This action might not be possible to undo. Are you sure you want to continue?
Muhammad Asghar Khan
Database Security (1/2)
The protection of the database against threats using both technical and administrative controls Database security includes hardware, software, people and data A database security can be consider in the following situations:
• Theft and fraud • Loss of confidentiality (Secrecy) • Loss of privacy Loss of integrity • Loss of availability
Database Security (2/2)
• Any situation or event, whether intentional or unintentional, that will adversely affect a system and consequently an organization • Following are some of the examples of threats
• • • • Unauthorized amendment of data Illegal entry by hacker Data corruption due to power loss or usage Introduction of viruses
Computer Based Controls (1/9)
Computer based security controls can be:
1. 2. 3. 4. 5. 6. 7. Authorization Access controls Views Backup and recovery Integrity Encryption RAID technology
Computer Based Controls (2/9)
• Granting of right or privilege (license) which enables a user/program/object/code etc. to legitimately (legally) have accesses to a system The process of authorization involves authentication Authentication can be defined as a mechanism by which a user/program/object etc. is determined to be the genuine user/program/object etc. that they claim to be Password mechanism is the most popular method for authentication
Computer Based Controls (3/9)
• SQL standard supports DAC through the GRANT and REVOKE commands. • The GRANT command gives privileges to users, and the REVOKE command takes away privileges. • An additional approach is required called Mandatory Access Control (MAC). • The SQL standard does not include support for MAC
Computer Based Controls (4/9)
2. Access control
• • Based on the granting and revoking of privileges. A privilege allows a user to create or access (that is read, write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities. Privileges are granted to users to accomplish the tasks required for their jobs. Most DBMS provide an approach called Discretionary Access Control (DAC).
Computer Based Controls (5/9)
• A view is a dynamic result of one or more relational operations operating on the base relations to produce another relation A view is a virtual relation that doesn’t actually exists in the database, but produced at the time of request View can be used to present only the data which is relevant to a user, and hiding other fields A view can be defended over several tables with user being granted privilege to use it
Computer Based Controls (6/9)
• Process of periodically taking a copy of the database and log file (and possibly programs) to offline storage media.
• Process of keeping and maintaining a log file (or journal) of all changes made to database to enable effective recovery in event of failure.
Computer Based Controls (7/9)
• Prevents data from becoming invalid, and hence giving misleading or incorrect results.
• The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key.
Computer Based Controls (8/9)
7. RAID (Redundant Array of Independent Disks) Technology
• Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fails. Suggests having redundant components that can be seamlessly integrated into the working system whenever there is one or more component failures. The main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans.
Computer Based Controls (9/9)
• Disk drives are the most vulnerable components with the shortest times between failure of any of the hardware components. • One solution is to provide a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance