Chapter

Database Security
Definition
Database Security is
the mechanism that protect the database against intentional
or accidental threats.

We consider database security in relation to the following

situations:
- Theft and Fraud
- Loss of confidentiality
Introduction
 Loss of privacy
 Loss of integrity
 Loss of availability

Threat is
any intentional or accidental event that may
adversely affect the system.
 Introduction (Cont)
Examples of threats:
- Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
- Etc.
 Countermeasures
Computer-Based Controls:
- Authorization
- Views
- Backup and Recovery
- Integrity
- Encryption
- RAID Technology
 Authorization
The granting of a privilege that enable a user to have a legitimate
access to a system.

They are sometimes referred as access controls.

The process of authorization involves authenticating the user

requesting access to objects.
Authenticating
Means a mechanism that determines whether a user is who
he/she claim to be.

A system administrator is responsible for allowing users to have

access to the system by creating individual user accounts.
 Closed Vs Open Systems
Closed Systems
Some DBMS required authorization for authorized DBMS users
to access specific objects.

Open Systems
Allow users to have complete access to all objects within the
database.
A DBMS may permit both individual user identifiers and group
identifiers to be created.

Certain privileges may be associated with specific identifiers,

which indicate what kind of privilege is allowed with certain
with certain database objects.
Each privileges has a binary value associated with it. The binary
values are summed and the total value indicates what
privileges are allowed for a specific user or group with a
particular object.
 User & Group Identifier

User Type Group Member

Identifier Identifier
SG37 User Sales SG37
SG14 User Sales SG14
SG5 User
Sales Group
 Access Control Matrix
User Property# Type Price Owner# Staff# Branch# Query
Identifier Row
Limit
Sales 0001 0001 0001 0000 0000 0000 15

SG37 0101 0101 0111 0101 0111 0000 100

SG5 1111 1111 1111 1111 1111 1111 none

SELECT UPDATE INSERT DELETE ALL

0001 0010 0100 1000 1111
Views
Is the dynamic result of one or more relational operations
operating on the base relations to produce another relation.

A view is a virtual relation that does not actually exist in the

database, but is produced upon request by a particular user,
at the time of request.
Views (Cont)
The view mechanism provides a powerful and flexible security
mechanism by hiding parts of the database from certain
users.

The user is not aware of the existence of any attributes or rows

that are missing from the view.
 Backup & Recovery

Is the process of periodically taking a copy of the database and log

file on to offline storage media.

DBMS should provide backup facilities to assist with the recovery

of a database failure.
 Integrity

Maintaining a secure database system by preventing data from

becoming invalid.
 Encryption
The encoding of data by a special algorithm that renders the data
unreadable by any program without the decryption key.

There will be degradation in performance because of the time

taken to decode it.

It also protects the data transmitted over communication lines.

RAID
Redundant Array of Independent Disks

The hardware that the DBMS is running on must be fault-tolerant,

meaning that the DBMS should continue to operate even if one
of the hardware components fails.

One solution is the use of RAID technology.

 RAID (Cont)

RAID works on having a large disk array comprising an

arrangement of several independent disks that are organized to
improve reliability and at the same time increase performance.