Database Security

DATABASE SECURITYByV. Bharath KumarR. Vinu Vishal

DATABASESECURITY

Database Security:Database security is the mechanism that protect the database against intentional or accidental threats.Database securityconcerns the use of a broad range of information security controls to protect databases against compromises of their confidentiality, integrity and availability.

We consider database security in relation to the following situations:

Theft and FraudLoss of confidentialityLoss of privacyLoss of integrityLoss of availability

Threat:

Threat is any intentional or accidental event that may adversely affect the system.

Examples of threats:Using another persons log-in name to access dataUnauthorized copying dataProgram/Data alterationIllegal entry by hackerVirusesData Corruption due to power loss

Computer-Based Controls:

AuthorizationViews Backup and Recovery Integrity Encryption RAID Technology

The granting of a privilege that enable a user to have a legitimate access to a system.

They are sometimes referred as access controls.

The process of authorization involves authenticating the user requesting access to data.

Types of Privileges:

System PrivilegesObject Privileges

System Privileges:These privileges are given by the system administrator to the users for creating tables and views.

Example:CREATE SESSION

Object Privileges:These privileges are given to users by another user for accessing his own tables or any objects.

Example:INSERT

Authenticating means a mechanism that determines whether a user is who he/she claim to be.

A system administrator is responsible for allowing users to have access to the system by creating individual user accounts.

A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation.A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request.The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users.

Backup & Recovery is the process of periodically taking a copy of the database and log file on to offline storage media. DBMS should provide backup facilities to assist with the recovery of a database failure.

Types of Backup:Physical backupLogical backup

Physical backup:The actual physical database files are copied on a magnetic tape or CD.

Logical Backup:In this type, only the data are extracted from database using SQL statements.

Journaling:The process of keeping and maintaining a log file of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure.

Recovery:Database recovery is a process of restoring a database to the correct state in case of any failure.

Data integrity means that data is protected from deletion and corruption.Data integrity is normally achieved by a series of integrity constraints or rules.

Maintaining a secure database system by preventing data from becoming invalid.

The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key.There will be degradation in performance because of the time taken to decode it.It also protects the data transmitted over communication lines.

Plain-dataAlgorithm andpasswordEncrypteddata

RAID is a category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers running the databases.Level 0: Provides data striping.Level 1: Provides disk mirroring.Level 2: Hamming code parity Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It provides good performance and some level of fault tolerance. Level 5: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance.

Raid 5

Microsoft Access:System level security : Password.User-level security : Identification as a member of groups (Administrators and Users), permissions are granted (Open/Run, Read, Update, Delete, etc).Oracle DBMS:System level security : name, password.User-level security is based on a privilege, that is a right to execute a particular type of SQL statements or to access another users object. System privileges and object privileges.

Proxy serversFirewallsMessage Digest Algorithms and Digital SignatureDigital CertificatesSSL and S-HTTP

Proxy servers is a computer that sits between a Web browser and a Web servers.It intercepts all requests for web pages and saves them locally for some time. Proxy server provides improvement in performance and filters requests.

Computer AComputer BProxy-serverInternet

Firewall - is a system that prevents unauthorized access to or from private network. Implemented in software, hardware or both.

Packet filter Application gateway Circuit-level gateway (TCP, UDP protocols) Proxy server

Digital Certificate is an attachment to an electronic message used for security purposes, most commonly to verify that a user sending a message is who he/she claims to be, and provide the receiver with the means to encrypt a reply.

SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely.

S-HTTP is designed to transmit individual messages securely.

Allow Web browsers and servers to authenticate each other.

Permit Web site owners to control access to particular servers, directories, files

Allow sharing of sensitive information (credit card numbers) only between browser and server

Ensure that data exchange between browser and server is reliable