Scribd Logo
Upload

Welcome to Scribd!

  • DBMS Unit-8

    Uploaded by

    Krish Patel
    12 views28 pages

    Original Title

    DBMS_Unit-8

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views28 pages

    DBMS Unit-8

    Uploaded by

    Krish Patel

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    3130703

    Database Management
    Systems

    Unit-8
    Database Security
    Topics to be covered
    • Introduction
    • Authentication and Authorization
    • Data encryption
    • Access control
    • DAC (Discretionary access control)
    • MAC (Mandatory access control)
    • RBAC models
    • Intrusion detection
    • SQL injection
    Unit – 8: Database Security 2
    Data Security

    Unit – 8: Database Security 3


    What is data security?
     Data security is the protection of the data from unauthorized
    users.
     Only the authorized users are allowed to access the data.
     Most of the users are allowed to access a part of database i.e.,
    the data that is related to them or related to their department.

    Unit – 8: Database Security 4


    Security v/s Integrity
    Security Integrity
    Data security deals with protection of data. Data integrity deals with the validity of data.
    Data security is making sure that only the Data integrity is making sure that the data is
    people who should have access to the data correct and not corrupt.
    are the only ones who can access the data.

    Data security avoids from unauthorized Data integrity avoids from human errors,
    access of data. when data is entered.
    Data security is implemented through user Data integrity is implemented through
    account (passwords). constraints such as Primary key, Foreign key,
    Check constraints etc.

    Unit – 8: Database Security 5


    Authentication v/s Authorization
    Authentication Authorization
    It is the process of validating a user on the It is the process of verifying whether access
    credentials (username and password). is allowed or not.
    Logging on to a PC or some website or app Accessing a file (data) from hard disk or
    with username and password is some database is authorization.
    authentication.

    It is the process of verifying who you are. It is the process of verifying  what you are
    authorized to do or not to do.
    It is providing integrity control and security It is protecting the data to ensure privacy
    to the data. and access control of data.

    Unit – 8: Database Security 6


    Audit Trail

    Unit – 8: Database Security 7


    What is audit trail (audit log)?
     An audit trail (audit log) is a record which will be generated for
    each and every transactions.
     It will keep certain information about the transaction.
     An audit trail (audit log) records
    1. Who (user or the application program and a transaction number)
    2. When (date and time)
    3. From Where (location of the user and/or terminal)
    4. What (identification of the data affected, as well as a before-and-after the
    database that was affected by the update operation)

    Unit – 8: Database Security 8


    Data Encryption

    Unit – 8: Database Security 9


    What is data encryption?
    • Encryption is a security
    method in which
    information is encoded in
    such a way that only
    authorized user can read
    (understand) it.
    • It uses encryption
    algorithm to generate
    ciphertext that can only be
    read if decrypted.

    Unit – 8: Database Security 10


    Data encryption method (process)
    Sender Unauthorized Receiver

    Hello Plaintext Plaintext Hello


    Encryption Decryption

    Khoor Ciphertext Ciphertext Khoor

    Should not
    access

    Unit – 8: Database Security 11


    What is data encryption?
     Data encryption is the process of encoding (translating) a
    message or information in such a way that only authorized
    persons can access it and those who are not authorized cannot.
     Encryption is the process of translating plaintext data (plaintext)
    into something that appears to be meaningless (ciphertext).
     Decryption is the process of converting ciphertext back to
    plaintext.

    Unit – 8: Database Security 12


    Types of Encryption
    Symmetric key encryption
    • Encryption and decryption keys are the same.
    • The same key is used by the sender to encrypt the data, and again by the
    receiver to decrypt the data.
    • Symmetric key encryption is fast in execution.
     Asymmetric key encryption
    • Encryption and decryption keys are the different (Public Key and Private
    Key).
    • Messages are encrypted by sender with one key (Public Key) and can be
    decrypted by receiver only by the other key (Private Key). 
    • Asymmetric key encryption is slow in execution due to the high
    computational burden.

    Unit – 8: Database Security 13


    Access Control Methods

    Unit – 8: Database Security 14


    Access control methods of data security

     There are two different methods of data access control:


    1. Discretionary access control
    2. Mandatory access control
    3. Role based access control

    Unit – 8: Database Security 15


    Discretionary access control [DAC]
     DAC is an identity based access control model that provides users
    a certain amount of control over their data.
     Data owners can define access permissions for specific users or
    groups of users
    DAC model works like this:
    • User 1 creates a file and becomes its
    owner or obtains access rights to an
    existing file.
    • User 2 requests access to this file.
    • User 1 grants access at their own
    discretion. However, user 1 can’t grant
    access rights that exceed their own. For
    example, if user 1 can only read a
    document, they can’t allow user 2 to edit
    it.
    Unit – 8: Database Security 16
    Discretionary access control [DAC]
     SQL support discretionary access control through the GRANT and
    REVOKE commands.

     GRANT
    • This command gives rights to user for an object.
    • Syntax:- GRANT privilege ON object TO user [WITH GRANT OPTION]
     REVOKE
    • This command takes back rights from user for an object.
    • Syntax:- REVOKE privilege ON object FROM user {RESTRICT/CASCADE}

     Discretionary access control is quite a popular model because it allows


    a lot of freedom for users and doesn’t cause administrative overhead.

    Unit – 8: Database Security 17


    Mandatory access control
     MAC is considered the most secure access control models. Access
    rules are manually defined by system administrators and strictly
    enforced by the operating system.
     In this method individual user cannot get rights.
     But all the users are classified into different categories.
     Each user is assigned a clearance level
     A user can access object only if he has proper clearance level.
     The DBMS (system) determines whether the given user can read
    or write a given object based on some rules.
     This rule makes sure that sensitive data can never be passed to a
    user without necessary clearance.

    Unit – 8: Database Security 18


    Mandatory access control rules
     A user can access data by following two rules
    1. Security property:-
    • Security property states that an object may not read at a higher security
    level.
    2. Star (*) security property:-
    • Star (*) property states that a an object may not write at a lower security
    level.

    Unit – 8: Database Security 19


    Role based access control (RBAC) rules
     Role-based access control (RBAC) restricts network access based
    on a person's role within an organization.
     Employees are only allowed to access the information necessary
    to effectively perform their job duties.
     Access can be based on several factors, such as higher authority,
    responsibility, and job competency.
     Lower-level employees usually do not have access to sensitive
    data if they do not need it to fulfil their responsibilities.
     Using RBAC will help in securing your company’s sensitive data
    and important applications.

    Unit – 8: Database Security 20


    Intrusion detection

    Unit – 8: Database Security 21


    Intrusion detection
     An Intrusion Detection System (IDS) is a system or software
    application that monitors network traffic and issues alerts
    when such activity is discovered.
     It is a software application that scans a network or a system
    for harmful activity.
     Any malicious activity is normally reported either to an
    administrator or collected centrally using a security
    information and event management (SIEM) system.

    Unit – 8: Database Security 22


    Intrusion detection

    Unit – 8: Database Security 23


    SQL injection

    Unit – 8: Database Security 24


    SQL injection
     SQL injection, also known as SQLI, is a
    common attack vector that uses malicious
    SQL code for backend database
    manipulation to access information that
    was not intended to be displayed.
     This information may include any number
    of items, including sensitive company data,
    user lists or private customer details.
     A successful attack may result in the
    unauthorized viewing of user lists, the
    deletion of entire tables, gaining
    administrative rights to a database, all of
    which are highly detrimental to a business.

    Unit – 8: Database Security 25


    SQL injection

    Unit – 8: Database Security 26


    Questions asked in GTU
    1. Describe GRANT and REVOKE commands with suitable example.
    2. What is difference between authorization and authentication?
    Explain the use of audit trail.
    3. Explain data encryption with its types.
    4. Differentiate discretionary access control and mandatory access
    control.
    5. What is the difference between data security and data integrity?

    Unit – 8: Database Security 27


    Database Management Systems
    (DBMS)
    GTU # 3130703

    Thank
    You

    You might also like