Scribd Logo
Upload

Welcome to Scribd!

  • Pertemuan 13

    Uploaded by

    zami satria
    5 views3 pages
    The document discusses several topics related to database security: 1. Database attacks can result in sensitive information being disclosed to unauthorized individuals, altered in unacceptable ways, or made inaccessible to authorized individuals. The underlying operating system is also vulnerable to attacks. 2. Malicious attackers can infer sensitive information from non-sensitive data on a database, especially by combining existing knowledge with database contents. 3. Non-sensitive data pieces can become sensitive when aggregated, requiring controls like labeling some aggregates as sensitive. Polyinstantiation provides different views of data to users with varying permissions. 4. Most database applications rely on underlying operating system services, so enhancing database security involves implementing database keys and audit records using the operating system

    Original Description:

    Original Title

    pertemuan 13

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses several topics related to database security: 1. Database attacks can result in sensitive information being disclosed to unauthorized individuals, altered in unacceptable ways, or made inaccessible to authorized individuals. The underlying operating system is also vulnerable to attacks. 2. Malicious attackers can infer sensitive information from non-sensitive data on a database, especially by combining existing knowledge with database contents. 3. Non-sensitive data pieces can become sensitive when aggregated, requiring controls like labeling some aggregates as sensitive. Polyinstantiation provides different views of data to users with varying permissions. 4. Most database applications rely on underlying operating system services, so enhancing database security involves implementing database keys and audit records using the operating system

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    Pertemuan 13

    Uploaded by

    zami satria
    The document discusses several topics related to database security: 1. Database attacks can result in sensitive information being disclosed to unauthorized individuals, altered in unacceptable ways, or made inaccessible to authorized individuals. The underlying operating system is also vulnerable to attacks. 2. Malicious attackers can infer sensitive information from non-sensitive data on a database, especially by combining existing knowledge with database contents. 3. Non-sensitive data pieces can become sensitive when aggregated, requiring controls like labeling some aggregates as sensitive. Polyinstantiation provides different views of data to users with varying permissions. 4. Most database applications rely on underlying operating system services, so enhancing database security involves implementing database keys and audit records using the operating system

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    KEAMANAN DATABASE

    Penyerangan Database
     Informasi sensitif yang tersimpan di dalam database dapat terbuka (disclosed) bagi orang-orang yang
    tidak diizinkan (unauthorized ).
     Informasi sensitif yang tersimpan di dalam database dapat altered in an unacceptable manner
     Informasi sensitif yang tersimpan di dalam database dapat inaccessible bagi orang-orang yang
    diizinkan.
     the underlying operating system may be attacked -- most difficult problem

    Database Inference Problem


     Malicious attacker may infer sensitive information (that is hidden) from information on a database
    that is deemed not sensitive (made public)
     More difficult problem: attacker may infer information combining what’s on the database with what is
    already known

    Database Aggregation Problem


     Bagian-bagian informasi tidak sensitive, dan menjadi sensitive ketika digabungkan secara bersamaan.
     Controls for the aggregation problem
    o Honeywell LOCK Data Views (LDV) database system ; pieces of data labeled as
    nonsensitive, aggregates labeled as sensitive
    o SRI SeaView database system ; pieces of data labeled as sensitive, aggregates may then be
    labeled as non sensitive

    Polyinstantiation, a Control Against Disclosure


     This approach involves different views of a database object existing for users with different security
    attributes
     Addresses the aggregation problem by providing different security labels to different aggregates
    separately
     Addresses the inference problem by providing a means for hiding information that may be used to
    make inferences

    Database Applications on Secure Bases

     Most database applications rely on underlying services of an operating system


     Exporting these services from a TCB would enhance the security of the database
    o database keys implemented using security labels from underlying TCB
    o TCB keeps audit records of operations on database
    o OS file system protection extended to database
    Perangkat keras
    Kebakaran, banjir, bom,
    pencurian, listrik, gempa, radiasi,
    kesalahan mekanisme keamanan

    Jaringan
    Komunikasi
    Kabel yang tidak
    terkoneksi, radiasi
    DBMS dan Program
    Database Aplikasi
    Aturan / amandemen Kesalahan mekanisme
    yang tidak diotorisasi, keamanan
    penduplikatan data, Akses yang terlalu luas
    pencurian data, Pencurian program
    kehilangan data akibat Kesalahan program
    gangguan listrik

    Pengguna Akhir Programmer / Database


     Menggunakan hak Operator Administrator
    akses orang lain.
     Melihat & menutup  Membuat Password.  Kebijakan
    data yang tidak  Membuat program keamanan &
    diotorisasi yang tidak aman prosedur
     Staf tidak di-training  Staf yang tidak di-
     Pemasukan data training.
    yang dilakukan oleh  Kebijakan
    yang tidak berhak. keamanan &
     Virus prosedur
     pemerasan  Pemogokan staf

    Penyalahgunaan Database :
    1. Tidak disengaja, jenisnya :
    a. kerusakan selama proses transaksi
    b. anomali yang disebabkan oleh akses database yang konkuren
    c. anomali yang disebabkan oleh pendistribuasian data pada beberapa komputer
    d. logika error yang mengancam kemampuan transaksi untuk mempertahankan
    konsistensi database.
    2. Disengaja, jenisnya :
    a. Pengambilan data / pembacaan data oleh pihak yang tidak berwenang.
    b. Pengubahan data oleh pihak yang tidak berwenang.
    c. Penghapusan data oleh pihak yang tidak berwenang.

    Tingkatan Pada Keamanan Database :


    1. Fisikal  lokasi-lokasi dimana terdapat sistem komputer haruslah aman secara fisik
    terhadap serangan perusak.
    2. Manusia  wewenang pemakai harus dilakukan dengan berhati-hati untuk mengurangi
    kemungkinan adanya manipulasi oleh pemakai yang berwenang
    3. Sistem Operasi  Kelemahan pada SO ini memungkinkan pengaksesan data oleh pihak
    tak berwenang, karena hampir seluruh jaringan sistem database menggunakan akses jarak
    jauh.
    4. Sistem Database  Pengaturan hak pemakai yang baik.

    In-Secure
    ENKRIPSI Eksternal ENKRIPSI
    Network
    Remote Client

    Server DBMS

    Otorisasi FIREWALL
    Dan Akses

    Secure Local Client


    Internal
    Network
    (Intranet)
    Database

    Keamanan Data :
    1. Otorisasi :
     Pemberian Wewenang atau hak istimewa (priviledge) untuk mengakses sistem atau
    obyek database
     Kendali otorisasi (=kontrol akses) dapat dibangun pada perangkat lunak dengan 2 fungsi :
     Mengendalikan sistem atau obyek yang dapat diakses
     Mengendalikan bagaimana pengguna menggunakannya
     Sistem administrasi yang bertanggungjawab untuk memberikan hak akses dengan
    membuat account pengguna.

    You might also like