(relations/records/columns/views/operations)  M(i,j): This position is the matrix represents the types of privileges (read, write, update) that subject i holds object j. 11
  • 12. Example of privileges of relation in SQL following types of privileges are granted to each relation (R)  SELECT: This is read privileges on relation (R). Data from relation is retrieved using this privilege.  MODIFY: This privilege modify tuples from relation (R). This privilege gives various commands like UPDATE (updating attributes), DELETE (deleting attributes) and INSERT (inserting attributes) on relation (R).  REFERENCES: This privilege modify the reference relation (R) using integrity constraints. It can be restricted for specific relation (R). 12
  • 13. Relation (table) level privileges  System privilege: It is right to perform particular action on a particular type of object. E.g. to create table, to delete rows of table using CREATE, ALTER and DROP command.  Object privilege: It is right to perform particular action on particular type of table, relation, attribute, view, sequence, procedure, function or package. E.g. to select, delete , insert data into table using SELECT, INSERT, DELETE command. 13
  • 14. GRANT COMMAND Syntax: GRANT privilege_name ON < tablename| view name> TO {user list| role name} [WITH GRANT OPTION]; 14
  • 15.  Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be granted.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  WITH GRANT OPTION: specifies a user to grant access rights to other user. 15
  • 16. Example: GRANT SELECT, DELETE, UPDATE //access rights with commands ON EMPLOYEE // table name TO RAJESH //user name WITH GRANT OPTION; // allows user to grant access rights to other users. Meaning: RAJESH is authorized to perform SELECT, DELETE, UPDATE operation on EMPLOYEE table and grant those privileges to other users of employee table. 16
  • 17. REVOKE COMMAND Syntax REVOKE privilege_name ON < tablename| view name> FROM {user list| role name} [restrict |cascade]; 17
  • 18.  Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be removed.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  restrict: the privilege will be removed only from specified user and not from other users to whom the privilege is granted by specified user.  cascade: The privilege will be removed from user and from other dependents users also. 18
  • 19. Example REVOKE DELETE, UPDATE (emp-sal) //access rights with commands to be removed ON EMPLOYEE // table name FROM RAJESH //user name Explanation: DELETE and UPDATE rights on emp-sal will be removed from user rajesh on table EMPLOYEE. 19
  • 20. AUDIT TRAILS Audit trail is a log of all changes (insert/delete/update) performed on database along with the user information and time. This is used to track fraud in database as it gives security to the database. 20
  • 21. A typical audit trail contains following entries  Request (source text)  Terminal (from which operation was performed)  User( who performed the operation)  Date  Time  Tuples ( on which tuples of relation R)  Attributes ( of relation R)  Old value (of tuple/ attribute/ relation R)  New value (of tuple/ attribute/ relation R) 21
  • 22. Advantages of DAC  User-friendly: Users can manage their data and quickly access data of other users.  Flexible: Users can configure data access parameters without administrators.  Easy to maintain: Adding new objects and users doesn’t take much time for the administrator.  Granular: Users can configure access parameters for each piece of data. 22
  • 23. Disadvantages of DAC  Low level of data protection — DAC can’t ensure reliable security because users can share their data however they like.  Obscure — There’s no centralized access management, so in order to find out access parameters, you have to check each ACL 23
  • 24. Mandatory Access Control  Mandatory Access Control is a method of limiting access to resources based on the sensitivity of the information that the resources contains and the authorization of the user to access information with that level of sensitivity.  This model of access control where the operating system provides users with access based on data confidentiality and user clearance levels. In this model, access is granted on a need know basis.  Before gaining the access you have to know the need of information  It is most secure because this model is non- discretionary control model and implemented on zero trust principle. 24
  • 25. Advantages of MAC  High level of data protection: An administrator defines access to objects, and users can’t edit that access.  Granular: An administrator sets user access rights and object access parameters manually.  Immune to Trojan Horse attacks: Users can’t declassify data or share access to classified data. 25
  • 26. Disadvantages of MAC  Maintainability: Manual configuration of security levels and clearances requires constant attention from administrators.  Scalability: MAC doesn’t scale automatically.  Not user-friendly: Users have to request access to each new piece of data; they can’t configure access parameters for their own data. 26
  • 27. Compare and contrast DAC and MAC DAC MAC A type of access control on which the owner of a resource restricts access to the resource based on the identity of the users. A type of access control that restricts the access to the resources based on the clearance of the subjects. Stands of Discretionary access Control Stands for Mandatory Access Control Resource owner determines who can access and what privileges they have Provides access to the users depending on the clearance level of users. Access is determined by the system More flexible Less flexible Not as secure as MAC More secure Easier to implement Comparatively less easier to implement 27
  • 28. Role Base Access Control (RBAC) For Multilevel Security Roles are collection of privileges or access rights that are combined in a centralized unit which manages users or objects of a database. There are two types of roles namely application role and user role. Application role: It is used for granting all the necessary privileges to run a given database. User role: It is used for creation of database user groups with common privilege requirements. 28
  • 29. RBAC  Roles can be created using CREATE ROLE and deleted using DROP ROLE command. GRANT and REVOKE commands under Discretionary Access control are used to assign and revoke privileges from roles.  RABC is alternative to Discretionary Access control and Mandatory Access control. 29
  • 30. RBAC  CREATION OF ROLES: Syntax:  CREATE ROLE role_name [IDENTIFIED BY password] Example to create role of “developer” with password dev@123 CREATE ROLE DEVELOPER [IDENTIFIED BY dev@123] DROPPING ROLES: Syntax DROP ROLE role_name; Example DROP ROLE DEVELOPER; 30
  • 31. USE OF VIEWS IN SECURITY ENFORCEMENT A view is the result set of a stored query on the data, which the database users can query just as they would in a persistent database collection object. Views can represent a subset of the data contained in a table. 31
  • 32. Advantages of views  A view can limit the degree of exposure of the underlying tables to the outer world.  Security: Each user can be given permission to access the database only through a small set of views that contain the specific data the user is authorized to see, thus restricting the user's access to stored data  Query simplicity: A view can draw data from several different tables and present it as a single table, turning multi-table queries into single-table queries against the view. 32
  • 33. Advantages of views  Structural simplicity: Views can give a user a "personalized" view of the database structure, presenting the database as a set of virtual tables that make sense for that user.  Consistency: A view can present a consistent, unchanged image of the structure of the database, even if the underlying source tables are split, restructured, or renamed.  Data Integrity: If data is accessed and entered through a view, the DBMS can automatically check the data to ensure that it meets the specified integrity constraints.  Logical data independence: View can make the application and database tables to a certain extent independent. If there is no view, the application must be based on a table. 33
  • 34. Disadvantages of views  When a table is dropped, associated view become irrelevant.  Since the view is created when a query requesting data from view is triggered, it’s a bit slow.  When views are created for large tables, it occupies more memory. 34
  • 35. Creation of views Syntax:  CREATE [TEMP| TEMPORARY] VIEW view_name AS  SELECT column1, column2…  FROM table_name  WHERE [condition];  TEMP| TEMPORARY keyword says that views are created in temporary space. Temporary views are automatically dropped at the end of current session. 35
  • 36. Example of view  consider student table sno sname sbdate saddress sdiv scourse 1 Rajesh 12/06/1658 Kothrud A BCS 2 Kavita 14/09/1952 Deccan B BCA 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 5 Kalpana 01/01/1960 Deccan D BCA 36
  • 37. Create a view for student no, name and division.  CREATE VIEW S_view1 AS  SELECT sno, sname, sdiv  FROM STUDENT; S_view1 will be as follows: sno sname sdiv 1 Rajesh A 2 Kavita B 3 Sadhana C 4 Radha C 5 Kalpana D 37
  • 38. Create a view for student of C division.  CREATE VIEW S_view2 AS  SELECT *  FROM STUDENT  WHERE sdiv=’C’;  S_view2 will be as follows: sno sname sbdate saddress sdiv scourse 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 38
  • 39. A view can be updated with the CREATE OR REPLACE VIEW statement. Syntax CREATE OR REPLACE VIEW view_name AS SELECT column1, column2, ... FROM table_name WHERE condition; Definition of view can be changed by using ALTER VIEW command. User can also change name of the view using RENAME command ALTER VIEW S_view1 RENAME TO St_view1; 39
  • 40. Dropping views A view is deleted with the DROP VIEW statement. Syntax: DROP VIEW [IF EXISTS] view_name; The view_name specifies the name of the view is to be dropped. IF EXISTS will check that view exists or not. If view does not exists and user tries to drop it then database shows error. To overcome this error IF EXISTS will be used. Example DROP VIEW IF EXISTS S_view1; 40