Scribd Logo
Upload

Welcome to Scribd!

  • Chap-2-Database Security and Authorization

    Uploaded by

    teshu wodesa
    33 views38 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    33 views38 pages

    Chap-2-Database Security and Authorization

    Uploaded by

    teshu wodesa

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    … Recap

    •Query processing and optimization


    • Procedures in query processing

    •Translating SQL queries into relational algebra


    • Why we translate SQL queries into RA expression?
    CHAPTER TWO

    DATABASE SECORITY AND AUTHORIZATION

    2.1 Introduction to Database Security

    by
    Nibretu K
    Session Plan
    •Topic/Title: Database security and authorization
    •Session objectives: At the end of this session, students will be
    able to:
    • Define database security and authorization
    • Understand about access control mechanisms
    • Discretionary Access Control
    • Mandatory Access Control
    • Role-Based Access Control
    • Encryption/Decryption
    • Identify issues related to database Security
    •Teaching method: Gap Lecture, Question & answer, and
    Brainstorming.
    •Assessment method: Oral Question, class activity
    Outline
    •Database security and authorization
    •Access control mechanisms
    • Discretionary Access Control
    • Mandatory Access Control
    • Role-Based Access Control
    • Encryption/Decryption
    •Major issues related to database Security

    What is database security?

     In today's society, some information is extremely


    important as to have to be protected.

     For example:
     Disclosure or modification of military information
    could cause danger to national security.

     A good database security management system has to


    handle the possible database threats.

    Definition:
     Database security refers to the range of tools, controls
    mechanisms, and measures (policy) designed to establish
    and preserve database confidentiality, integrity, and
    availability.

     Security measures must be taken at several


    levels.

     The collective measures used to protect and secure
    our database and database systems against any
    (intentional or accidental) threats.
     Threat  any intentional or accidental event that may
    adversely affect the system.
     Example:
    o Unauthorized copy of data,
    o Program data alteration,
    o Illegal entry by hackers,,,etc

    Three main objectives
    Secrecy (confidentiality)

    Integrity

    Availability

    Secrecy
    Information should not be disclosed to unauthorized
    users.

    For example, a student should not be allowed to


    examine other students’ grades.

    Integrity
    Only authorized users should be allowed to modify
    data.

    For example, students may be allowed to see their


    grades, yet not allowed to modify them.

    Availability
    Information/data (or DB) should be available for users who

    have a legal right/privilege.

     Data/information should be available whenever needed.

     Authorized users should not be denied access.

    For example, an instructor who wishes to change a grade

    should be allowed to do so.


    DB authentication & authorization
     Authentication is the process of checking whether the user is
    the one with the privilege for the access level.

     Database users have different access levels and


    permission for different data objects.
     So, the system will check whether the user with a
    specific username and password is trying to use the
    resource.

    Who are you? Prove it?



    Authorization/Privilege

    The process that determines the mode in which a


    particular (previously authenticated) client is allowed to
    access a specific resource controlled by a server.

     What types of privileges / permissions are given for a user


    to access objects / resources?
     What are you allowed to do?

     Any database access request will have the following three


    major components.
     Requested Operation (Access privilege):
    What kind of operation is requested by a specific query?
     Requested Object (resources or object ) :
    On which resource or data of the database is the operation
    sought to be applied?
     Requesting User (Subject):
    Who is the user requesting the operation on the specified
    object?

    Forms of user authorization


     There are different forms of user authorization on the resource of
    the database. These includes :
     Read authorization: the user with this privilege is allowed only
    to read the content of the data object.
     Insert authorization: the user with this privilege is allowed only
    to insert new records or items to the data object.

     Update authorization: users with this privilege are allowed to
    modify content of attributes but are not authorized to delete the
    records.
     Delete authorization: users with this privilege are only allowed
    to delete a record and not anything else.

     Note: Different users, depending on the power of the user, can


    have one or the combination of the above forms of authorization
    on different data objects.
    Database Security and the DBA

     The database administrator is the central authority for


    managing a database system.
     The DBA’s responsibilities include:
     Account creation.
     Granting privileges to users who need to use the
    system.
     Privilege revocation.
     Classifying users and data in accordance with the
    policy of the organization.
    2. Access Control
    A security mechanism for restricting access to a

    system’s objects or resources from unauthorized use.


    A way to control the data that is addressable to a given

    user.
    Protects against a wide variety of threats.
    Unauthorized access
    Unapproved modification of data
    Lack of data confidentiality

    Basic elements of Access control
     Subject:
    An entity capable of access resources.
    It is often a software process.
    Eg: owner, group, role,,etc
     Object:
    Resources to which access is controlled.
    Eg: files, records, blocks, programs,,,etc.
     Access right:
    Describe ways in which a subject may access an object.
    Eg: read, write, update, delete…etc

    Two types of AC:
    Discretionary AC
    Mandatory AC
    Discretionary Access Control
    Based on the concept of privileges, and mechanisms for
    giving users such privileges.

    It can be ensured by using data control languages.


    GRANT and REVOKE commands.

    Recall
    What are the three types of database languages?
    Privilege
    A permission given by a DBA.
    It provides right to execute a particular types of SQL
    statement.

    It allows a user to access some data object in a certain


    manner (e.g., to read or to modify).

    SQL supports discretionary access control through


    GRANT and REVOKE commands.

    Grant : 
    SQL Grant command is specifically used to provide
    privileges (permissions, rights, access) to database objects
     for a user.

    Syntax: 
    GRANT privilege_name
    ON object_name
    TO {user_name | public | role_name}

    Example 1:
    Suppose that the DBA creates four accounts:A1, A2, A3,
    A4 and wants only A1 to be able to create relations. Then
    the DBA must issue the following GRANT command in
    SQL.

    GRANT CREATE TABLE


    TO A1;

    Example 2:
    Suppose that A1 creates the two base relations
    EMPLOYEE and DEPARTMENT.
     A1 is then owner of these two relations and hence A1
    has all the relation privileges on each of them.
    Suppose that A1 wants to grant A2 the privilege to insert
    and delete rows in both of these relations, but A1 does not
    want A2 to be able to propagate these privileges to
    additional accounts:

    GRANT INSERT, DELETE


    ON EMPLOYEE, DEPARTMENT
    TO A2;

    Note: this command also allows users to grant
    permissions to other users too, called grant propagation.
    Example 3:
     Suppose that A1 wants to allow A3 to retrieve
    information from either of the table (Department or
    Employee) and also to be able to propagate the SELECT
    privilege to other accounts.
     A1 can issue the command:

    GRANT select
    ON EMPLOYEE, DEPARTMENT
    TO A3 with grant option;

     A3 can grant the SELECT privilege on the EMPLOYEE
    relation to A4 by issuing:
    GRANT SELECT
    ON EMPLOYEE
    TO A4;

     Note: A4 can’t propagate the SELECT privilege because


    GRANT OPTION was not given to A4.

    Example 4:
     Suppose that A1 decides to revoke the SELECT
    privilege on the EMPLOYEE relation from A3; A1 can
    issue:
    REVOKE SELECT
    ON EMPLOYEE
    FROM A3;

     Note: The DBMS must now automatically revoke the


    SELECT privilege on EMPLOYEE from A4, too,
    because A3 granted that privilege to A4 and A3 does not
    have the privilege any more.

    Example 5:
    Suppose that A1 wants to give back to A3 a limited
    capability to SELECT from the EMPLOYEE relation
    and wants to allow A3 to be able to propagate the
    privilege.

    The limitation is to retrieve only the E_NAME,


    E_AGE, and E_ADDRESS attributes and only for the
    tuples with E_DNO = 5.

    A1 then create the view:


    CREATE VIEW A3EMPLOYEE AS
    SELECT E_NAME, E_AGE, E_ADDRESS
    FROM EMPLOYEE
    WHERE E_DNO = 5;

    After the view is created, A1 can grant SELECT on the


    view A3EMPLOYEE to A3 as follows:

    GRANT SELECT
    ON A3EMPLOYEE
    TO A3 WITH GRANT OPTION;

    Example 6:
    Finally, suppose that A1 wants to allow A4 to update
    only the E_SALARY attribute of EMPLOYEE;

    A1 can issue:


    GRANT UPDATE
    ON EMPLOYEE (E_SALARY)
    TO A4;

    Revoke : 
    Revoke user privileges on database objects if any
    granted.

    Is a complementary command to GRANT, that allows


    the withdrawal of granted privileges.

    When a privilege is revoked from a particular user U, then the


    privileges granted to all other users by user U will be revoked. 

    Syntax: 

    REVOKE privilege_name
    ON object_name
    FROM {user_name | public | role_name}

     Example:
     REVOKE SELECT
     ON EMPLOYEE
     FROM A4

     Note: This revoke command will withdraw a SELECT


    privilege which was Granted for user A4 on Employee
    relation.
    Mandatory Access Control

    Applied based on security classes and clearance levels.


    It is based on system wide policies that cannot be
    changed by individual users.

    All-or-Nothing method:
    A user either has or does not have a certain
    privilege.

    It classifies data and users based on security classes.
    Typical security classes are:
    Top
    secret (TS)
    Secret (S)
    Confidential (C) and
    Unclassified (U)
    Where TS is the highest level and U the lowest:
    TS ≥ S ≥ C ≥ U.

    Each database object is assigned a security class;
    Each user is assigned clearance for a security class,
    and rules are imposed on reading and writing of
    database objects by users.

    SQL does not include any support for mandatory


    access control.

    I Thank You !!!


    &
    Any Question
    ??

    You might also like