1 / 7

CSCI 3140 Module 6 – Database Security

CSCI 3140 Module 6 – Database Security. Theodore Chiasson Dalhousie University. Database Security. Threats to database security include: Theft and fraud Loss of confidentiality Loss of privacy Loss of integrity Loss of availability Computer-based controls to mitigate threats include:

dwalls
Download Presentation

CSCI 3140 Module 6 – Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCI 3140Module 6 – Database Security Theodore Chiasson Dalhousie University

  2. Database Security • Threats to database security include: • Theft and fraud • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability • Computer-based controls to mitigate threats include: • Authorization • Views • Backup and recovery • Integrity • Encryption • RAID technology

  3. Database Security • Authorization • Access control • Involves authentication of subjects requesting access to objects • SQL commands GRANT and REVOKE • select/update/insert/delete • Views (Subschemas) • The dynamic result of one or more relational operations operating on base relations to produce another relation • A virtual relation that does not actually exist in the database but is produced upon request • Used to hide parts of the database from certain users

  4. Database Security • Backup and Recovery • Backup is the process of periodically taking a copy of the database and log file on to offline storage media • Journaling is the process of keeping and maintaining a log file or journal of all changes made to the database to enable recovery in the event of a failure • Journaling allows the database to be recovered after a failure to its last known consistent state using a backup of the database together with the log file • Without a log file, any changes to the database after the most recent backup are lost in the event of a failure • Integrity • Applying integrity constraints prevents the database from entering an inconsistent state during normal operation

  5. Database Security • Encryption • The encoding of data by a special algorithm that renders the data unreadable by any program without the decryption key • Cryptosystem • Encryption key • Encryption algorithm • Decryption key • Decryption algorithm • Symmetric encryption • Same key and algorithm for encryption and decryption • Asymmetric encryption • Different keys for encryption and decryption • Public key cryptography • RAID (Redundant Array of Independent Disks) • Increased performance through data striping • Parity or error-correcting scheme improves reliability

  6. Database Security • Security in Oracle DBMS • Privileges • A right to execute a particular type of SQL statement or to access another user’s objects • Connect to a database • Create a table • Select rows from another user’s tables • System privileges • The right to perform a particular action or to perform an action on any schema object of a particular type • Object privileges • The right to perform a particular action on a specific table, view, sequence, procedure, function or package • ALTER, DELETE, INDEX, INSERT, REFERENCES, SELECT, UPDATE • Roles • Privileges can be granted to a role, and then the role can be granted to a user

  7. Database Security • DBMSs and Web Security • Proxy servers • Improve performance • Filter requests • Firewalls • Prevents unauthorized access to or from a private network • Packet filter • Application gateway • Circuit-level gateway • Proxy server • Message Digest Algorithms and Digital Signatures • Digital Certificates • SSL • SET • Java Security • ActiveX

More Related