DATABASE SECURITY

By Oscar Suciadi CS 157B Prof. Sin-Min Lee

Definition
Database Security is the mechanism that protect the database against intentional or accidental threats. We consider database security in relation to the following situations: - Theft and Fraud - Loss of confidentiality

Introduction
Loss of privacy

Loss of integrity Loss of availability

Threat is any intentional or accidental event that may adversely affect the system.

Introduction (Cont)
Examples of threats: - Using another persons log-in name to access data - Unauthorized copying data - Program/Data alteration - Illegal entry by hacker - Viruses - Etc.

Countermeasures
Computer-Based Controls: - Authorization - Views - Backup and Recovery - Integrity - Encryption - RAID Technology

Authorization
The granting of a privilege that enable a user to have a legitimate access to a system.

They are sometimes referred as access controls. The process of authorization involves authenticating the user requesting access to objects.

Authenticating
Means a mechanism that determines whether a user is who he/she claim to be. A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.

Closed Vs Open Systems

Closed Systems Some DBMS required authorization for authorized DBMS users to access specific objects. Open Systems Allow users to have complete access to all objects within the database.

A DBMS may permit both individual user identifiers and group identifiers to be created. Certain privileges may be associated with specific identifiers, which indicate what kind of privilege is allowed with certain with certain database objects.

Each privileges has a binary value associated with it. The binary values are summed and the total value indicates what privileges are allowed for a specific user or group with a particular object.

User & Group Identifier

User Identifier SG37 SG14 SG5 Sales Type User User User Group Group Sales Sales Member Identifier SG37 SG14

Access Control Matrix

User Property# Identifier Sales SG37 0001 0101 Type Price Owner# Staff# Branch# Query Row Limit 15 100

0001 0101

0001 0111

0000 0101

0000 0111

0000 0000

SG5

1111

1111

1111

1111

1111

1111

none

SELECT 0001

UPDATE 0010

INSERT 0100

DELETE 1000

ALL 1111

Views
Is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.

Views (Cont)
The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. The user is not aware of the existence of any attributes or rows that are missing from the view.

Backup & Recovery

Is the process of periodically taking a copy of the database and log file on to offline storage media.
DBMS should provide backup facilities to assist with the recovery of a database failure.

Integrity
Maintaining a secure database system by preventing data from becoming invalid.

Encryption
The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key. There will be degradation in performance because of the time taken to decode it. It also protects the data transmitted over communication lines.

Redundant Array of Independent Disks

The hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails.
One solution is the use of RAID technology.

RAID

RAID (Cont)
RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.