SlideShare uma empresa Scribd logo

Security and Integrity

L
lubna19

Security Violation Levels Authorization Views Encryption Integrity Constraints Triggers

1 de 23
Baixar para ler offline
Security and Integrity
n Security n Violation n Levels n Authorization n Views n Encryption n Integrity n Constraints n Triggers 2
Security and Integrity n Security n Protection of the data against unauthorized disclosure or destruction. n Integrity n Maintaining the accuracy or validity of the data 3
Violation n Malicious n Unauthorized reading of data n Unauthorized modification n Unauthorized destruction n Accidental n Crashes n Concurrent access anomalies n Violation of database consistency constraints. 4
Security n Database system level n Authentication and authorization mechanisms to allow specific users access only to required data n We concentrate on authorization in the first part of this session n Operating system level n Operating system super-users can do anything they want to the database! Good operating system level security is required. n Network level: must use encryption to prevent n Eavesdropping (unauthorized reading of messages) n Masquerading (pretending to be an authorized user or5 sending messages supposedly from authorized users)
Security (Cont...) n Physical level n Physical access to computers allows destruction of data by intruders; traditional lock-and-key security is needed n Computers must also be protected from floods, fire, etc. n Human level n Users must be screened to ensure that authorized users do not give access to intruders n Users should be trained on password selection and secrecy 6
Authorization Forms of authorization on parts of the database: n Read authorization - allows reading, but not modification of data. n Insert authorization - allows insertion of new data, but not modification of existing data. n Update authorization - allows modification, but not deletion of data. n Delete authorization - allows deletion of data 7
Views n Users can be given permission on views, without being given any permission on the base table used in the view definition n Ability of views to hide data serves both to simplify usage of the system and to enhance security by allowing users access only to data they need for their job n A combination of relational-level security and view- level security can be used to limit a user’s access to precisely the data that user needs. 8
View Example n Suppose a bank clerk needs to know the names of the customers of each branch, but is not authorized to see specific loan information. n Approach: Deny direct access to the loan base table , but grant access to the view cust-loan, which consists only of the names of customers and the branches at which they have a loan. n The cust-loan view is defined in SQL as follows: create view cust-loan as select branchname, customer-name from borrower, loan where borrower.loan-number = loan.loan-number 9
View Example (Cont.) n The clerk is authorized to see the result of the query: select * from cust-loan n When the query processor translates the result into a query on the actual base table in the database, we obtain a query on borrower and loan. n Permission must be checked on the clerk’s query before query processing begins. 10
Permission on Views n Creation of view does not require resources authorization since no real relation is being created n The creator of a view gets only those privileges that provide no additional authorization beyond that he already had. n E.g. if creator of view cust-loan had only read permission on borrower and loan, he gets only read authorization on cust-loan 11
Security Specification in SQL n The grant statement is used to confer authorization grant <privilege list> on <relation name or view name> to <user list> n <user list> is: n a user-id n public, which allows all valid users the privilege granted n A role (more on this later) 12
Delegation of granting privilege n with grant option: allows a user who is granted a privilege to pass the privilege on to other users. n Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant ‘select’ privilege to others U1 can give command Grant select on branch to U2 13
Revoking Authorization n The revoke statement is used to revoke authorization. revoke<privilege list> on <relation name or view name> from <user list> [restrict|cascade] n Revocation of a privilege from a user may cause other users also to lose that privilege; referred to as cascading of the revoke. n We can prevent cascading by specifying restrict: n revoke select on branch from U1, U2, U3 restrict 14
Encryption n Data may be encrypted when database authorization provisions do not offer sufficient protection. n Properties of good encryption technique: n Relatively simple for authorized users to encrypt and decrypt data. n Encryption scheme depends not on the secrecy of the algorithm but on the secrecy of a parameter of the algorithm called the encryption key. n Extremely difficult for an intruder to determine the encryption key. 15
To ensure integrity of database Define n Entity constraints (Primary key constraint) n Domain constraints n Referential integrity n Triggers 16
Entity Constraints n Entity integrity enforcement guarantees that each row in a table is uniquely identified by non-null values contained in its primary key columns. n Integrity constraints guard against accidental damage to the database, by ensuring that authorised changes to the database do not result in the loss of data consistency. n Semantic integrity constraint is concerned with ensuring that the database is correct even though users/programmers try to modify it incorrectly. 17
Domain constraints n Domain constraints are most elementary form of integrity constraints. n They test values inserted in the database n Examples n On insertion of item into order_item table the quantity must be greater that 0. n On update the new salary must be greater than old salary. n On insertion a new employee into EMP table value of Manager must exists as an EMP. 18
Referential Integrity in SQL (Cont…) Example n Create table account (AccountNo char(10) not null, BranchName char(15), balance integer, primary key(AccountNo) foreign key(BranchName) references branch) 19
Trigger n A Trigger is statement that is executed automatically by the system as a side effect of a modification to the database. n To design a trigger mechanism, we must specify the condition under which trigger is to be executed and action to be taken. n Triggers were standardized in SQL-99 20
Trigger Example n Suppose that instead of allowing negative account balances, the bank deal with overdrafts by - setting the account balance to zero. - creating loan in the amount of the overdraft. - giving this loan a loan number identical to the account number of the overdraft account. n The condition for executing the trigger is an update to the account relation that results in negative balance value. 21
Triggering Events and Actions in SQL n Triggering event can be insert, delete or update n Triggers on update can be restricted to specific attributes n E.g. create trigger overdraft-trigger after update of balance on account n Triggers can be activated before an event, which can serve as extra constraints. E.g. convert blanks to null. create trigger setnull-trigger before update on r referencing new row as nrow for each row when nrow.phone-number = ' ' set nrow.phone- number =null 22
Trigger example in SQL create trigger overdraft-trigger after update on account referencing new row as nrow for each row when nrow.balance < 0 begin atomic insert into borrower (select customer-name, account-number from depositor where nrow.account-number = depositor.account- number); insert into loan values (n.row.account-number, nrow.branch-name,– nrow.balance); update account set balance = 0 where account.account-number = nrow.account-number end 23

Recomendados

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
IIS
IISIIS
IISGiritharan V
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipherVaibhav Khanna
 
Codd's rules
Codd's rulesCodd's rules
Codd's rulesMohd Arif
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
DBMS Keys
DBMS KeysDBMS Keys
DBMS KeysTarun Maheshwari
 

Recomendados

Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
IIS
IISIIS
IISGiritharan V
 
Information and network security 13 playfair cipher
Information and network security 13 playfair cipherInformation and network security 13 playfair cipher
Information and network security 13 playfair cipherVaibhav Khanna
 
Codd's rules
Codd's rulesCodd's rules
Codd's rulesMohd Arif
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
DBMS Keys
DBMS KeysDBMS Keys
DBMS KeysTarun Maheshwari
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directoryanilinvns
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanismsVaibhav Khanna
 
Dbms architecture
Dbms architectureDbms architecture
Dbms architectureShubham Dwivedi
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Slide 5 keys
Slide 5 keysSlide 5 keys
Slide 5 keysVisakh V
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Er model ppt
Er model pptEr model ppt
Er model pptPihu Goel
 
Application Layer
Application Layer Application Layer
Application Layer Dr Shashikant Athawale
 
Allocation of Frames & Thrashing
Allocation of Frames & ThrashingAllocation of Frames & Thrashing
Allocation of Frames & Thrashingarifmollick8578
 
Characteristics of cloud computing
Characteristics of cloud computingCharacteristics of cloud computing
Characteristics of cloud computingGOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoTony Nguyen
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Encryption ppt
Encryption pptEncryption ppt
Encryption pptAnil Neupane
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 
6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMSkoolkampus
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 

Mais conteúdo relacionado

Mais procurados

Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directoryanilinvns
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanismsVaibhav Khanna
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation harshit chavda
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptographyG Prachi
 
Slide 5 keys
Slide 5 keysSlide 5 keys
Slide 5 keysVisakh V
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithmRuchi Maurya
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Er model ppt
Er model pptEr model ppt
Er model pptPihu Goel
 
Allocation of Frames & Thrashing
Allocation of Frames & ThrashingAllocation of Frames & Thrashing
Allocation of Frames & Thrashingarifmollick8578
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And AuthenticationSudeb Das
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systemsvampugani
 

Mais procurados (20)

Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanisms
 
Dbms architecture
Dbms architectureDbms architecture
Dbms architecture
 
Block cipher modes of operation
Block cipher modes of operation Block cipher modes of operation
Block cipher modes of operation
 
Elementary cryptography
Elementary cryptographyElementary cryptography
Elementary cryptography
 
Slide 5 keys
Slide 5 keysSlide 5 keys
Slide 5 keys
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
SHA- Secure hashing algorithm
SHA- Secure hashing algorithmSHA- Secure hashing algorithm
SHA- Secure hashing algorithm
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Er model ppt
Er model pptEr model ppt
Er model ppt
 
Application Layer
Application Layer Application Layer
Application Layer
 
Allocation of Frames & Thrashing
Allocation of Frames & ThrashingAllocation of Frames & Thrashing
Allocation of Frames & Thrashing
 
Characteristics of cloud computing
Characteristics of cloud computingCharacteristics of cloud computing
Characteristics of cloud computing
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
 
Database Security And Authentication
Database Security And AuthenticationDatabase Security And Authentication
Database Security And Authentication
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Protection and Security in Operating Systems
Protection and Security in Operating SystemsProtection and Security in Operating Systems
Protection and Security in Operating Systems
 

Destaque

6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMSkoolkampus
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of DataAdeel Riaz
 
Integrity slideshow
Integrity slideshowIntegrity slideshow
Integrity slideshowrjensen
 
Personal Integrity
Personal IntegrityPersonal Integrity
Personal Integritydheva B
 
System Design and Analysis 1
System Design and Analysis 1System Design and Analysis 1
System Design and Analysis 1Boeun Tim
 
Software Testing and Agility
Software Testing and Agility Software Testing and Agility
Software Testing and Agility Zaid Shabbir
 
Programming & The Web & Programming the Web
Programming & The Web & Programming the WebProgramming & The Web & Programming the Web
Programming & The Web & Programming the WebVesa Vänskä
 
6 integrity and security
6 integrity and security6 integrity and security
6 integrity and securityDilip G R
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational modelSlideshare
 
Learn Normalization in simple language
Learn Normalization in simple languageLearn Normalization in simple language
Learn Normalization in simple languageFirstWire Apps
 
Active Server Page(ASP)
Active Server Page(ASP)Active Server Page(ASP)
Active Server Page(ASP)Keshab Nath
 

Destaque (20)

6. Integrity and Security in DBMS
6. Integrity and Security in DBMS6. Integrity and Security in DBMS
6. Integrity and Security in DBMS
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and Integrity
 
Security and Integrity of Data
Security and Integrity of DataSecurity and Integrity of Data
Security and Integrity of Data
 
Data integrity
Data integrityData integrity
Data integrity
 
Integrity and security
Integrity and securityIntegrity and security
Integrity and security
 
Integrity slideshow
Integrity slideshowIntegrity slideshow
Integrity slideshow
 
Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.
 
Database security
Database securityDatabase security
Database security
 
Honesty and integrity
Honesty and integrityHonesty and integrity
Honesty and integrity
 
Personal Integrity
Personal IntegrityPersonal Integrity
Personal Integrity
 
System Design and Analysis 1
System Design and Analysis 1System Design and Analysis 1
System Design and Analysis 1
 
Dmbs chapter vi
Dmbs chapter viDmbs chapter vi
Dmbs chapter vi
 
Software Testing and Agility
Software Testing and Agility Software Testing and Agility
Software Testing and Agility
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Programming & The Web & Programming the Web
Programming & The Web & Programming the WebProgramming & The Web & Programming the Web
Programming & The Web & Programming the Web
 
6 integrity and security
6 integrity and security6 integrity and security
6 integrity and security
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational model
 
Learn Normalization in simple language
Learn Normalization in simple languageLearn Normalization in simple language
Learn Normalization in simple language
 
Active Server Page(ASP)
Active Server Page(ASP)Active Server Page(ASP)
Active Server Page(ASP)
 
Data integrity
Data integrityData integrity
Data integrity
 

Semelhante a Security and Integrity

Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptxRoshni814224
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupBecoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupAndy Maleh
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfabrehamcheru14
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacyMd. Ahasan Hasib
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.Lihi Idan
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Adapting singlet login in distributed systems
Adapting singlet login in distributed systemsAdapting singlet login in distributed systems
Adapting singlet login in distributed systemseSAT Publishing House
 
Data mining final report
Data mining final reportData mining final report
Data mining final reportKedar Kumar
 
The Importance of Testnets in Developing InitVerse dApps.pdf
The Importance of Testnets in Developing InitVerse dApps.pdfThe Importance of Testnets in Developing InitVerse dApps.pdf
The Importance of Testnets in Developing InitVerse dApps.pdfInitVerse Blockchain
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and AuthorizationMegha yadav
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrityPooja Dixit
 
Adapting singlet login in distributed systems
Adapting singlet login in distributed systemsAdapting singlet login in distributed systems
Adapting singlet login in distributed systemseSAT Journals
 

Semelhante a Security and Integrity (20)

Database Management System Security.pptx
Database Management System Security.pptxDatabase Management System Security.pptx
Database Management System Security.pptx
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
 
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupBecoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdf
 
Database security and privacy
Database security and privacyDatabase security and privacy
Database security and privacy
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure web
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Unit 4
Unit 4Unit 4
Unit 4
 
Adapting singlet login in distributed systems
Adapting singlet login in distributed systemsAdapting singlet login in distributed systems
Adapting singlet login in distributed systems
 
Data mining final report
Data mining final reportData mining final report
Data mining final report
 
The Importance of Testnets in Developing InitVerse dApps.pdf
The Importance of Testnets in Developing InitVerse dApps.pdfThe Importance of Testnets in Developing InitVerse dApps.pdf
The Importance of Testnets in Developing InitVerse dApps.pdf
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Distributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data ControlDistributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data Control
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Command reference nos-v3_5
Command reference nos-v3_5Command reference nos-v3_5
Command reference nos-v3_5
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation
 
Adapting singlet login in distributed systems
Adapting singlet login in distributed systemsAdapting singlet login in distributed systems
Adapting singlet login in distributed systems
 

Mais de lubna19

Concurrency Conrol
Concurrency ConrolConcurrency Conrol
Concurrency Conrollubna19
 
Programming in Oracle with PL/SQL
Programming in Oracle with PL/SQLProgramming in Oracle with PL/SQL
Programming in Oracle with PL/SQLlubna19
 
Normalization and Codd's Rule
Normalization and Codd's Rule Normalization and Codd's Rule
Normalization and Codd's Rule lubna19
 
ER Modelling
ER ModellingER Modelling
ER Modellinglubna19
 
Introduction to database
Introduction to databaseIntroduction to database
Introduction to databaselubna19
 

Mais de lubna19 (6)

Concurrency Conrol
Concurrency ConrolConcurrency Conrol
Concurrency Conrol
 
9
99
9
 
Programming in Oracle with PL/SQL
Programming in Oracle with PL/SQLProgramming in Oracle with PL/SQL
Programming in Oracle with PL/SQL
 
Normalization and Codd's Rule
Normalization and Codd's Rule Normalization and Codd's Rule
Normalization and Codd's Rule
 
ER Modelling
ER ModellingER Modelling
ER Modelling
 
Introduction to database
Introduction to databaseIntroduction to database
Introduction to database
 

Security and Integrity

  • 2. n Security n Violation n Levels n Authorization n Views n Encryption n Integrity n Constraints n Triggers 2
  • 3. Security and Integrity n Security n Protection of the data against unauthorized disclosure or destruction. n Integrity n Maintaining the accuracy or validity of the data 3
  • 4. Violation n Malicious n Unauthorized reading of data n Unauthorized modification n Unauthorized destruction n Accidental n Crashes n Concurrent access anomalies n Violation of database consistency constraints. 4
  • 5. Security n Database system level n Authentication and authorization mechanisms to allow specific users access only to required data n We concentrate on authorization in the first part of this session n Operating system level n Operating system super-users can do anything they want to the database! Good operating system level security is required. n Network level: must use encryption to prevent n Eavesdropping (unauthorized reading of messages) n Masquerading (pretending to be an authorized user or5 sending messages supposedly from authorized users)
  • 6. Security (Cont...) n Physical level n Physical access to computers allows destruction of data by intruders; traditional lock-and-key security is needed n Computers must also be protected from floods, fire, etc. n Human level n Users must be screened to ensure that authorized users do not give access to intruders n Users should be trained on password selection and secrecy 6
  • 7. Authorization Forms of authorization on parts of the database: n Read authorization - allows reading, but not modification of data. n Insert authorization - allows insertion of new data, but not modification of existing data. n Update authorization - allows modification, but not deletion of data. n Delete authorization - allows deletion of data 7
  • 8. Views n Users can be given permission on views, without being given any permission on the base table used in the view definition n Ability of views to hide data serves both to simplify usage of the system and to enhance security by allowing users access only to data they need for their job n A combination of relational-level security and view- level security can be used to limit a user’s access to precisely the data that user needs. 8
  • 9. View Example n Suppose a bank clerk needs to know the names of the customers of each branch, but is not authorized to see specific loan information. n Approach: Deny direct access to the loan base table , but grant access to the view cust-loan, which consists only of the names of customers and the branches at which they have a loan. n The cust-loan view is defined in SQL as follows: create view cust-loan as select branchname, customer-name from borrower, loan where borrower.loan-number = loan.loan-number 9
  • 10. View Example (Cont.) n The clerk is authorized to see the result of the query: select * from cust-loan n When the query processor translates the result into a query on the actual base table in the database, we obtain a query on borrower and loan. n Permission must be checked on the clerk’s query before query processing begins. 10
  • 11. Permission on Views n Creation of view does not require resources authorization since no real relation is being created n The creator of a view gets only those privileges that provide no additional authorization beyond that he already had. n E.g. if creator of view cust-loan had only read permission on borrower and loan, he gets only read authorization on cust-loan 11
  • 12. Security Specification in SQL n The grant statement is used to confer authorization grant <privilege list> on <relation name or view name> to <user list> n <user list> is: n a user-id n public, which allows all valid users the privilege granted n A role (more on this later) 12
  • 13. Delegation of granting privilege n with grant option: allows a user who is granted a privilege to pass the privilege on to other users. n Example: grant select on branch to U1 with grant option gives U1 the select privileges on branch and allows U1 to grant ‘select’ privilege to others U1 can give command Grant select on branch to U2 13
  • 14. Revoking Authorization n The revoke statement is used to revoke authorization. revoke<privilege list> on <relation name or view name> from <user list> [restrict|cascade] n Revocation of a privilege from a user may cause other users also to lose that privilege; referred to as cascading of the revoke. n We can prevent cascading by specifying restrict: n revoke select on branch from U1, U2, U3 restrict 14
  • 15. Encryption n Data may be encrypted when database authorization provisions do not offer sufficient protection. n Properties of good encryption technique: n Relatively simple for authorized users to encrypt and decrypt data. n Encryption scheme depends not on the secrecy of the algorithm but on the secrecy of a parameter of the algorithm called the encryption key. n Extremely difficult for an intruder to determine the encryption key. 15
  • 16. To ensure integrity of database Define n Entity constraints (Primary key constraint) n Domain constraints n Referential integrity n Triggers 16
  • 17. Entity Constraints n Entity integrity enforcement guarantees that each row in a table is uniquely identified by non-null values contained in its primary key columns. n Integrity constraints guard against accidental damage to the database, by ensuring that authorised changes to the database do not result in the loss of data consistency. n Semantic integrity constraint is concerned with ensuring that the database is correct even though users/programmers try to modify it incorrectly. 17
  • 18. Domain constraints n Domain constraints are most elementary form of integrity constraints. n They test values inserted in the database n Examples n On insertion of item into order_item table the quantity must be greater that 0. n On update the new salary must be greater than old salary. n On insertion a new employee into EMP table value of Manager must exists as an EMP. 18
  • 19. Referential Integrity in SQL (Cont…) Example n Create table account (AccountNo char(10) not null, BranchName char(15), balance integer, primary key(AccountNo) foreign key(BranchName) references branch) 19
  • 20. Trigger n A Trigger is statement that is executed automatically by the system as a side effect of a modification to the database. n To design a trigger mechanism, we must specify the condition under which trigger is to be executed and action to be taken. n Triggers were standardized in SQL-99 20
  • 21. Trigger Example n Suppose that instead of allowing negative account balances, the bank deal with overdrafts by - setting the account balance to zero. - creating loan in the amount of the overdraft. - giving this loan a loan number identical to the account number of the overdraft account. n The condition for executing the trigger is an update to the account relation that results in negative balance value. 21
  • 22. Triggering Events and Actions in SQL n Triggering event can be insert, delete or update n Triggers on update can be restricted to specific attributes n E.g. create trigger overdraft-trigger after update of balance on account n Triggers can be activated before an event, which can serve as extra constraints. E.g. convert blanks to null. create trigger setnull-trigger before update on r referencing new row as nrow for each row when nrow.phone-number = ' ' set nrow.phone- number =null 22
  • 23. Trigger example in SQL create trigger overdraft-trigger after update on account referencing new row as nrow for each row when nrow.balance < 0 begin atomic insert into borrower (select customer-name, account-number from depositor where nrow.account-number = depositor.account- number); insert into loan values (n.row.account-number, nrow.branch-name,– nrow.balance); update account set balance = 0 where account.account-number = nrow.account-number end 23