Scribd Logo
Upload

Welcome to Scribd!

  • Pca155 7

    Uploaded by

    bikash
    2 views8 pages
    pca document

    Original Title

    PCA155-7

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    pca document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views8 pages

    Pca155 7

    Uploaded by

    bikash
    pca document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Database Security

    PCA155-7 Madhav Subedi


    Database security concepts and needs
    • Database security can be defined as concept of adding
    protection against the databases, which embraces Data
    handled by various elements inside a system.
    • Database security involves protecting the database from
    unauthorized access, modification, or destruction.
    • The security of information typically follows the CIA model:
    confidentiality, integrity, and availability.
    • Database security is needed to guard against:
    – Unauthorized reading of data (theft of information)
    – Unauthorized modification of data
    – Unauthorized destruction of data

    PCA155-7 Madhav Subedi


    Security Levels
    • To protect the database we must take security measures at
    different levels:
    – Database System: Responsibility of the database system to ensure
    that the authorization restrictions are not violated.
    – Operation System: No matter how secure the database system is,
    weakness in operating system security may serve as a means of
    unauthorized access to the database.
    – Network: Since almost all database systems allow remote access
    through terminals or networks, software level security within the
    network software is as important as physical security, both on the
    Internet and in private networks.
    – Physical: Sites with computer system must be physically secured
    against armed or surreptitious entry by intruders.
    – Human: Users must be authorized carefully to reduce the chance of
    any user giving access to an intruder in exchange for a bribe or other
    favors.

    PCA155-7 Madhav Subedi


    Access control: Discretionary
    • Discretionary access control is based on the concept of access
    right, or privileges, and mechanisms for giving users such
    privileges.
    • A privilege allows a user to access some data objects in a
    certain manner (e.g to read or modify).
    • A user who creates a database object such as a table or a view
    automatically gets all applicable privileges on that object.
    • SQL supports discretionary access control though the GRANT
    and REVOKE command.
    • The GRANT command gives privilege to user and REVOKE
    command takes away privilege.
    • E.g: REVOKE privileges on object from user
    GRANT privileges on object to user
    • In discretionary access control method, a devious unauthorized
    user can trick an authorized user into disclosing sensitive data.

    PCA155-7 Madhav Subedi


    Access control: Mandatory
    • Mandatory access control method is based on
    system wide policies that cannot be changed by
    the individual users.
    • In this approach each database object is assigned
    a security class, each user is assigned clearance
    for security class, and the rules are imposed on
    reading and writing of database objects by users.
    • These rules seek to insure that sensitive data can
    never be “passed on” to a user without the
    necessary clearance.
    PCA155-7 Madhav Subedi
    Encryption and Decryption
    • Encryption is the conversion of data into a form,
    called a cipher text that cannot be easily
    • understood by unauthorized people.
    • Data may be encrypted when database authorization
    provisions do not offer sufficient protection.
    • Properties of good encryption technique:
    – Relatively simple for authorized users to encrypt and
    decrypt data.
    – Encryption scheme depends not on the secrecy of the
    algorithm but on the secrecy of a parameter of the
    algorithm called the encryption key.
    – Extremely difficult for an intruder to determine the
    encryption key.

    PCA155-7 Madhav Subedi


    Encryption and Decryption…
    • Data Encryption Standard (DES) substitutes characters and rearranges
    their order on the basis of an encryption key which is provided to
    authorize users via a secure mechanism.
    – Scheme is no more secure than the key transmission mechanism since the
    key has to be shared.
    • Advanced Encryption Standard (AES) is a new standard replacing DES,
    and is also dependent on shared secret keys
    • Public-key encryption is based on each user having two keys:
    – public key - publicly published key used to encrypt data, but cannot be used
    to decrypt data
    – private key - key known only to individual user, and used to decrypt data.
    Need not be transmitted to the site doing encryption.
    – Encryption scheme is such that it is impossible or extremely hard to decrypt
    data given only the public key.
    – The RSA public-key encryption scheme is based on the hardness of factoring
    a very large number (100s of digits) into its prime components.
    • The act of restoring an encrypted file to its original state through the use
    of a key is decryption.

    PCA155-7 Madhav Subedi


    Encryption and Decryption…
    • Encryption is the conversion of data into a form, called a cipher text that cannot be easily
    • understood by unauthorized people.
    • Data may be encrypted when database authorization provisions do not offer sufficient protection.
    • Properties of good encryption technique:
    – Relatively simple for authorized users to encrypt and decrypt data.
    – Encryption scheme depends not on the secrecy of the algorithm but on the secrecy of a parameter of the algorithm
    called the encryption key.
    – Extremely difficult for an intruder to determine the encryption key.
    • Different encryption techniques are:-
    – Data Encryption Standard (DES) substitutes characters and rearranges their order on the basis of an encryption key
    which is provided to authorize users via a secure mechanism. Scheme is no more secure than the key transmission
    mechanism since the key has to be shared.
    – . E.g.
    – By substituting each character with the next character in the alphabet
    – Perryridge becomes Qfsszsjehf
    – Advanced Encryption Standard (AES) is a new standard replacing DES, and is also dependent on shared secret keys
    – Public-key encryption is based on each user having two keys:
    • public key – publicly published key used to encrypt data, but cannot be used to decrypt data
    • private key -- key known only to individual user, and used to decrypt data.
    Need not be transmitted to the site doing encryption.
    – Encryption scheme is such that it is impossible or extremely hard to decrypt data given only the public key.
    – The RSA public-key encryption scheme is based on the hardness of factoring a very large number (100's of digits)
    into its prime components.
    • Decryption
    • The act of restoring an encrypted file to its original state through the use of a key is decryption.

    PCA155-7 Madhav Subedi

    You might also like