The document summarizes a seminar on database security threats, challenges, and approaches. It discusses how database security aims to protect the confidentiality, integrity, and availability of data. It outlines several challenges to database security like complex access control policies, security for large distributed databases, and privacy-preserving techniques. The document also discusses approaches to database security including encryption, digital signatures, role-based access control policies, and both built-in database protections and third-party security solutions.

1. SEMINAR ON DATABASE
SECURITY
THREATS , CHALLENGES AND
APPROACHES
It’s your data – are you sure it’s safe?
Presented
by,
AJAY.V.J.
IT S7

2. OBJECTIVES
 Data needs to be protected not only from
external threats , but also from insider threats.
 It is important torestrict access tothedatabase
fromauthorizedusers to protect sensitive data.
 Thesecurityandconfidentialityof this data is of
critical importance.

3. INTRODUCTION
 Database Security is
the mechanism that protect the database
against intentional or accidental threats.
 There are three key issues in the security of
databases just as with all security systems.

4.  Availability
 Data is available when needed.
 Integrity
 Data is only modified by authorized subjects.
 Confidentiality/Secrecy
 Data is only available to authorized subjects.

5. Definition of Database Security
 Database Security is
defined as the process
by which
“Confidentiality, Integrity
and Availability” of the
database can be
protected.

6. Why Today is Database Security
more Challenging
Mobile Computer
Vehicles
 In today’s world, we need everything secured
whether it is your mobile phone ,computer ,vehicle or
almost anything.

7. Why Today is Database Security
more Challenging
 Internet has resulted in disintermediation of
data access.
 New computing paradigms and applications,
like grid-based computing and on-demand
business, are emerging .
 Security policies, and especially access control
policies, are becoming more complex.

8. New Data Security Concerns
 Data quality and completeness.
–Is the data complete and correct with respect
to the external world? Is the data up-to-date?
 Data Provenance, Ownership and IPR
[intellectual property rights].
–From which information sources are the data
in a database coming from?

9. Large Data Volumes
 “It is estimated that the amount of information
in the world is doubling every 20 months, and
the size and number of databases are
increasing even faster” [ Rakesh Agrawal ,
VLDB Conf.].

10. Data Access Disintermediation
 By disintermediation we mean that
intermediate information processing steps,
typically carried out by the corporate
employees like typing an order received
over the phone, are removed.
 Users who are outside the traditional
corporate boundary can have direct and
immediate online access to business
information which pertains them.

11. Data Access Disintermediation
 In a traditional environment, any access to
sensitive information is through employees.
 Although employees are not always reliable, at
least
 They are known.
 Their access to sensitive data is limited by their
function.
 Employees violating access policies may be
subject to disciplinary actions.

12. Grid -Based Computing
 In a grid-based system, computing resources
are dynamically combined to execute large
computations issued by the grid users.
 Grid-based systems may also be used to store
massive databases.

13. Grid -Based Computing
 Today grid-based systems are typically
untrusted environments and only rudimentary
security techniques are used.
 Issues:
–How to protect computations from malicious
grid hosts?
–How to protect grid hosts from malicious
computations?

14. On- Demand Business
 “An on-demand business is an enterprise
whose business processes are integrated end-
to-end across the company and key partners,
suppliers and customers so it can respond
with speed to any customer demand, market
opportunity or external threat” [Nelson Mattos,
VLDB Conf.].

15. On- Demand Business
 Information integration plays a crucial role in
creating on-demand operating environments .
 It enables integrated, real-time access to
traditional and emerging data sources,
transforms information to support data
analysis, and manages data placement for
performance, currency, and availability.

16. Complex Access Control
Policies
 Flexible access control policies –exceptions
and explicit denials.
 The typical method of enforcing discretionary
access control in a database system is based
on the granting and revoking privileges.
 Mandatory policies ensure a high degree of
protection in a way, they prevent any illegal
flow of information.

17. Database Security Challenges
 1.Data quality and completeness
 Metrics for data quality and completeness.
 Methodologies and techniques for evaluation and
assurance of data quality and completeness.
 2.Privacy-preserving databases
 3.Sophisticated access control models and
mechanisms
 Tools for access control administration.

18. Database Security Challenges
 4.Security for large scale dynamically
federated databases
 Models for multi-domain security.
 Rich and flexible security mediator languages.
 Support for evolution of access control policies.
 5.Security for multimedia databases
 Security-relevant metadata schema.
 Content-based access control.
 Real-time access control for video data.

19. Database Security Challenges
 6.Security for GIS and spatial databases
 Techniques for access control and integrity
specifically tailored to spatial data and GIS
[Geographic information system].
 7.Data security in pervasive computing
environments
 8. Integration of DB access control systems
with trust negotiation systems and identity
management schemes

20. Approaches
 Encryption is a means of maintaining
secure data in an insecure environment.
 A digital signature is an example of using
encryption techniques to provide
authentication services in e-commerce
applications.
 RBAC policies ensures that only
authorized users are given access to
certain data
or resources.

21. 3rd
party Security Options
 Most companies have several types of
databases so to ensure total security across
databases they hire 3rd
party Database
Security Vendors such as Guardium,Inc. and
Imperva, Inc.
 Another option is data masking – buying a
fake data set for development and testing.

22. Pros and Cons of 3rd
Party
solutions
Solution Description Pros Cons
Data Obfuscation
(Masking, Scrambling)
Fake or Scrambled data
set for use by design
and implementation
teams
Can be very expensive –
good fake data can
range in cost from
$200,000 to $1 Million
Encryption of Data Allows personally
identifiable data to be
scrambled if intrusion
takes place.
Adds overhead and
possible performance
issues.
Database
Intrusion/Extrusion
Prevention
Looks for SQL
Injections, Bad access
commands and odd
outbound data
Can eat into over head
and cause performance
issues – also expensive.
Needs very specific
criteria to set up.
Data Leak Prevention Catches any data that is
being sent out of the
system
Does not protect data in
the actual data
warehouse.

23. Built in Database Protection
 Vendors such as Oracle, Microsoft and IBM
know that security is a big concern for data
systems.
 They create built in solutions such as:
Password Controls.
Data access based on roles and profiles.
IP restrictions for off site access.
Auditing capabilities of who has run what reports.
Security logging.

24. Pros and Cons of Built In
solutions
Solution Description Pros Cons
Complex Passwords
(require numbers and
symbols) as well as
frequent password
changes
Makes passwords harder
to guess and harder to
crack
Users write them down
and keep them next to
computer or forget and
need multiple resets
Keep Internal and
External facing
databases separate
Makes it very hard to
hack one and then get
through to the other
Reduces functionality of
databases and restricts
flow of internal data
Restrict Downloading Keeps data in the
database and not loose
in excel, etc
Restricts reporting
capabilities and off line
functionality
Restrict Unwanted
Connections
Again makes it harder
to worm from one
system to another
Makes integration more
difficult and can reduce
user acceptance

25. Advantages
 Gain productivity.
 Efficiency.
 Improved Performance

26. Disadvantages
 It did not cover security for GIS data, an
increasingly important area for homeland
security, for information-grid architectures and
for sensor data as well as privacy and security
for Web services and the semantic Web .

27. CONCLUSION
 Data security and in particular protection of
data from unauthorized accesses remain
important goals of any data management
system.
 This paper, outlined research results and
practical developments and discussed open
research issues.
 The area of database security includes
several other relevant topics, such as inference
control and statistical database security.

28. THANKYOU