Presentation on Database Security Submitted to:Charmi Purohit Prepared By: Kumbhani Minaxi Limbasiya Jignasha Minaxi & Jignasha 1/24 Database Security
Oct 31, 2014
Presentationon
Database Security Submitted to:Charmi Purohit
Prepared By: Kumbhani Minaxi
Limbasiya Jignasha
Minaxi & Jignasha 1/24
Database Security
Index
Definition
Data security Lifecycle
Countermeasures
- Authorization
- Views
- Backup And Recovery
- Integrity
- Encryption
- RAID Technology
Minaxi & Jignasha 2/24
Database Security
What is Database Security?
Database Security is the mechanism that protect the
database against intentional or accidental threats.
Security policy describes the security measures
enforced.
Security mechanisms of the underlying DBMS must
be utilized to enforce the policy.
Minaxi & Jignasha 3/24
Database Security
Requirements
Security curriculum is relatively light in database
systems area
Focus currently on protecting information through
network configuration, systems administration,
application security
Need to specifically consider database system security
issues
Minaxi & Jignasha 4/24
Database Security
Goals
Understand security issues in:
a general database system environment
a specific DBMS (Oracle) environment
Consider database security issues in context of general
security principles and ideas
Consider issues relating to both database storage and
database system communication with other
applications
Minaxi & Jignasha 5/24
Database Security
Main Message
Database system security is more than
securing the database
• Secure database
• Secure DBMS
• Secure applications/application development
• Secure operating system in relation to
database system
• Secure web server in relation to database
system
• Secure network environment in relation to
database systemMinaxi & Jignasha 6/24
Database Security
Purpose
We consider database security in relation to the
following situations:
- Theft and Fraud
- Loss of confidentiality
- Loss of privacy
- Loss of integrity
- Loss of availability
Minaxi & Jignasha 7/24
Database Security
Data Security Lifecycle
Minaxi & Jignasha 8/24
Database Security
Threat
Threat is any intentional or accidental event that may adversely affect the system.
Examples of threats:
- Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
Minaxi & Jignasha 9/24
Database Security
Countermeasures
A Countermeasures is an action that you take on order to weaken the effect of another action, a situation, or to make it harmless.
Because the threat never developed, We didn’t need to take any real countermeasures.
Minaxi & Jignasha 10/24
Database Security
Countermeasures
Computer-Based Controls:
- Authorization
- Authenticating
- Views
- Backup and Recovery
- Integrity
- Encryption
- Privileges,Roles,Grant\Revoke
- RAID Technology
Minaxi & Jignasha 11/24
Database Security
Authorization
The granting of a privilege that enable a user to have
a legitimate access to a system.
They are sometimes referred as access controls.
The process of authorization involves authenticating
the user requesting access to objects.
Minaxi & Jignasha 12/24
Database Security
Authenticating
Means a mechanism that determines whether a user is who he/she claim to be.
A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.
Minaxi & Jignasha 13/24
Database Security
Four Authenticating Users to the Database:
1)Introduction to User Authentication
2)password for Authentication
3)Strong Authentication
4)Proxy Authentication and Authorization
Minaxi & Jignasha 14/24
Database Security
Views
A view is virtual relation that does not actually exit in the database, but is produced upon request by a particular user, at the time of request.
The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users.
The user is not aware of the existence of any attributes or rows that are missing from the view.
Minaxi & Jignasha 15/24
Database Security
Backup and Recovery
DBMS should provide backup facilities to assist with the recovery of a database failure.
backup and recovery refers to the various strategies and procedures involved in protecting your database against data loss and reconstructing the database after any kind of data loss.
Minaxi & Jignasha 16/24
Database Security
Backups can be divided into physical backups and logical backups.
Backup have two distinct purpose:
1)Primary purpose is to recover data After it’s loss, be it by data deletion or corruption.
2)Secondary purpose of backup is to recover data from an earlier time.
Minaxi & Jignasha 17/24
Database Security
Integrity
Data integrity is a fundamental component of
information security.
Maintaining a secure database system by preventing
data from becoming invalid.
Only authorized users should be allowed to modify
data.
Numeric columns should not accept alphabetic data.
For example, students
Minaxi & Jignasha 18/24
Database Security
Encryption
The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key.
It also protects the data transmitted over communication lines.
Plain-Data Encrypted Data
Algorithm and Password
Minaxi & Jignasha 19/24
Database Security
privilege
A privilege allows a user to access some data object in a certain manner (e.g., to read or to modify).
SQL-92 supports access control through GRANT and REVOKE commands.
GRANT command: Give users privileges to base tables and views.
REVOKE command: intended to achieve the reverse, to withdraw the granted privilege from the user.
Minaxi & Jignasha 20/24
Database Security
Grant and Revoke
Black
Brown (owner)
Red
White
GRANT SELECT ON EmployeeTO Red
GRANT SELECT ON EmployeeTO BlackWITH GRANT OPTION
?Brown revokes
grantgiven to Black
?Brown does not want Red to access the Employee relationGRANT UPDATE(Salary) ON
Employee TO White
Minaxi & Jignasha 21/24
Database Security
RAID Technology
Redundant Array of Independent Disks The DBMS is running on must be fault-tolerant,
meaning that the DBMS should continue to operate even if one of the hardware components fails.
One solution is the use of RAID technology. RAID works on having a large disk array comprising
an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.
Minaxi & Jignasha 22/24
Database Security
References
http://www.wikipedia.com
http://www.techonNet.com
http://www.About.com/Databases
Minaxi & Jignasha 23/24
Database Security