the heart of each information system
a persistent collection of related data,
where data are facts that have an implicit
built to store logically interrelated data
representing some aspects of the real
world, which must be collected, processed,
and made accessible to a given user
• The database is constructed according
to a data model which define the way in
which data and interrelationships
between them can be represented.
• The collection of software programs that
provide the functionalities for defining,
maintaining, and accessing data stored
in a database is called a database
management system (DBMS).
Database abstraction levels
storage of the
logical level )
• providing the
users with a
the real world
the views that
have on the
The internal level maps the logical
objects supported by the data model to
the physical objects of the underlying
• Concerned with
of information. The
terms secrecy or non-
• Concerned with
of information or
• Concerned with
improper denial of
access to information.
The term denial of
service is also used
as a synonym for
• When someone is granted database privileges that
exceed the requirements of their job function, these
privileges can be abused.
Excessive and Unused Privileges
• Users may abuse legitimate database privileges for
• Injection attacks usually involve inserting (or
“injecting”) unauthorized or malicious statements into
the input fields of web applications that gives an
attacker unrestricted access to an entire database.
Input Injection (Formerly SQL Injection)
• Cybercriminals, state-sponsored hackers, and spies use
advanced attacks that blend multiple tactics—such as
spear phishing emails and malware—to penetrate
organizations and steal sensitive data.
• Automated recording of database transactions involving
sensitive data should be part of any database deployment.
Failure to collect detailed audit records of database activity
represents a serious organizational risk on many levels.
Weak Audit Trail
• Backup storage media is often completely unprotected from
Storage Media Exposure
• It is common to find vulnerable and un-patched databases, or
discover databases that still have default accounts and
Exploitation of Vulnerable, Misconfigured
• Many companies struggle to maintain an accurate inventory of
their databases and the critical data objects contained within them.
Unmanaged Sensitive Data
• Denial of Service (DoS) is a general attack category in which
access to network applications or data is denied to intended users.
Denial of Service
• Many organizations are ill-equipped to deal with a security breach
due to the lack of expertise required to implement security
controls, enforce policies, or conduct incident response processes.
Limited Security Expertise and Education
Approaches to Data Security
• Prevention ensures that security breaches cannot
occur. The basic technique is that the system
examines every action and checks its conformance
with the security policy before allowing it to occur.
• This technique is called access control.
• Detection ensures that sufficient history of the
activity in the system is recorded in an audit trail, so
that a security breach can be detected after the fact.
• This technique is called auditing.
Access Control Policies
Discretionary Access Control
• The word discretionary characterizes the fact that users
can be given the ability of passing their privileges to
• Discretionary access control policies are based on
• An authorization rule states that a subject has the privilege to
exercise a given action on a given object.
• The kind (and granularity) of subjects, objects, and
actions that can be referenced in authorizations may be
different in different systems.
Discretionary access control policies
Subjects are the entities
to which authorizations
can be granted.
Typically, subjects are
Objects are the entities
to be protected.
(tables or portion of it) or
Actions define the
specific operations that
subjects can execute on
Actions to be supported
include the operations
corresponding to the
basic read, write, delete,
create, and execute
• Authorizations define which accesses are
to be allowed.
• The simplest form of authorization is a triple
(subject, object, action) specifying that
subject is authorized to exercise action on
• subject object access
• Joe Black Employee-relation read
Granularity and Modes of Access Control
DAC modes in SQL operations
The ability to INSERT and
DELETE is specified on a
relation by relation basis.
SELECT is also usually
specified on a relation by
UPDATE can be restricted
to certain columns of a
Access Control Mechanisms
View Based Access Control
• A base relation is a “real" relation in the
database, that is actually stored in the
• A view is a “virtual" relation which is derived
from base relations and other views.
• For retrieval purposes users need not
distinguish between views and base
• Views, therefore, provide a very powerful
mechanism for specifying data-dependent
authorization for data retrieval.
A user who has read access
to TOY-DEPT is thereby
limited to retrieving
information about employees
in the Toy Department.
Suppose that a new
Brown is inserted in
EMPLOYEE, as shown
in Table 3. The view
TOY-DEPT will be
automatically modified to
include Brown, as
shown in Table 4.
Views can also be used to provide access to statistical information.
A view is simply another relation in the database,
which happens to be automatically
modified by the DBMS whenever its base relations are modified.
Difficult to maintain updates.
• Granting and revocation allow users to selectively and
dynamically grant privileges to other users, and
subsequently revoke them if so desired.
• The GRANT command applies to base relations as well
• In SQL granting is accomplished by means of the GRANT
statement which has the following general format.
Note that it is not possible to
grant a user the grant option on
a privilege, without
allowing the grant option itself to
be further granted.
• Revocation in SQL is accomplished by means of the
REVOKE statement which has the following general
Assign rights to execute compiled programs
GRANT RUN ON <program> TO <user>
Programs may access resources for which the user who runs the program
does not have permission.
• It is not supported in SQL
• In this technique, a query submitted by a user is
modified to include further restrictions as determined
by the user's authorization.