200 likes | 495 Views
DDBMS Security. - Bakul Gada. Overview. Introduction to Database Security Security Issues in centralized databases Security issues in Distributed Databases. Introduction. Data security Protect data against unauthorized access. Two aspects Data protection. Authorization Control.
E N D
DDBMS Security - Bakul Gada
Overview Introduction to Database Security Security Issues in centralized databases Security issues in Distributed Databases
Introduction • Data security • Protect data against unauthorized access. • Two aspects • Data protection. • Authorization Control.
Aspects of Data security • Data Protection • Can be achieved using data encryption techniques. • Authorization Control • It ensures that only authorized users perform, operations that they are allowed to perform on the database. Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Authorization Control • It includes two main issues • Access control • Unauthorized Access to data should not be allowed. • Integrity • Only authorized users should be allowed to modify data in the database.
Centralized Authorization Control • Allowing a user to do a particular operation on the subsets of database. • In RDBMS these subsets can be defined using Views. • Views allow limited access to database
Methods of Authorization Control • Discretionary Access Control • Based on privileges or access rights • Mandatory Access control • Based on policies that can’t be changed by individual users Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)
Discretionary Access Control • This can be implemented at two levels • Account Level • Set privileges for each account on different relations • Relation Level • Set privileges to access each individual relation or view Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)
GRANT and REVOKE commands • SQL supports discretionary access control through grant and revoke commands. • Syntax for GRANT and REVOKE commands • GRANT < operation type(s)> ON <object> TO <user(s)> • REVOKE < operation type(s)> ON <object> TO <user(s)> Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Mandatory Access Control • Users classified based on security classes • Top Secret (TS) • Secret (S) • Confidential (C) • Unclassified (U)
Bell –LaPadula Model • Most Popular Model for multilevel security. • Two restrictions are enforced on data access based on subject/object classification. • A subject S is not allowed to read an object O unless class(S) class(O) • A subject S is not allowed to write an object O unless class(S) class(O) Reference: Bell D.E and LaPadula L.J., "Secure Computer Systems: Unified Exposition and Multics Interpretation", THE MITRE Corporation, July 1975.
Authorization Control in Distributed Environment. • More Complex. • Remote User Authentication • Management of distributed authorization rules • Handling of Views and User Groups Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Solution • Information for authenticating users is replicated at all sites. • All sites of the DDBMS identify & authenticate themselves similarly to the way users do.
Integrity • How to guarantee database consistency ? • A database is said to be consistent if it satisfies the set of integrity constraints. • Concurrency control techniques • Locking Technique • Timestamp Ordering • Multiversion Concurrency Control • Validation Concurrency Control Ref: Fundamentals of Database Systems - Elmasri & Navathe (3rd ed)
Integrity in Distributed Databases • Concurrency Control techniques need to be employed in Distributed databases. • Two general classes • Pessimistic Concurrency Control • Optimistic Concurrency Control
Summary Security issues in Distributed Databases are more complex as compared to Centralized Databases. But they can be taken care of through careful study. • Future Right now, RDBMS is a better choice for distributed applications. OODBMSs are much more difficult to implement in a distributed environment. Steps are being taken to do the same.