Scribd Logo
Upload

Welcome to Scribd!

  • Security: Database Management System (CS/IT 4 Sem) Unit 8

    Uploaded by

    ashwanimpec20
    23 views5 pages
    The document discusses database security and integrity. It covers authentication to verify user identities, authorization to control access privileges, and encryption to protect sensitive data. The key aspects of database security are ensuring only authorized access and preventing accidental or malicious changes to data. Data integrity is also important to maintain accurate, consistent data through mechanisms like primary keys, foreign keys, and domain constraints.

    Original Description:

    Original Title

    DBMS unit 8

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses database security and integrity. It covers authentication to verify user identities, authorization to control access privileges, and encryption to protect sensitive data. The key aspects of database security are ensuring only authorized access and preventing accidental or malicious changes to data. Data integrity is also important to maintain accurate, consistent data through mechanisms like primary keys, foreign keys, and domain constraints.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views5 pages

    Security: Database Management System (CS/IT 4 Sem) Unit 8

    Uploaded by

    ashwanimpec20
    The document discusses database security and integrity. It covers authentication to verify user identities, authorization to control access privileges, and encryption to protect sensitive data. The key aspects of database security are ensuring only authorized access and preventing accidental or malicious changes to data. Data integrity is also important to maintain accurate, consistent data through mechanisms like primary keys, foreign keys, and domain constraints.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Database Management System (CS/IT 4th SEM) unit 8

    Security
    Introduction
    Persons responsible for databases needed to be concerned with preserving the integrity and
    security of the data.

    Data integrity is concerned with ensuring the ACCURACY of the data. In particular, the
    concern is with protecting the data from ACCIDENTAL inaccuracy, due to causes like:

    1. Data entry errors

    2. System crashes

    3. Anomalies due to concurrent and/or distributed processing

    Data security is concerned with ensuring only AUTHORIZED ACCESS to the data. In
    particular, we don't want unauthorized persons to be able to read sensitive data, and we don't
    want malicious persons to be able to damage the data by unauthorized insertions, deletions, or
    updates.

    Authentication
    User authentication is to make sure that the person accessing the database is who he claims to be.
    Authentication can be done at the operating system level or even the database level itself. Many
    authentication systems such as retina scanners or bio-metrics are used to make sure unauthorized
    people cannot access the database.

    Authorization

    Authorization is a privilege provided by the Database Administer. Users of the database can only
    view the contents they are authorized to view. The rest of the database is out of bounds to them.

    The different permissions for authorizations available are:

     Primary Permission - This is granted to users publicly and directly.

    1
    Database Management System (CS/IT 4th SEM) unit 8

     Secondary Permission - This is granted to groups and automatically awarded to a user if


    he is a member of the group.
     Public Permission - This is publicly granted to all the users.
     Context sensitive permission - This is related to sensitive content and only granted to a
    select users.

    The categories of authorization that can be given to users are:

     System Administrator - This is the highest administrative authorization for a user. Users
    with this authorization can also execute some database administrator commands such as
    restore or upgrade a database.
     System Control - This is the highest control authorization for a user. This allows
    maintenance operations on the database but not direct access to data.
     System Maintenance - This is the lower level of system control authority. It also allows
    users to maintain the database but within a database manager instance.
     System Monitor - Using this authority, the user can monitor the database and take
    snapshots of it.

    Database Integrity
    Data integrity in the database is the correctness, consistency and completeness of data. Data
    integrity is enforced using the following three integrity constraints:

     Entity Integrity - This is related to the concept of primary keys. All tables should have
    their own primary keys which should uniquely identify a row and not be NULL.
     Referential Integrity - This is related to the concept of foreign keys. A foreign key is a
    key of a relation that is referred in another relation.
     Domain Integrity - This means that there should be a defined domain for all the columns
    in a database.

    2
    Database Management System (CS/IT 4th SEM) unit 8

    Encryption
    Any time information is transmitted over a communication link from one place to another, it is
    vulnerable to being intercepted and even altered by unauthorized users.

    Systems which can be accessed from remote sites are also potentially vulnerable to penetration
    by unauthorized users, who may be able to then obtain unauthorized access to read or motify the
    database by masquerading as a legitimate user.

    Encryption can be used to reduce the risk of both types of unauthorized access.

    a. Sensitive information being transmitted over a network should certainly be encrypted in some
    suitable way.

    b. Stored data may also be encrypted to prevent unauthorized users from understanding it if they
    do obtain illicit access to it.

    A DBMS can use encryption to protect information  in certain situations where the normal
    security mechanisms of the DBMS are not adequate. For example, an intruder may steal tapes
    containing some data or tap a communication line. By storing and transmitting data in an
    encrypted form, the DBMS ensures that such stolen data is not intelligible to the intruder. Thus,
    encryption is a technique to provide privacy of data.

    In encryption, the message to be encrypted is known as plaintext. The plaintext is transformed by


    a function that is parameterized by a key. The output of the encryption process is known as the
    cipher text. Ciphertext is then transmitted over the network. The process of converting the
    plaintext to ciphertext is called as Encryption and process of converting the ciphertext to

    3
    Database Management System (CS/IT 4th SEM) unit 8

    plaintext is called as Decryption. Encryption is performed at the transmitting end and decryption
    is performed at the receiving end. For encryption process we need the encryption key and for
    decryption process we need decryption key as shown in figure. Without the knowledge of
    decryption key intruder cannot break the ciphertext to plaintext. This process is also called as
    Cryptography.

    The basic idea behind encryption is to apply an encryption algorithm, which may' be accessible
    to the intruder, to the original data and a user-specified or DBA-specified encryption key, 'which
    is kept secret. The output of the algorithm is the encrypted version of the data. There is also a
    decryption algorithm, which takes the encrypted data and the decryption key as input and then
    returns the original data. Without the correct decryption key, the decryption algorithm produces
    gibberish. Encryption and decryption keys may be same or· different but there must be relation
    between the both which must me secret.

    Techniques used for Encryption


    There are following techniques used for encryption process:

    • Substitution Ciphers

    • Transposition Ciphers
     Substitution Ciphers: In a substitution cipher each letter or group of letters is replaced
    by another letter or group of letters to mask them For example: a is replaced with D, b
    with E, c with F and z with C. In this way attack becomes DWWDFN. The substitution
    ciphers are not much secure because intruder can easily guess the substitution characters.
     Transposition Ciphers: Substitution ciphers preserve the order of the plaintext symbols
    but mask them-;-The transposition cipher in contrast reorders the letters but do not mask
    them. For this process a key is used. For example: iliveinqadian  may be coded
    as divienaniqnli. The transposition ciphers are more secure as compared to substitution
    ciphers.

    4
    Database Management System (CS/IT 4th SEM) unit 8

    Disadvantages of encryption
    There are following problems of Encryption:

     Key management (i.e. keeping keys secret) is a problem. Even in public-key encryption
    the decryption key must be kept secret.
     Even in a system that supports encryption, data must often be processed in plaintext form.
    Thus sensitive data may still be accessible to transaction programs.
     Encrypting data gives rise to serious technical problems at the level of physical storage
    organization. For example indexing over data, which is stored in encrypted form, can be very
    difficult.

    You might also like