SlideShare a Scribd company logo

Database Security Methods, DAC, MAC,View

Download as PPTX, PDF
Dr-Dipali Meher
Dr-Dipali Meher

Database Security Introduction,Methods for database security Discretionary access control method Mandatory access control Role base access control for multilevel security. Use of views in security enforcement

Education
1 of 40
Database Security Dr. Dipali Meher MCS, M.Phil, NET, Ph.D Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 dipalimeher@moderncollegegk.org 1 Prof. Prerana Sherla MCS Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 Prerana.sherla@moderncollegegk.org
AGENDA  Introduction to database security concepts  Methods for database security  Discretionary access control method  Mandatory access control  Role base access control for multilevel security.  Use of views in security enforcement. 2
What is Database Security? Database security can guard against a compromise of your database, which can lead to financial loss, reputation damage, consumer confidence disintegration, brand erosion, and non-compliance of government and industry regulation. 3 objectives confidentiality, integrity, and availability 3
What is Database Security?  Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious cyber threats and attacks.  Database security procedures are aimed at protecting not just the data inside the database, but the database management system and all the applications that access it from intrusion, misuse of data, and damage. 4
Threats for database security  The biggest, most damaging and most widespread threat facing small businesses are phishing attacks. Some major database security threats are as follows:  Loss of Privacy: loss of protection of an individual’s data files.  Loss of Availability: unavailability of network, hardware or application because of which data is unavailable to users.  Loss of Integrity: data corruption  Loss of Confidentiality: unauthorized users access the database.  Any kind of Theft and fraud: Inadequate physical security of database.  Accidental loss: due to software, hardware, network problems 5
Database should be protected from all above threats at different levels 1) Physical Level: The machine which contains database should be secured from all ways. 2) Database System Level: Access to database by authorized users only. 3) Operating System Level: Strong operating system secures database also 4) Human(individual) Level: restrictions to access , modify and delete data from database by different levels of users 5) Network: All database systems are accessed remotely so software level security should be provided over network. 6
METHODS FOR DATABASE SECURITY Following are different techniques used for database security.  Discretionary Access Control Method  Mandatory Access Control Method  Statistical Database Security  Different Data Encryption Techniques 7
Discretionary access control method Access to database from unauthorized users is secured by this methods. 1) Granting and revoking privileges to database users at different levels such as on files, records, fields and on any specified mode such as read, insert, delete and update A privilege is a right to execute a particular type of SQL statement or to access another user's object. e.g reading, writing, updating and deleing from database. 8
Types of discretionary privileges Account Level CREATE SCHEMA/CREATE TABLE CREATE VIEW DROP ALTER MODIFY SELECT Relation (table) level System privilege Object privilege 9
Account level privilege's  CREATE SCHEMA/CREATE TABLE: This privilege is used to create schema or base relation  CREATE VIEW: This privilege is used to create view. This will be used for relation level and virtual –view relations.  DROP: This privilege is used to delete relation or view.  ALTER: This privilege is used to apply schema changes to relations such as adding/removing attribute column to a table.  MODIFY: This privilege is used to insert, delete or update tuples in a database.  SELECT: This privilege is use to retrieve information from database by using select query. 10
GRANTING AND REVOKING PRIVILEGES  These privileges follow authorization model and access matrix or authorization matrix model. Access matrix model (M):  Rows: Represents subjects(users/accounts/programs)  Columns: Objects(relations/records/columns/views/operations)  M(i,j): This position is the matrix represents the types of privileges (read, write, update) that subject i holds object j. 11
Example of privileges of relation in SQL following types of privileges are granted to each relation (R)  SELECT: This is read privileges on relation (R). Data from relation is retrieved using this privilege.  MODIFY: This privilege modify tuples from relation (R). This privilege gives various commands like UPDATE (updating attributes), DELETE (deleting attributes) and INSERT (inserting attributes) on relation (R).  REFERENCES: This privilege modify the reference relation (R) using integrity constraints. It can be restricted for specific relation (R). 12
Relation (table) level privileges  System privilege: It is right to perform particular action on a particular type of object. E.g. to create table, to delete rows of table using CREATE, ALTER and DROP command.  Object privilege: It is right to perform particular action on particular type of table, relation, attribute, view, sequence, procedure, function or package. E.g. to select, delete , insert data into table using SELECT, INSERT, DELETE command. 13
GRANT COMMAND Syntax: GRANT privilege_name ON < tablename| view name> TO {user list| role name} [WITH GRANT OPTION]; 14
 Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be granted.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  WITH GRANT OPTION: specifies a user to grant access rights to other user. 15
Example: GRANT SELECT, DELETE, UPDATE //access rights with commands ON EMPLOYEE // table name TO RAJESH //user name WITH GRANT OPTION; // allows user to grant access rights to other users. Meaning: RAJESH is authorized to perform SELECT, DELETE, UPDATE operation on EMPLOYEE table and grant those privileges to other users of employee table. 16
REVOKE COMMAND Syntax REVOKE privilege_name ON < tablename| view name> FROM {user list| role name} [restrict |cascade]; 17
 Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be removed.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  restrict: the privilege will be removed only from specified user and not from other users to whom the privilege is granted by specified user.  cascade: The privilege will be removed from user and from other dependents users also. 18
Example REVOKE DELETE, UPDATE (emp-sal) //access rights with commands to be removed ON EMPLOYEE // table name FROM RAJESH //user name Explanation: DELETE and UPDATE rights on emp-sal will be removed from user rajesh on table EMPLOYEE. 19
AUDIT TRAILS Audit trail is a log of all changes (insert/delete/update) performed on database along with the user information and time. This is used to track fraud in database as it gives security to the database. 20
A typical audit trail contains following entries  Request (source text)  Terminal (from which operation was performed)  User( who performed the operation)  Date  Time  Tuples ( on which tuples of relation R)  Attributes ( of relation R)  Old value (of tuple/ attribute/ relation R)  New value (of tuple/ attribute/ relation R) 21
Advantages of DAC  User-friendly: Users can manage their data and quickly access data of other users.  Flexible: Users can configure data access parameters without administrators.  Easy to maintain: Adding new objects and users doesn’t take much time for the administrator.  Granular: Users can configure access parameters for each piece of data. 22
Disadvantages of DAC  Low level of data protection — DAC can’t ensure reliable security because users can share their data however they like.  Obscure — There’s no centralized access management, so in order to find out access parameters, you have to check each ACL 23
Mandatory Access Control  Mandatory Access Control is a method of limiting access to resources based on the sensitivity of the information that the resources contains and the authorization of the user to access information with that level of sensitivity.  This model of access control where the operating system provides users with access based on data confidentiality and user clearance levels. In this model, access is granted on a need know basis.  Before gaining the access you have to know the need of information  It is most secure because this model is non- discretionary control model and implemented on zero trust principle. 24
Advantages of MAC  High level of data protection: An administrator defines access to objects, and users can’t edit that access.  Granular: An administrator sets user access rights and object access parameters manually.  Immune to Trojan Horse attacks: Users can’t declassify data or share access to classified data. 25
Disadvantages of MAC  Maintainability: Manual configuration of security levels and clearances requires constant attention from administrators.  Scalability: MAC doesn’t scale automatically.  Not user-friendly: Users have to request access to each new piece of data; they can’t configure access parameters for their own data. 26
Compare and contrast DAC and MAC DAC MAC A type of access control on which the owner of a resource restricts access to the resource based on the identity of the users. A type of access control that restricts the access to the resources based on the clearance of the subjects. Stands of Discretionary access Control Stands for Mandatory Access Control Resource owner determines who can access and what privileges they have Provides access to the users depending on the clearance level of users. Access is determined by the system More flexible Less flexible Not as secure as MAC More secure Easier to implement Comparatively less easier to implement 27
Role Base Access Control (RBAC) For Multilevel Security Roles are collection of privileges or access rights that are combined in a centralized unit which manages users or objects of a database. There are two types of roles namely application role and user role. Application role: It is used for granting all the necessary privileges to run a given database. User role: It is used for creation of database user groups with common privilege requirements. 28
RBAC  Roles can be created using CREATE ROLE and deleted using DROP ROLE command. GRANT and REVOKE commands under Discretionary Access control are used to assign and revoke privileges from roles.  RABC is alternative to Discretionary Access control and Mandatory Access control. 29
RBAC  CREATION OF ROLES: Syntax:  CREATE ROLE role_name [IDENTIFIED BY password] Example to create role of “developer” with password dev@123 CREATE ROLE DEVELOPER [IDENTIFIED BY dev@123] DROPPING ROLES: Syntax DROP ROLE role_name; Example DROP ROLE DEVELOPER; 30
USE OF VIEWS IN SECURITY ENFORCEMENT A view is the result set of a stored query on the data, which the database users can query just as they would in a persistent database collection object. Views can represent a subset of the data contained in a table. 31
Advantages of views  A view can limit the degree of exposure of the underlying tables to the outer world.  Security: Each user can be given permission to access the database only through a small set of views that contain the specific data the user is authorized to see, thus restricting the user's access to stored data  Query simplicity: A view can draw data from several different tables and present it as a single table, turning multi-table queries into single-table queries against the view. 32
Advantages of views  Structural simplicity: Views can give a user a "personalized" view of the database structure, presenting the database as a set of virtual tables that make sense for that user.  Consistency: A view can present a consistent, unchanged image of the structure of the database, even if the underlying source tables are split, restructured, or renamed.  Data Integrity: If data is accessed and entered through a view, the DBMS can automatically check the data to ensure that it meets the specified integrity constraints.  Logical data independence: View can make the application and database tables to a certain extent independent. If there is no view, the application must be based on a table. 33
Disadvantages of views  When a table is dropped, associated view become irrelevant.  Since the view is created when a query requesting data from view is triggered, it’s a bit slow.  When views are created for large tables, it occupies more memory. 34
Creation of views Syntax:  CREATE [TEMP| TEMPORARY] VIEW view_name AS  SELECT column1, column2…  FROM table_name  WHERE [condition];  TEMP| TEMPORARY keyword says that views are created in temporary space. Temporary views are automatically dropped at the end of current session. 35
Example of view  consider student table sno sname sbdate saddress sdiv scourse 1 Rajesh 12/06/1658 Kothrud A BCS 2 Kavita 14/09/1952 Deccan B BCA 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 5 Kalpana 01/01/1960 Deccan D BCA 36
Create a view for student no, name and division.  CREATE VIEW S_view1 AS  SELECT sno, sname, sdiv  FROM STUDENT; S_view1 will be as follows: sno sname sdiv 1 Rajesh A 2 Kavita B 3 Sadhana C 4 Radha C 5 Kalpana D 37
Create a view for student of C division.  CREATE VIEW S_view2 AS  SELECT *  FROM STUDENT  WHERE sdiv=’C’;  S_view2 will be as follows: sno sname sbdate saddress sdiv scourse 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 38
A view can be updated with the CREATE OR REPLACE VIEW statement. Syntax CREATE OR REPLACE VIEW view_name AS SELECT column1, column2, ... FROM table_name WHERE condition; Definition of view can be changed by using ALTER VIEW command. User can also change name of the view using RENAME command ALTER VIEW S_view1 RENAME TO St_view1; 39
Dropping views A view is deleted with the DROP VIEW statement. Syntax: DROP VIEW [IF EXISTS] view_name; The view_name specifies the name of the view is to be dropped. IF EXISTS will check that view exists or not. If view does not exists and user tries to drop it then database shows error. To overcome this error IF EXISTS will be used. Example DROP VIEW IF EXISTS S_view1; 40

Recommended

Text mining
Text miningText mining
Text miningKoshy Geoji
 
DISE - Database Concepts
DISE - Database ConceptsDISE - Database Concepts
DISE - Database ConceptsRasan Samarasinghe
 
Data sharding
Data shardingData sharding
Data shardingAditi Anand
 
File organization (part 1)
File organization (part 1)File organization (part 1)
File organization (part 1)SURBHI SAROHA
 
MS Access and Database Fundamentals
MS Access and Database FundamentalsMS Access and Database Fundamentals
MS Access and Database FundamentalsAnanda Gupta
 
DATA ANALYSIS
DATA ANALYSISDATA ANALYSIS
DATA ANALYSISCHARAK RAY
 
Introduction to Metadata
Introduction to MetadataIntroduction to Metadata
Introduction to MetadataEUDAT
 
Data Warehouse Concepts and Architecture
Data Warehouse Concepts and ArchitectureData Warehouse Concepts and Architecture
Data Warehouse Concepts and ArchitectureMohd Tousif
 

Recommended

Text mining
Text miningText mining
Text miningKoshy Geoji
 
DISE - Database Concepts
DISE - Database ConceptsDISE - Database Concepts
DISE - Database ConceptsRasan Samarasinghe
 
Data sharding
Data shardingData sharding
Data shardingAditi Anand
 
File organization (part 1)
File organization (part 1)File organization (part 1)
File organization (part 1)SURBHI SAROHA
 
MS Access and Database Fundamentals
MS Access and Database FundamentalsMS Access and Database Fundamentals
MS Access and Database FundamentalsAnanda Gupta
 
DATA ANALYSIS
DATA ANALYSISDATA ANALYSIS
DATA ANALYSISCHARAK RAY
 
Introduction to Metadata
Introduction to MetadataIntroduction to Metadata
Introduction to MetadataEUDAT
 
Data Warehouse Concepts and Architecture
Data Warehouse Concepts and ArchitectureData Warehouse Concepts and Architecture
Data Warehouse Concepts and ArchitectureMohd Tousif
 
Relational data model
Relational data modelRelational data model
Relational data modelSURBHI SAROHA
 
introduction to NOSQL Database
introduction to NOSQL Databaseintroduction to NOSQL Database
introduction to NOSQL Databasenehabsairam
 
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...Lauri Eloranta
 
Open Data Kit training
Open Data Kit trainingOpen Data Kit training
Open Data Kit trainingBodhiya Wijaya Mulya
 
Data Mining
Data MiningData Mining
Data MiningSHIKHA GAUTAM
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQLAbdul Rehman
 
MS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database ConceptsMS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database ConceptsDataminingTools Inc
 
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtapADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtapVikas Jagtap
 
Introduccion a las bases de datos
Introduccion a las bases de datosIntroduccion a las bases de datos
Introduccion a las bases de datosCristian Salazar C.
 
An Intro to NoSQL Databases
An Intro to NoSQL DatabasesAn Intro to NoSQL Databases
An Intro to NoSQL DatabasesRajith Pemabandu
 
Data definition language
Data definition languageData definition language
Data definition languageVENNILAV6
 
Data Warehousing and Data Mining
Data Warehousing and Data MiningData Warehousing and Data Mining
Data Warehousing and Data Miningidnats
 
You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?Precisely
 
Information retrieval s
Information retrieval sInformation retrieval s
Information retrieval ssilambu111
 
rdbms-notes
rdbms-notesrdbms-notes
rdbms-notesMohit Saini
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Jotham Gadot
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basicsShahed Mohamed
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimizationUsman Tariq
 
Data models
Data modelsData models
Data modelsUsman Tariq
 
Introduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningIntroduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningAarshDhokai
 
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
 
Chapter23
Chapter23Chapter23
Chapter23gourab87
 

More Related Content

What's hot

Relational data model
Relational data modelRelational data model
Relational data modelSURBHI SAROHA
 
introduction to NOSQL Database
introduction to NOSQL Databaseintroduction to NOSQL Database
introduction to NOSQL Databasenehabsairam
 
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...Lauri Eloranta
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQLAbdul Rehman
 
MS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database ConceptsMS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database ConceptsDataminingTools Inc
 
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtapADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtapVikas Jagtap
 
Introduccion a las bases de datos
Introduccion a las bases de datosIntroduccion a las bases de datos
Introduccion a las bases de datosCristian Salazar C.
 
An Intro to NoSQL Databases
An Intro to NoSQL DatabasesAn Intro to NoSQL Databases
An Intro to NoSQL DatabasesRajith Pemabandu
 
Data definition language
Data definition languageData definition language
Data definition languageVENNILAV6
 
Data Warehousing and Data Mining
Data Warehousing and Data MiningData Warehousing and Data Mining
Data Warehousing and Data Miningidnats
 
You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?Precisely
 
Information retrieval s
Information retrieval sInformation retrieval s
Information retrieval ssilambu111
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Jotham Gadot
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basicsShahed Mohamed
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimizationUsman Tariq
 
Introduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningIntroduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningAarshDhokai
 

What's hot (20)

Relational data model
Relational data modelRelational data model
Relational data model
 
introduction to NOSQL Database
introduction to NOSQL Databaseintroduction to NOSQL Database
introduction to NOSQL Database
 
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
Big Data and Data Mining - Lecture 3 in Introduction to Computational Social ...
 
Open Data Kit training
Open Data Kit trainingOpen Data Kit training
Open Data Kit training
 
Data Mining
Data MiningData Mining
Data Mining
 
Query optimization in SQL
Query optimization in SQLQuery optimization in SQL
Query optimization in SQL
 
MS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database ConceptsMS Sql Server: Introduction To Database Concepts
MS Sql Server: Introduction To Database Concepts
 
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtapADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
ADVANCE DATABASE MANAGEMENT SYSTEM CONCEPTS & ARCHITECTURE by vikas jagtap
 
Introduccion a las bases de datos
Introduccion a las bases de datosIntroduccion a las bases de datos
Introduccion a las bases de datos
 
An Intro to NoSQL Databases
An Intro to NoSQL DatabasesAn Intro to NoSQL Databases
An Intro to NoSQL Databases
 
Data definition language
Data definition languageData definition language
Data definition language
 
Data Warehousing and Data Mining
Data Warehousing and Data MiningData Warehousing and Data Mining
Data Warehousing and Data Mining
 
You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?You Need a Data Catalog. Do You Know Why?
You Need a Data Catalog. Do You Know Why?
 
Information retrieval s
Information retrieval sInformation retrieval s
Information retrieval s
 
rdbms-notes
rdbms-notesrdbms-notes
rdbms-notes
 
Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01Fundamentals of Database ppt ch01
Fundamentals of Database ppt ch01
 
Database backup and recovery basics
Database backup and recovery basicsDatabase backup and recovery basics
Database backup and recovery basics
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimization
 
Data models
Data modelsData models
Data models
 
Introduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningIntroduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data Mining
 

Similar to Database Security Methods, DAC, MAC,View

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfKavitaShinde26
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networksG Prachi
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql securityMukesh Tekwani
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptxRoshni814224
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.pptmissionsk81
 
2nd chapter dbms.pptx
2nd chapter dbms.pptx2nd chapter dbms.pptx
2nd chapter dbms.pptxkavitha623544
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.pptDharaDarji5
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql databasegourav kottawar
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security ModeluniqueYGB
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxhaymanot taddesse
 

Similar to Database Security Methods, DAC, MAC,View (20)

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdfUNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf
 
Chapter23
Chapter23Chapter23
Chapter23
 
En ch23
En ch23En ch23
En ch23
 
Database security and security in networks
Database security and security in networksDatabase security and security in networks
Database security and security in networks
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
 
2nd chapter dbms.pptx
2nd chapter dbms.pptx2nd chapter dbms.pptx
2nd chapter dbms.pptx
 
Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access method
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.ppt
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
 
DB2 Security Model
DB2 Security ModelDB2 Security Model
DB2 Security Model
 
Lecture 15-16.pdf
Lecture 15-16.pdfLecture 15-16.pdf
Lecture 15-16.pdf
 
Database concepts
Database conceptsDatabase concepts
Database concepts
 
S5-Authorization
S5-AuthorizationS5-Authorization
S5-Authorization
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptx
 
ELNA6eCh24.ppt
ELNA6eCh24.pptELNA6eCh24.ppt
ELNA6eCh24.ppt
 

More from Dr-Dipali Meher

Version Stamps in NOSQL Databases
Version Stamps in NOSQL DatabasesVersion Stamps in NOSQL Databases
Version Stamps in NOSQL DatabasesDr-Dipali Meher
 
Formulation of Research Design
Formulation of Research DesignFormulation of Research Design
Formulation of Research DesignDr-Dipali Meher
 
Research Methodology-Intorduction
Research Methodology-IntorductionResearch Methodology-Intorduction
Research Methodology-IntorductionDr-Dipali Meher
 
Introduction to Research
Introduction to ResearchIntroduction to Research
Introduction to ResearchDr-Dipali Meher
 
Schema migrations in no sql
Schema migrations in no sqlSchema migrations in no sql
Schema migrations in no sqlDr-Dipali Meher
 
Naive bayesian classification
Naive bayesian classificationNaive bayesian classification
Naive bayesian classificationDr-Dipali Meher
 
Data mining an introduction
Data mining an introductionData mining an introduction
Data mining an introductionDr-Dipali Meher
 

More from Dr-Dipali Meher (17)

Version Stamps in NOSQL Databases
Version Stamps in NOSQL DatabasesVersion Stamps in NOSQL Databases
Version Stamps in NOSQL Databases
 
DataPreprocessing.pptx
DataPreprocessing.pptxDataPreprocessing.pptx
DataPreprocessing.pptx
 
Literature Review
Literature ReviewLiterature Review
Literature Review
 
Research Problem
Research ProblemResearch Problem
Research Problem
 
Formulation of Research Design
Formulation of Research DesignFormulation of Research Design
Formulation of Research Design
 
Types of Research
Types of ResearchTypes of Research
Types of Research
 
Research Methodology-Intorduction
Research Methodology-IntorductionResearch Methodology-Intorduction
Research Methodology-Intorduction
 
Introduction to Research
Introduction to ResearchIntroduction to Research
Introduction to Research
 
Neo4j session
Neo4j sessionNeo4j session
Neo4j session
 
Introduction to NoSQL
Introduction to NoSQLIntroduction to NoSQL
Introduction to NoSQL
 
Consistency in NoSQL
Consistency in NoSQLConsistency in NoSQL
Consistency in NoSQL
 
Data models in NoSQL
Data models in NoSQLData models in NoSQL
Data models in NoSQL
 
Schema migrations in no sql
Schema migrations in no sqlSchema migrations in no sql
Schema migrations in no sql
 
Polyglot Persistence
Polyglot Persistence Polyglot Persistence
Polyglot Persistence
 
Naive bayesian classification
Naive bayesian classificationNaive bayesian classification
Naive bayesian classification
 
Data mining an introduction
Data mining an introductionData mining an introduction
Data mining an introduction
 
Function Pointer
Function PointerFunction Pointer
Function Pointer
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 

Database Security Methods, DAC, MAC,View

  • 1. Database Security Dr. Dipali Meher MCS, M.Phil, NET, Ph.D Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 dipalimeher@moderncollegegk.org 1 Prof. Prerana Sherla MCS Assistant Professor Modern College of Arts, Science & Commerce, Ganeshkhind, Pune 16 Prerana.sherla@moderncollegegk.org
  • 2. AGENDA  Introduction to database security concepts  Methods for database security  Discretionary access control method  Mandatory access control  Role base access control for multilevel security.  Use of views in security enforcement. 2
  • 3. What is Database Security? Database security can guard against a compromise of your database, which can lead to financial loss, reputation damage, consumer confidence disintegration, brand erosion, and non-compliance of government and industry regulation. 3 objectives confidentiality, integrity, and availability 3
  • 4. What is Database Security?  Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious cyber threats and attacks.  Database security procedures are aimed at protecting not just the data inside the database, but the database management system and all the applications that access it from intrusion, misuse of data, and damage. 4
  • 5. Threats for database security  The biggest, most damaging and most widespread threat facing small businesses are phishing attacks. Some major database security threats are as follows:  Loss of Privacy: loss of protection of an individual’s data files.  Loss of Availability: unavailability of network, hardware or application because of which data is unavailable to users.  Loss of Integrity: data corruption  Loss of Confidentiality: unauthorized users access the database.  Any kind of Theft and fraud: Inadequate physical security of database.  Accidental loss: due to software, hardware, network problems 5
  • 6. Database should be protected from all above threats at different levels 1) Physical Level: The machine which contains database should be secured from all ways. 2) Database System Level: Access to database by authorized users only. 3) Operating System Level: Strong operating system secures database also 4) Human(individual) Level: restrictions to access , modify and delete data from database by different levels of users 5) Network: All database systems are accessed remotely so software level security should be provided over network. 6
  • 7. METHODS FOR DATABASE SECURITY Following are different techniques used for database security.  Discretionary Access Control Method  Mandatory Access Control Method  Statistical Database Security  Different Data Encryption Techniques 7
  • 8. Discretionary access control method Access to database from unauthorized users is secured by this methods. 1) Granting and revoking privileges to database users at different levels such as on files, records, fields and on any specified mode such as read, insert, delete and update A privilege is a right to execute a particular type of SQL statement or to access another user's object. e.g reading, writing, updating and deleing from database. 8
  • 9. Types of discretionary privileges Account Level CREATE SCHEMA/CREATE TABLE CREATE VIEW DROP ALTER MODIFY SELECT Relation (table) level System privilege Object privilege 9
  • 10. Account level privilege's  CREATE SCHEMA/CREATE TABLE: This privilege is used to create schema or base relation  CREATE VIEW: This privilege is used to create view. This will be used for relation level and virtual –view relations.  DROP: This privilege is used to delete relation or view.  ALTER: This privilege is used to apply schema changes to relations such as adding/removing attribute column to a table.  MODIFY: This privilege is used to insert, delete or update tuples in a database.  SELECT: This privilege is use to retrieve information from database by using select query. 10
  • 11. GRANTING AND REVOKING PRIVILEGES  These privileges follow authorization model and access matrix or authorization matrix model. Access matrix model (M):  Rows: Represents subjects(users/accounts/programs)  Columns: Objects(relations/records/columns/views/operations)  M(i,j): This position is the matrix represents the types of privileges (read, write, update) that subject i holds object j. 11
  • 12. Example of privileges of relation in SQL following types of privileges are granted to each relation (R)  SELECT: This is read privileges on relation (R). Data from relation is retrieved using this privilege.  MODIFY: This privilege modify tuples from relation (R). This privilege gives various commands like UPDATE (updating attributes), DELETE (deleting attributes) and INSERT (inserting attributes) on relation (R).  REFERENCES: This privilege modify the reference relation (R) using integrity constraints. It can be restricted for specific relation (R). 12
  • 13. Relation (table) level privileges  System privilege: It is right to perform particular action on a particular type of object. E.g. to create table, to delete rows of table using CREATE, ALTER and DROP command.  Object privilege: It is right to perform particular action on particular type of table, relation, attribute, view, sequence, procedure, function or package. E.g. to select, delete , insert data into table using SELECT, INSERT, DELETE command. 13
  • 14. GRANT COMMAND Syntax: GRANT privilege_name ON < tablename| view name> TO {user list| role name} [WITH GRANT OPTION]; 14
  • 15.  Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be granted.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  WITH GRANT OPTION: specifies a user to grant access rights to other user. 15
  • 16. Example: GRANT SELECT, DELETE, UPDATE //access rights with commands ON EMPLOYEE // table name TO RAJESH //user name WITH GRANT OPTION; // allows user to grant access rights to other users. Meaning: RAJESH is authorized to perform SELECT, DELETE, UPDATE operation on EMPLOYEE table and grant those privileges to other users of employee table. 16
  • 17. REVOKE COMMAND Syntax REVOKE privilege_name ON < tablename| view name> FROM {user list| role name} [restrict |cascade]; 17
  • 18.  Privilege name: access right like SELECT, INSERT, UPDATE, DELETE etc. to be removed.  Table name: relation name view name: specifies view name  User list: specifies list of users to which privilege is to be granted  Role name: specifies user role in database system  restrict: the privilege will be removed only from specified user and not from other users to whom the privilege is granted by specified user.  cascade: The privilege will be removed from user and from other dependents users also. 18
  • 19. Example REVOKE DELETE, UPDATE (emp-sal) //access rights with commands to be removed ON EMPLOYEE // table name FROM RAJESH //user name Explanation: DELETE and UPDATE rights on emp-sal will be removed from user rajesh on table EMPLOYEE. 19
  • 20. AUDIT TRAILS Audit trail is a log of all changes (insert/delete/update) performed on database along with the user information and time. This is used to track fraud in database as it gives security to the database. 20
  • 21. A typical audit trail contains following entries  Request (source text)  Terminal (from which operation was performed)  User( who performed the operation)  Date  Time  Tuples ( on which tuples of relation R)  Attributes ( of relation R)  Old value (of tuple/ attribute/ relation R)  New value (of tuple/ attribute/ relation R) 21
  • 22. Advantages of DAC  User-friendly: Users can manage their data and quickly access data of other users.  Flexible: Users can configure data access parameters without administrators.  Easy to maintain: Adding new objects and users doesn’t take much time for the administrator.  Granular: Users can configure access parameters for each piece of data. 22
  • 23. Disadvantages of DAC  Low level of data protection — DAC can’t ensure reliable security because users can share their data however they like.  Obscure — There’s no centralized access management, so in order to find out access parameters, you have to check each ACL 23
  • 24. Mandatory Access Control  Mandatory Access Control is a method of limiting access to resources based on the sensitivity of the information that the resources contains and the authorization of the user to access information with that level of sensitivity.  This model of access control where the operating system provides users with access based on data confidentiality and user clearance levels. In this model, access is granted on a need know basis.  Before gaining the access you have to know the need of information  It is most secure because this model is non- discretionary control model and implemented on zero trust principle. 24
  • 25. Advantages of MAC  High level of data protection: An administrator defines access to objects, and users can’t edit that access.  Granular: An administrator sets user access rights and object access parameters manually.  Immune to Trojan Horse attacks: Users can’t declassify data or share access to classified data. 25
  • 26. Disadvantages of MAC  Maintainability: Manual configuration of security levels and clearances requires constant attention from administrators.  Scalability: MAC doesn’t scale automatically.  Not user-friendly: Users have to request access to each new piece of data; they can’t configure access parameters for their own data. 26
  • 27. Compare and contrast DAC and MAC DAC MAC A type of access control on which the owner of a resource restricts access to the resource based on the identity of the users. A type of access control that restricts the access to the resources based on the clearance of the subjects. Stands of Discretionary access Control Stands for Mandatory Access Control Resource owner determines who can access and what privileges they have Provides access to the users depending on the clearance level of users. Access is determined by the system More flexible Less flexible Not as secure as MAC More secure Easier to implement Comparatively less easier to implement 27
  • 28. Role Base Access Control (RBAC) For Multilevel Security Roles are collection of privileges or access rights that are combined in a centralized unit which manages users or objects of a database. There are two types of roles namely application role and user role. Application role: It is used for granting all the necessary privileges to run a given database. User role: It is used for creation of database user groups with common privilege requirements. 28
  • 29. RBAC  Roles can be created using CREATE ROLE and deleted using DROP ROLE command. GRANT and REVOKE commands under Discretionary Access control are used to assign and revoke privileges from roles.  RABC is alternative to Discretionary Access control and Mandatory Access control. 29
  • 30. RBAC  CREATION OF ROLES: Syntax:  CREATE ROLE role_name [IDENTIFIED BY password] Example to create role of “developer” with password dev@123 CREATE ROLE DEVELOPER [IDENTIFIED BY dev@123] DROPPING ROLES: Syntax DROP ROLE role_name; Example DROP ROLE DEVELOPER; 30
  • 31. USE OF VIEWS IN SECURITY ENFORCEMENT A view is the result set of a stored query on the data, which the database users can query just as they would in a persistent database collection object. Views can represent a subset of the data contained in a table. 31
  • 32. Advantages of views  A view can limit the degree of exposure of the underlying tables to the outer world.  Security: Each user can be given permission to access the database only through a small set of views that contain the specific data the user is authorized to see, thus restricting the user's access to stored data  Query simplicity: A view can draw data from several different tables and present it as a single table, turning multi-table queries into single-table queries against the view. 32
  • 33. Advantages of views  Structural simplicity: Views can give a user a "personalized" view of the database structure, presenting the database as a set of virtual tables that make sense for that user.  Consistency: A view can present a consistent, unchanged image of the structure of the database, even if the underlying source tables are split, restructured, or renamed.  Data Integrity: If data is accessed and entered through a view, the DBMS can automatically check the data to ensure that it meets the specified integrity constraints.  Logical data independence: View can make the application and database tables to a certain extent independent. If there is no view, the application must be based on a table. 33
  • 34. Disadvantages of views  When a table is dropped, associated view become irrelevant.  Since the view is created when a query requesting data from view is triggered, it’s a bit slow.  When views are created for large tables, it occupies more memory. 34
  • 35. Creation of views Syntax:  CREATE [TEMP| TEMPORARY] VIEW view_name AS  SELECT column1, column2…  FROM table_name  WHERE [condition];  TEMP| TEMPORARY keyword says that views are created in temporary space. Temporary views are automatically dropped at the end of current session. 35
  • 36. Example of view  consider student table sno sname sbdate saddress sdiv scourse 1 Rajesh 12/06/1658 Kothrud A BCS 2 Kavita 14/09/1952 Deccan B BCA 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 5 Kalpana 01/01/1960 Deccan D BCA 36
  • 37. Create a view for student no, name and division.  CREATE VIEW S_view1 AS  SELECT sno, sname, sdiv  FROM STUDENT; S_view1 will be as follows: sno sname sdiv 1 Rajesh A 2 Kavita B 3 Sadhana C 4 Radha C 5 Kalpana D 37
  • 38. Create a view for student of C division.  CREATE VIEW S_view2 AS  SELECT *  FROM STUDENT  WHERE sdiv=’C’;  S_view2 will be as follows: sno sname sbdate saddress sdiv scourse 3 Sadhana 18/02/1950 Aundh C MCA 4 Radha 28/09/1965 SB Road C BCS 38
  • 39. A view can be updated with the CREATE OR REPLACE VIEW statement. Syntax CREATE OR REPLACE VIEW view_name AS SELECT column1, column2, ... FROM table_name WHERE condition; Definition of view can be changed by using ALTER VIEW command. User can also change name of the view using RENAME command ALTER VIEW S_view1 RENAME TO St_view1; 39
  • 40. Dropping views A view is deleted with the DROP VIEW statement. Syntax: DROP VIEW [IF EXISTS] view_name; The view_name specifies the name of the view is to be dropped. IF EXISTS will check that view exists or not. If view does not exists and user tries to drop it then database shows error. To overcome this error IF EXISTS will be used. Example DROP VIEW IF EXISTS S_view1; 40