By Oscar Suciadi
CS 157B
Prof. Sin-Min Lee
Definition
Database Security is
the mechanism that protect the database against
intentional or accidental threats.
Is if
We consider database security in relation to the
following situations:
- Theft and Fraud
- Loss of confidentiality
Introduction
Loss of privacy
Loss of integrity
Loss of availability
Threat is
any intentional or accidental event that
may adversely affect the system.
Introduction
Examples of threats:
(Cont)
- Using another person’s log-in name to
access data
- Unauthorized copying data
- Program/Data alteration
- Illegal entry by hacker
- Viruses
- Etc.
Countermeasures
Computer-Based Controls:
- Authorization
- Views
- Backup and Recovery
- Integrity
- Encryption
- RAID Technology
Authorization
The granting of a privilege that enable a user to have a
legitimate access to a system.
PAT IN
They are sometimes referred as access controls.
3 as
The process of authorization involves authenticating the
user requesting access to objects.
Authenticating
Means a mechanism that determines whether a user is
who he/she claim to be.
A system administrator is responsible for allowing users
to have access to the system by creating individual user
accounts.
Closed V.s Open Systems
Closed Systems
Some DBMS required authorization for authorized
DBMS users to access specific objects.
Open Systems
Allow users to have complete access to all objects
within the database.
A DBMS may permit both individual user identifiers and
group identifiers to be created.
Certain privileges may be associated with specific
identifiers, which indicate what kind of privilege is
allowed with certain database objects.
Each privileges has a binary value associated with it. The
binary values are summed and the total value indicates
what privileges are allowed for a specific user or group
with a particular object.
User & Group Identifier
User Type Group Member
Identifier Identifier
SG37 User Sales SG37
SG14 User Sales SG14
SG5 User
Sales Group
th SEL
Access Control Matrix
User Property# Type Price Owner# Staff# Branch# Query
Identifier Row
Limit
Sales 0001 0001 0001 0000 0000 0000 15
SG37 0101 0101 0111 0101 0111 0000 100
SG5 1111 1111 1111 1111 1111 1111 none
SELECT UPDATE INSERT DELETE ALL
0001 0010 0100 1000 1111
xx
Views
Is the dynamic result of one or more relational
operations operating on the base relations to produce
another relation.
A view is a virtual relation that does not actually exist in
the database, but is produced upon request by a
particular user, at the time of request.
em
Int
Views (Cont)
The view mechanism provides a powerful and flexible
security mechanism by hiding parts of the database
from certain users.
The user is not aware of the existence of any attributes or
rows that are missing from the view.
Backup & Recovery oh Esp Ijf
II I
Is the process of periodically taking a copy of the
database and log file on to offline storage media.
DBMS should provide backup facilities to assist with the
recovery of a database failure.
Integrity and'm
Maintaining a secure database system by preventing
data from becoming invalid.
Encryption
The encoding of data by a special algorithm that renders
the data unreadable by any program without the
decryption key.
Is 15
There will be degradation in performance because of the
time taken to decode it.
It also protects the data transmitted over communication
lines.
RAID and if
Redundant Array of Independent Disks É did I
I 16
The hardware that the DBMS is running on must be
fault-tolerant, meaning that the DBMS should
I
continue to operate even if one of the hardware
components fails.
One solution is the use of RAID technology.
RAID (Cont)
RAID works on having a large disk array comprising an
arrangement of several independent disks that are
organized to improve reliability and at the same time
increase performance.