1 / 16

DDBMS Security

DDBMS Security. - Bakul Gada. Overview. Introduction to Database Security Security Issues in centralized databases Security issues in Distributed Databases. Introduction. Data security Protect data against unauthorized access. Two aspects Data protection. Authorization Control.

kert
Download Presentation

DDBMS Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DDBMS Security - Bakul Gada

  2. Overview Introduction to Database Security Security Issues in centralized databases Security issues in Distributed Databases

  3. Introduction • Data security • Protect data against unauthorized access. • Two aspects • Data protection. • Authorization Control.

  4. Aspects of Data security • Data Protection • Can be achieved using data encryption techniques. • Authorization Control • It ensures that only authorized users perform, operations that they are allowed to perform on the database. Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

  5. Authorization Control • It includes two main issues • Access control • Unauthorized Access to data should not be allowed. • Integrity • Only authorized users should be allowed to modify data in the database.

  6. Centralized Authorization Control • Allowing a user to do a particular operation on the subsets of database. • In RDBMS these subsets can be defined using Views. • Views allow limited access to database

  7. Methods of Authorization Control • Discretionary Access Control • Based on privileges or access rights • Mandatory Access control • Based on policies that can’t be changed by individual users Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

  8. Discretionary Access Control • This can be implemented at two levels • Account Level • Set privileges for each account on different relations • Relation Level • Set privileges to access each individual relation or view Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

  9. GRANT and REVOKE commands • SQL supports discretionary access control through grant and revoke commands. • Syntax for GRANT and REVOKE commands • GRANT < operation type(s)> ON <object> TO <user(s)> • REVOKE < operation type(s)> ON <object> TO <user(s)> Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

  10. Mandatory Access Control • Users classified based on security classes • Top Secret (TS) • Secret (S) • Confidential (C) • Unclassified (U)

  11. Bell –LaPadula Model • Most Popular Model for multilevel security. • Two restrictions are enforced on data access based on subject/object classification. • A subject S is not allowed to read an object O unless class(S)  class(O) • A subject S is not allowed to write an object O unless class(S)  class(O) Reference: Bell D.E and LaPadula L.J., "Secure Computer Systems: Unified Exposition and Multics Interpretation", THE MITRE Corporation, July 1975.

  12. Authorization Control in Distributed Environment. • More Complex. • Remote User Authentication • Management of distributed authorization rules • Handling of Views and User Groups Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

  13. Solution • Information for authenticating users is replicated at all sites. • All sites of the DDBMS identify & authenticate themselves similarly to the way users do.

  14. Integrity • How to guarantee database consistency ? • A database is said to be consistent if it satisfies the set of integrity constraints. • Concurrency control techniques • Locking Technique • Timestamp Ordering • Multiversion Concurrency Control • Validation Concurrency Control Ref: Fundamentals of Database Systems - Elmasri & Navathe (3rd ed)

  15. Integrity in Distributed Databases • Concurrency Control techniques need to be employed in Distributed databases. • Two general classes • Pessimistic Concurrency Control • Optimistic Concurrency Control

  16. Summary Security issues in Distributed Databases are more complex as compared to Centralized Databases. But they can be taken care of through careful study. • Future Right now, RDBMS is a better choice for distributed applications. OODBMSs are much more difficult to implement in a distributed environment. Steps are being taken to do the same.

More Related