If you really want to understand what exactly Database Security is all about,this presentation is yours.
You will understand it just by having one look at the slides.
Presentation contains things which are really simple to understand.
Micro-Scholarship, What it is, How can it help me.pdf
Security of the database
1. Security of the Database
A Presentation By_
Pratik Tamgadge
1/14/2014
1
2. Contents
• What is Database Security?
• Issues in Database security
• How to Secure?
–
–
–
–
–
–
Access Control Mechanism
Cryptography
Backup and Recovery
RAID Implementation
Views
Digital Signatures
• Security in Microsoft Access and Oracle DBMS
1/14/2014
2
3. What is Database Security?
• In today’s world, we need everything secured whether it is
your mobile phone , computer , vehicle or almost anything.
• So do your Database.
• As it stores your Personal, Confidential and Critical data.
• If we look at the definition part of Database Security , we may
say, It’s the mechanism that protects the database against
intentional or accidental threats.
1/14/2014
3
4. Issues in Database Security
• Unauthorized access to your Database.
• Managing large amount of data which belongs to
relatively large organization.
• Keeping track of all the authorized Users of the
Database.
• Physical Security.
• Network Security.
1/14/2014
4
5. Now How You’ll Secure it?
Well, these are some basic security measures which you can have to your Databases.
Access Control Mechanism
» As the name “Access Control” itself describes that this mechanism is all about
User’s Access to the Databases.
» In this mechanism, we have three kinds of Access Control.
1. Discretionary Access Control
2. Mandatory Access Control.
3. Role based Access Control.
1/14/2014
5
6. Discretionary Access Control
•
The word “Discretionary” means to act in a way to avoid the Revealing of Confidential
information.
•
In this method , we can GRANT and REVOKE privileges to different Users of the
Database.
Now you will think, what is this?
GRANT? REVOKE? Privileges?
Well, GRANT = “To allow” OR “To give some rights”,
REVOKE = “To cancel the GRANT” i.e. “Not to allow”
and Privileges = Permissions i.e. various commands like CREATE,UPDATE etc.
•
•
GRANT and REVOKE are Database Commands used to operate Database.
We will use these commands like this,
» GRANT [Privileges] ON [Database Objects] TO USER [With GRANT Option];
» REVOKE [Privileges] ON [Database Object] FROM USER;
1/14/2014
6
7. Mandatory Access Control
•
•
•
This method provides Multilevel Security by Classifying data and Users into
different SECURITY LEVELS.
Now in this, Security has its class or level.
Implementation of Mandatory Access Control is in,
– Government of Nations
– Military
– Business Intelligence
•
Mandatory Access Control provides Security for extreme Confidential Information.
•
Security Classes are like,
–
–
–
–
•
•
Top Security (TS)
Secret (S)
Confidential (C)
Unclassified (U)
Note : Intensity of Security is like,
TS > S > C > U
Now you will wonder how security is classified?
Well, it is classified using Bell-LaPadula Model.
1/14/2014
7
8. Role Based Access Control
• Roll based Access Control provides Security according to the
ROLE of the User who is accessing the Database.
• ROLE of the user is created using CREATE command.
• Role gives permissions to only authorized users to access the
data.
• Thus Roles provides security in a smart and simple way.
1/14/2014
8
9. Cryptography
• Cryptography is a way of enclosing the data called Encryption while Sending and
disclosing that data called Decryption while it is received.
• Have a look at this,
1/14/2014
9
10. Cryptography
contd.
• There are two types of Cryptography.
– Symmetric Key Cryptography
• In this , Both sender and receiver have the same key for
Encryption and Decryption.
– Asymmetric Key Cryptography
• In this , Sender uses Public Key for Encryption and
Receiver uses its own Private key for Decryption.
1/14/2014
10
11. Backup and Recovery
• Backup - The process of periodically taking a copy of
the database and log file on to offline storage media.
• Journaling - The process of keeping and maintaining
a log file (or journal) of all changes made to the
database to enable recovery to be undertaken
effectively in the event of a failure.
1/14/2014
11
12. RAID Implementation
RAID i.e. Redundant Array of Inexpensive Disks, is a category of disk drives that employ
two or more drives in combination for fault tolerance and Performance. This Array of
Disks have levels as follows,
•
Level 0: Provides data striping (spreading out blocks of each file across multiple disks) but no
redundancy. This improves performance but does not deliver fault tolerance.
•
Level 1: Provides disk mirroring.
•
Level 2: Error correcting Codes by using Parity Check.
•
Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It
provides good performance and some level of fault tolerance.
•
Level 4: Uses Block level Stripping which keeps Parity block on a separate disk.
•
Level 5: Provides data striping at the byte level and also stripe error correction information.
This results in excellent performance and good fault tolerance.
•
Level 6: P+Q Redundancy Scheme i.e. Stores extra redundant information in case of disk
failures.
1/14/2014
12
13. Views
• A view is the dynamic result of one or more relational
operations operating on the base relations to produce
another relation. A view is a virtual relation that does not
actually exist in the database, but is produced upon request
by a particular user, at the time of request.
• The view mechanism provides a powerful and flexible security
mechanism by hiding parts of the database from certain
users.
1/14/2014
13
14. Message Digest Algorithms
and
Digital Signatures
• Message digest algorithm is the one-way hash function that
produces a fixed-length string (hash) from an arbitrary-sized
message. It’s computationally infeasible that there is another
message with the same digest, the digest does not reveal
anything about the message.
• Digital signature consist of two parts: a string of bits that is
computed from the message and the private key of
organization.
• Digital signature is used to verify that the message comes
from this organization.
1/14/2014
14
15. Security in Microsoft Access and Oracle DBMS
Microsoft Access
• System level security - password.
• User-level security - identification as a member of groups
(Administrators and Users), permissions are granted
(Open/Run, Read, Update, Delete, etc).
Oracle DBMS
• System level security - name, password.
• User-level security is based on a privilege, i.e a right to
execute a particular type of SQL statements or to access
another user’s object.
• System privileges and object privileges.
1/14/2014
15
End of the Presentation