SlideShare a Scribd company logo

Security and Authorization

M
Megha yadav

Security Violations,Reasons of Security violation are,security measures,Authorization,form of authorization,Difference between drop and delete authorization ,Authorization and Views,View example ,View Query ,Granting of Privileges,Example of Granting of Privileges,Example of Granting of Privileges,Authorization grant graph ,Notion of Roles,Audit Trails ,Audit Trails ,Authorization in SQL,Read Authorization ,Update authorization ,Role creation ,The Privilege to Grant Privileges ,revoke an authorization,Cascading of Revoke

Engineering
1 of 25
SECURITY AND AUTHORIZATION BY : M E G H A YA D AV
SECURITY VIOLATIONS • Security : Protection of the data against unauthorized destruction. • Violations: In database violation are either malicious (Unauthorized reading, modification ,destruction) or accidental(crash, concurrent access) . • Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. • In security violation the sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized person .
REASONS OF SECURITY VIOLATION ARE • Unauthorized reading of data (theft of information) • Unauthorized modification of data • Unauthorized destruction of data
SECURITY MEASURES • Database security refers to protection from malicious access. • Database system. Some database-system users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is the responsibility of the database system to ensure that these authorization restrictions are not violated. • Operating system. No matter how secure the database system is, weakness in operating-system security may serve as a means of unauthorized access to the database. • Network. Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in private networks.
• Physical. Sites with computer systems must be physically secured against entry by intruders. • Human. Users must be authorized carefully to reduce the chance of any user giving access to an intruder in exchange for a bribe or other favors. • Security at all these levels must be maintained if database security is to be ensured
AUTHORIZATION • Authorization is the process where the database manager gets information about the authenticated user to determining which database operations the user can perform and which data objects a user can access.
FORMS OF AUTHORIZATION These forms of authorization are used to access the data • Read authorization allows reading, but not modification, of data. • Insert authorization allows insertion of new data, but not modification of existing data. • Update authorization allows modification, but not deletion, of data. • Delete authorization allows deletion of data database
FORM OF AUTHORIZATION These form of authorization is use to modify the database schema: • Index authorization :allows the creation and deletion of indices. • Resource authorization :allows the creation of new relations. • Alteration authorization: allows the addition or deletion of attributes in a relation. A user with resource authorization who creates a new relation is given all privileges on that relation automatically. • Drop authorization :allows the deletion of relations.
DIFFERENCE BETWEEN DROP AND DELETE AUTHORIZATION : • Delete Authorization allows deletion of tuples only. If a user deletes all tuples of a relation, the relation still exists, but it is empty. • Drop Authorization If a relation is dropped, it no longer exists.
AUTHORIZATION AND VIEWS • Views are used for security purpose in databases. • A view can hide data that a user does not need to see. The ability of views to hide data serves both to simplify usage of the system and to enhance security. Views simplify system usage because they restrict the user’s attention to the data of interest. Although a user may be denied direct access to a relation, that user may be allowed to access part of that relation through a view.
VIEW EXAMPLE • In our banking example, • A clerk who needs to know the names of all customers who have a loan at each branch. This clerk is not authorized to see information regarding specific loans that the customer may have. • Thus, the clerk must be denied direct access to the loan relation. But, the clerk must be granted access to the view cust-loan, which consists of only the names of customers and the branches at which they have a loan.
VIEW QUERY • This view can be defined in SQL as follows: create view cust-loan as (select branch-name, customer-name from borrower, loan where borrower.loan-number = loan.loan-number) In our cust-loan view example, the creator of the view must have read authorization on both the borrower and loan relations.
GRANTING OF PRIVILEGES • A user who has been granted some form of authorization may be allowed to pass on this authorization to other user. • The passing of authorization from one user to another can be represented by an authorization graph • The nodes of this graph are the users. • The root of the graph is the database administrator. • A user has an authorization if and only if there is a path from the root of the authorization graph (namely, the node representing the database administrator) down to the node representing the user
EXAMPLE OF GRANTING OF PRIVILEGES • Take an example, the granting of update authorization on the loan relation of the bank database. • Assume that, initially, the database administrator grants update authorization on loan to users U1, U2, andU3, who may in turn pass on this authorization to other users. • In the diagram on next slide , observe that user U5 is granted authorization by both U1 and U2; U4 is granted authorization by only U1. • Suppose that the database administrator decides to revoke the authorization of user U1.Since U4 has authorization from U1,that authorization should be revoked. However, U5 was granted authorization by both U1 and U2. • Since the database administrator did not revoke update authorization on loan from U2, U5 retains update authorization on loan. If U2 eventually revokes authorization from U5, then U5 loses the authorization.
AUTHORIZATION GRANT GRAPH
NOTION OF ROLES • A set of roles is created in the database. • Authorizations can be granted to roles, in as they are granted to individual users. • Each database user is granted a set of roles that he is authorized to perform. • In bank database, examples of roles include teller, branch-manager, auditor, and system-administrator.
AUDIT TRAILS • Many secure database applications require an audit trail be maintained. • An audit trail is a log of all changes (inserts/deletes/updates) to the database, along with information such as which user performed the change and when the change was performed.
AUTHORIZATION IN SQL • Privileges in SQL • The SQL standard includes the privileges delete insert select Update The select privilege corresponds to the read privilege.
READ AUTHORIZATION • Privileges can be granted and revoked. • The grant statement is used to confer authorization. • The basic form of this statement is: grant <privilege list> on <relation name or view name> to <user/role list> • The privilege list allows the granting of several privileges in one command. • The following grant statement grants users U1, U2, andU3 select authorization on the account relation: grant select on account to U1, U2, U3
UPDATE AUTHORIZATION • This grant statement gives users U1,U2,andU3 update authorization on the amount attribute of the loan relation: grant update (amount) on loan to U1, U2, U3 • If update authorization is included in a grant statement, the list of attributes on which update authorization is to be granted appears in parentheses. • If the list of attributes is omitted, the update privilege will be granted on all attributes of the relation.
ROLE CREATION • Roles can be created inas create role teller • Roles can then be granted privileges just as the users can, as shown in statement: grant select on account to teller • Roles can be assigned to the users, as well as to some other roles As shown grant teller to john create role manager grant teller to manager grant manager to mary
THE PRIVILEGE TO GRANT PRIVILEGES • A user/role that is granted a privilege is not authorized to grant that privilege to another user/role. • If we want to grant a privilege to the recipient to pass the privilege onto other users, we append the with grant option clause to the appropriate grant command. • For example, if we wish to allow U1 the select privilege on branch and allow U1 to grant this privilege to others, then grant select on branch to U1 with grant option
REVOKE AN AUTHORIZATION • we use the revoke statement • revoke <privilege list> on <relation name or view name> from <user/role list> [restrict| cascade] • Thus, to revoke the privileges that we granted previously, we write: revoke select on branch from U1, U2, U3 revoke update (amount) on loan from U1, U2, U3 revoke references (branch-name) on branch from U1
CASCADING OF REVOKE • Sometimes, revocation of a privilege from a user/role may cause other users/roles also to lose that privilege. • This behavior is called cascading of the revoke.
Security and Authorization

Recommended

Users and groups in xp
Users and groups in xpUsers and groups in xp
Users and groups in xpRauf Wani
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
Roshni814224
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
ssuser77162c
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
RahafKhalid14
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
uncleRhyme
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.ppt
DharaDarji5
 

Recommended

Users and groups in xp
Users and groups in xpUsers and groups in xp
Users and groups in xpRauf Wani
 
Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
Roshni814224
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
ssuser77162c
 
security and privacy in dbms and in sql database
security and privacy in dbms and in sql databasesecurity and privacy in dbms and in sql database
security and privacy in dbms and in sql database
gourav kottawar
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
RahafKhalid14
 
01 database security ent-db
01 database security ent-db01 database security ent-db
01 database security ent-db
uncleRhyme
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.ppt
DharaDarji5
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
Md. Ahasan Hasib
 
DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
Amman Arab University
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
BeyondTrust
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
A. S. M. Shafi
 
Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
Deny Prasetia
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
missionsk81
 
Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348
shubham singh
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
Mukesh Tekwani
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NET
Supriya G
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational modelSlideshare
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
Salman Memon
 
Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Database Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,ViewDatabase Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
Unit ii
Unit ii Unit ii
Unit ii
Sangeetha Rangarajan
 
OER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB securityOER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB security
Girija Muscut
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Data base security
Data base securityData base security
Data base security
Sara Nazir
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
What is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptxWhat is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptx
Megha yadav
 
Overview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptxOverview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptx
Megha yadav
 

More Related Content

Similar to Security and Authorization

Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
Md. Ahasan Hasib
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
BeyondTrust
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
A. S. M. Shafi
 
Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
Deny Prasetia
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
Zara Nawaz
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
missionsk81
 
Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348
shubham singh
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
Mukesh Tekwani
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NET
Supriya G
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational modelSlideshare
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
Salman Memon
 
Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Database Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,ViewDatabase Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
Unit ii
Unit ii Unit ii
Unit ii
Sangeetha Rangarajan
 
OER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB securityOER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB security
Girija Muscut
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
missionsk81
 
Data base security
Data base securityData base security
Data base security
Sara Nazir
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 

Similar to Security and Authorization (20)

Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
 
Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)Implementing role based access control on Web Application (sample case)
Implementing role based access control on Web Application (sample case)
 
information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...information security(authentication application, Authentication and Access Co...
information security(authentication application, Authentication and Access Co...
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
 
Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
 
Defending broken access control in .NET
Defending broken access control in .NETDefending broken access control in .NET
Defending broken access control in .NET
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational model
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Views and security
Views and securityViews and security
Views and security
 
Views and security
Views and securityViews and security
Views and security
 
Database Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,ViewDatabase Security Methods, DAC, MAC,View
Database Security Methods, DAC, MAC,View
 
Unit ii
Unit ii Unit ii
Unit ii
 
OER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB securityOER- Unit 3 Authorization-DB security
OER- Unit 3 Authorization-DB security
 
MobileDBSecurity.pptx
MobileDBSecurity.pptxMobileDBSecurity.pptx
MobileDBSecurity.pptx
 
Data base security
Data base securityData base security
Data base security
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 

More from Megha yadav

What is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptxWhat is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptx
Megha yadav
 
Overview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptxOverview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptx
Megha yadav
 
Types of RPA BOT and Tools
Types of RPA BOT and ToolsTypes of RPA BOT and Tools
Types of RPA BOT and Tools
Megha yadav
 
Introduction to RPA
Introduction to RPAIntroduction to RPA
Introduction to RPA
Megha yadav
 
Digital Marketing Syllabus
Digital Marketing Syllabus Digital Marketing Syllabus
Digital Marketing Syllabus
Megha yadav
 
Structure of dbms
Structure of dbmsStructure of dbms
Structure of dbms
Megha yadav
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraints
Megha yadav
 
Grid computing
Grid computingGrid computing
Grid computing
Megha yadav
 
Distributed Computing
Distributed Computing Distributed Computing
Distributed Computing
Megha yadav
 
Cluster computing
Cluster computingCluster computing
Cluster computing
Megha yadav
 
Introduction to SEO
Introduction to SEOIntroduction to SEO
Introduction to SEO
Megha yadav
 
Website Architecture
Website ArchitectureWebsite Architecture
Website Architecture
Megha yadav
 

More from Megha yadav (12)

What is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptxWhat is Numerical And Categorical Data .pptx
What is Numerical And Categorical Data .pptx
 
Overview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptxOverview of DBMS/Introduction to DBMSpptx
Overview of DBMS/Introduction to DBMSpptx
 
Types of RPA BOT and Tools
Types of RPA BOT and ToolsTypes of RPA BOT and Tools
Types of RPA BOT and Tools
 
Introduction to RPA
Introduction to RPAIntroduction to RPA
Introduction to RPA
 
Digital Marketing Syllabus
Digital Marketing Syllabus Digital Marketing Syllabus
Digital Marketing Syllabus
 
Structure of dbms
Structure of dbmsStructure of dbms
Structure of dbms
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraints
 
Grid computing
Grid computingGrid computing
Grid computing
 
Distributed Computing
Distributed Computing Distributed Computing
Distributed Computing
 
Cluster computing
Cluster computingCluster computing
Cluster computing
 
Introduction to SEO
Introduction to SEOIntroduction to SEO
Introduction to SEO
 
Website Architecture
Website ArchitectureWebsite Architecture
Website Architecture
 

Recently uploaded

power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
ViniHema
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
manasideore6
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
AafreenAbuthahir2
 

Recently uploaded (20)

power quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptxpower quality voltage fluctuation UNIT - I.pptx
power quality voltage fluctuation UNIT - I.pptx
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
Fundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptxFundamentals of Electric Drives and its applications.pptx
Fundamentals of Electric Drives and its applications.pptx
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234WATER CRISIS and its solutions-pptx 1234
WATER CRISIS and its solutions-pptx 1234
 

Security and Authorization

  • 2. SECURITY VIOLATIONS • Security : Protection of the data against unauthorized destruction. • Violations: In database violation are either malicious (Unauthorized reading, modification ,destruction) or accidental(crash, concurrent access) . • Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. • In security violation the sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an unauthorized person .
  • 3. REASONS OF SECURITY VIOLATION ARE • Unauthorized reading of data (theft of information) • Unauthorized modification of data • Unauthorized destruction of data
  • 4. SECURITY MEASURES • Database security refers to protection from malicious access. • Database system. Some database-system users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is the responsibility of the database system to ensure that these authorization restrictions are not violated. • Operating system. No matter how secure the database system is, weakness in operating-system security may serve as a means of unauthorized access to the database. • Network. Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in private networks.
  • 5. • Physical. Sites with computer systems must be physically secured against entry by intruders. • Human. Users must be authorized carefully to reduce the chance of any user giving access to an intruder in exchange for a bribe or other favors. • Security at all these levels must be maintained if database security is to be ensured
  • 6. AUTHORIZATION • Authorization is the process where the database manager gets information about the authenticated user to determining which database operations the user can perform and which data objects a user can access.
  • 7. FORMS OF AUTHORIZATION These forms of authorization are used to access the data • Read authorization allows reading, but not modification, of data. • Insert authorization allows insertion of new data, but not modification of existing data. • Update authorization allows modification, but not deletion, of data. • Delete authorization allows deletion of data database
  • 8. FORM OF AUTHORIZATION These form of authorization is use to modify the database schema: • Index authorization :allows the creation and deletion of indices. • Resource authorization :allows the creation of new relations. • Alteration authorization: allows the addition or deletion of attributes in a relation. A user with resource authorization who creates a new relation is given all privileges on that relation automatically. • Drop authorization :allows the deletion of relations.
  • 9. DIFFERENCE BETWEEN DROP AND DELETE AUTHORIZATION : • Delete Authorization allows deletion of tuples only. If a user deletes all tuples of a relation, the relation still exists, but it is empty. • Drop Authorization If a relation is dropped, it no longer exists.
  • 10. AUTHORIZATION AND VIEWS • Views are used for security purpose in databases. • A view can hide data that a user does not need to see. The ability of views to hide data serves both to simplify usage of the system and to enhance security. Views simplify system usage because they restrict the user’s attention to the data of interest. Although a user may be denied direct access to a relation, that user may be allowed to access part of that relation through a view.
  • 11. VIEW EXAMPLE • In our banking example, • A clerk who needs to know the names of all customers who have a loan at each branch. This clerk is not authorized to see information regarding specific loans that the customer may have. • Thus, the clerk must be denied direct access to the loan relation. But, the clerk must be granted access to the view cust-loan, which consists of only the names of customers and the branches at which they have a loan.
  • 12. VIEW QUERY • This view can be defined in SQL as follows: create view cust-loan as (select branch-name, customer-name from borrower, loan where borrower.loan-number = loan.loan-number) In our cust-loan view example, the creator of the view must have read authorization on both the borrower and loan relations.
  • 13. GRANTING OF PRIVILEGES • A user who has been granted some form of authorization may be allowed to pass on this authorization to other user. • The passing of authorization from one user to another can be represented by an authorization graph • The nodes of this graph are the users. • The root of the graph is the database administrator. • A user has an authorization if and only if there is a path from the root of the authorization graph (namely, the node representing the database administrator) down to the node representing the user
  • 14. EXAMPLE OF GRANTING OF PRIVILEGES • Take an example, the granting of update authorization on the loan relation of the bank database. • Assume that, initially, the database administrator grants update authorization on loan to users U1, U2, andU3, who may in turn pass on this authorization to other users. • In the diagram on next slide , observe that user U5 is granted authorization by both U1 and U2; U4 is granted authorization by only U1. • Suppose that the database administrator decides to revoke the authorization of user U1.Since U4 has authorization from U1,that authorization should be revoked. However, U5 was granted authorization by both U1 and U2. • Since the database administrator did not revoke update authorization on loan from U2, U5 retains update authorization on loan. If U2 eventually revokes authorization from U5, then U5 loses the authorization.
  • 16. NOTION OF ROLES • A set of roles is created in the database. • Authorizations can be granted to roles, in as they are granted to individual users. • Each database user is granted a set of roles that he is authorized to perform. • In bank database, examples of roles include teller, branch-manager, auditor, and system-administrator.
  • 17. AUDIT TRAILS • Many secure database applications require an audit trail be maintained. • An audit trail is a log of all changes (inserts/deletes/updates) to the database, along with information such as which user performed the change and when the change was performed.
  • 18. AUTHORIZATION IN SQL • Privileges in SQL • The SQL standard includes the privileges delete insert select Update The select privilege corresponds to the read privilege.
  • 19. READ AUTHORIZATION • Privileges can be granted and revoked. • The grant statement is used to confer authorization. • The basic form of this statement is: grant <privilege list> on <relation name or view name> to <user/role list> • The privilege list allows the granting of several privileges in one command. • The following grant statement grants users U1, U2, andU3 select authorization on the account relation: grant select on account to U1, U2, U3
  • 20. UPDATE AUTHORIZATION • This grant statement gives users U1,U2,andU3 update authorization on the amount attribute of the loan relation: grant update (amount) on loan to U1, U2, U3 • If update authorization is included in a grant statement, the list of attributes on which update authorization is to be granted appears in parentheses. • If the list of attributes is omitted, the update privilege will be granted on all attributes of the relation.
  • 21. ROLE CREATION • Roles can be created inas create role teller • Roles can then be granted privileges just as the users can, as shown in statement: grant select on account to teller • Roles can be assigned to the users, as well as to some other roles As shown grant teller to john create role manager grant teller to manager grant manager to mary
  • 22. THE PRIVILEGE TO GRANT PRIVILEGES • A user/role that is granted a privilege is not authorized to grant that privilege to another user/role. • If we want to grant a privilege to the recipient to pass the privilege onto other users, we append the with grant option clause to the appropriate grant command. • For example, if we wish to allow U1 the select privilege on branch and allow U1 to grant this privilege to others, then grant select on branch to U1 with grant option
  • 23. REVOKE AN AUTHORIZATION • we use the revoke statement • revoke <privilege list> on <relation name or view name> from <user/role list> [restrict| cascade] • Thus, to revoke the privileges that we granted previously, we write: revoke select on branch from U1, U2, U3 revoke update (amount) on loan from U1, U2, U3 revoke references (branch-name) on branch from U1
  • 24. CASCADING OF REVOKE • Sometimes, revocation of a privilege from a user/role may cause other users/roles also to lose that privilege. • This behavior is called cascading of the revoke.