Premium Essay

Database Security

In: Business and Management

Submitted By gendawy
Words 367
Pages 2
Database Security
Dr. Ali El-Bastawissy

Textbooks
Elmasri/Navathe (3rd ed.) Chapter 22 Elmasri/Navathe (2nd ed.) Chapter 20 Connolly, Begg (3rd ed.) Chapter 18 and Chapter 6 (sec. 6.6)

Security & Integrity Security is to ensure that:
Users are allowed to do the things they are trying to do.

Integrity is to ensure that:
Things that users are trying to do are correct

Security & Integrity Similarities
Security To protect data against intruders (unauthorized users) Described using DCL Maintained in systems Catalog Integrity To ensure data accuracy or validity Described using constraints in DDL Maintained in systems Catalog

DBMS must know Who is authorized to do What Example:
Emp(e#, ename, addr, d#, Salary, Assessment) Types of security controls:
Operations Subset of Rows Subset of columns Time interval Terminal Location Statistical Functions Etc.

Identification & Authentication
Identification users have to identify themselves by:
Identity Number/Name Machine Readable Identity Card/Badge ..

Authentication users have to authenticate their identifications;
Password ٍSecret Number Signature Voice Print Finger Print Answers Recognition …

Data Classification Approach
Each data object is assigned a Classification Level:
Top Secret Secret Confidential Unclassified

Each user is assigned a Clearance level Control Rules:
User I can see object j if: Clearance level (i) >= Classification level (j) User I can modify object j if: Clearance level (i) = Classification level (j)

Authorization Matrix
Data Object 1 Select, Update All
User id m

User Id 1

Data object 2 All Null Insert

Run Run, Modif Null

Data object n Delete, Insert Select All

Null

Data Object Profile User Profile

Authorization Matrix
Subject Ed Ed Ed Ed Bill Sally Sally Object Employee Employee Employee Employee Employee PurchaseOrder PurchaseOrder…...

Similar Documents

Free Essay

Security/Database Integrity

...Security Database integrity Database integrity is a central underlying issue in the implementation of database technology. Trust in the Correctness of the data that is held by the database system is a prerequisite for using the data in business, research and decision making applications. Data base Integrity refers to the trustworthiness of system resources over their entire life cycle. [In a database system, a method to ensure data integrity is fundamental to providing database reliability and security. In particular, as data is communicated or distributed over networks, a method to validate information as authentic is required. The value of a database is dependent upon a user’s ability to trust the completeness and soundness of the information contained in the data] Three basic types of database integrity constraints are: • Entity integrity • Domain • Referential integrity Integrity means that the data will be safe and will not be subject to changes wither they were initial or accidental. There are many, many causes that change data over time such as human error, system malfunction ect. Integrity keeps the data intact and in its original form. Disk Storage Systems “Disks can fail when a single bit or few bits will flip. This problem can often be detected and corrected at the hardware level by using error correcting codes in the embedded system of the drive”. It can also happen at the software level. RAID Disk Technology The one way to prevent......

Words: 1160 - Pages: 5

Free Essay

Enhanced Database Security

...CS674 Database Security – Spring 2, 2011 MET Boston University Enhanced Database Security (Research Paper) Submitted by Shahid Sami April 24, 2011 Table of Contents PAPER OVERVIEW 3 DETAILED DESCRIPTION 3 IMPLEMENTATION 3 1. Removing Default Passwords 3 2. Configuring Oracle Binary Permissions 6 3. Use of UMASK 7 4. Limiting SYSDBA login 9 5. Protecting the Listner 10 6. Limiting the privileges 12 PITFALLS AND RECOMMENDATIONS 13 RESOURCES 14 PAPER OVERVIEW I will be researching on the following topics. • Removing Default Passwords • Configuring Oracle Binary Permissions • Use of UMASK • Limiting SYSDBA login • Protecting the Listener • Limiting the privileges DETAILED DESCRIPTION Based on the Oracle 11g database, I will research on the above topics in detail. I will look into the shortcomings of the earlier versions of Oracle, the risks involved in those. I will also look into different types of authentications. How the binaries of the database can be protected. How to protect and secure the listener? IMPLEMENTATION 1. Removing Default Passwords When Oracle software is installed and a new database is created, the database create some common users. These users will have default passwords which are well know to many oracle users and hackers may try using them. So as a......

Words: 2160 - Pages: 9

Premium Essay

Database

...Client/Server is a system. It is not just hardware or software. It is not necessarily a program that comes in a box to be installed onto your computer’s hard drive. Client/Server is a conglomeration of computer equipment, infrastructure, and software programs working together to accomplish computing tasks which enable their users to be more efficient and productive. Client/Server applications can be distinguished by the nature of the service or type of solutions they provide. Client/Server Computing is new technology that yields solutions to many data management problems faced by modern organizations. Client/Server Computing: An Introduction, features objective evaluations and details of Client/Server development tools, used operating system, database management system and its mechanism in respect of Client/Server computing and network components used in order to build effective Client/Server applications. vi Preface Last but not the least, this work is primarily a joint work with a number of fellow teacher who have worked with us. My parents, wife Meera, and our children, Akanksha and Harsh. I am particularly grateful to Dr. A. P. Singh, Principal, Udai Pratap Inter College, Varanasi; Dr. D. S. Yadav, Sr. Lecturer, Department of Computer Science and Engineering, IET, Lucknow; Dr. A. K. Naiyak, Director IIBM, Patna, former President of IT and Computer Science Section of Indian Science Congress Association; Prof. A. K. Agrawal, Professor and Ex-Head of Department,......

Words: 79055 - Pages: 317

Premium Essay

Database

...Introduction $  $  • Purpose of Database Systems • Data Definition Language • Data Manipulation Language • Transaction Management & ' & • Storage Management • Database Administrator • Database Users • Overall System Structure 1.1 Silberschatz, Korth and Sudarshan c 1997 Database Systems Concepts Database Management System (DBMS) • Collection of interrelated data • Set of programs to access the data • DBMS contains information about a particular enterprise • DBMS provides an environment that it both convenient and efficient to use Database Systems Concepts 1.2 Silberschatz, Korth and Sudarshan c 1997 ' & ' & Purpose of Database Systems $  $  Database management systems were developed to handle the following difficulties of typical file-processing systems supported by conventional operating systems. • Data redundancy and inconsistency • Difficulty in accessing data • Data isolation – multiple files and formats • Integrity problems • Atomicity of updates • Concurrent access by multiple users • Security problems Database Systems Concepts 1.3 Silberschatz, Korth and Sudarshan c 1997 View of Data An architecture for a database system view level view 1 view 2 … view n logical level physical level Database Systems Concepts 1.4 Silberschatz, Korth and Sudarshan c 1997 ' & ' & Levels of Abstraction $  $  • Physical level: describes how a record (e.g., customer) is stored. • Logical level: describes data stored in database, and the relationships among......

Words: 1023 - Pages: 5

Premium Essay

Database Security

...* Security in Database System * GROUP 5: * Chandra Muthineni Marat Talantov Bharath Rao Sinan Albayrak * Agenda * Introduction * Threats Of DataBase Security * Classification of Database Security * Process of Creating Database Architecture * Advantages * Conclusion * Q & A * References * Introduction * Database security is a crucial area that a firm should enhance in order to run its day to day activities smoothly. * It is a deliberate effort to protect an organization data against threats such as accidental or intentional loss destruction or misuse. * Threats Of DataBase Security * Loss of availability * Elevated Privileges * Weak Audit Trial * Data corruption, Network flooding and Resource overload * Weak System and Procedures for performing authentication * Intrusion * CLASSIFICATION OF DATABASE SECURITY * Physically security * Logical security * PROCESS OF CREATING DATABASE ARCHITECTURE * Assessment and analysis. * Design and model the system * Deployment * Management and support * ADVANTAGES * Sharing * Privacy * Consistency * Decision Making * Productivity * CONCLUSION * The paper has generally discussed the database security concerns and research into various issues surrounding the sector. * Database security research paper has attempted to explore the issues of threats that may be poised to......

Words: 281 - Pages: 2

Free Essay

Database

...transformation processes. In actual sense, relational database offers a solution to this menace. Data organization, keeping, storage, and retrieval among other essentials can easily be realized by adopting relational data management model. In this kind of model, tables are made use of in such a way that data items are formally described and organized according to their level of relations. The data item contained in a given table represents a relation. I am convinced beyond reasonable doubt that through the use of relational database model, an organization can be able to effectively manage their wide range of information encountered on a daily basis. Relational database model offers a more efficient means of managing data. Some of the huge benefits are discussed as follows. A relational database is a collection of relations or tables. The rows of a table in a relational database are known as tuples and each column of a table is called an attribute. By definition, a relation becomes a set of tuples having the same attributes. Operations, which can be performed on the relations are select, project and join. The join operation combines relations, the select queries are used for data retrieval and the project operation identifies attributes. The information oif the organization can be captured, manipulated, managed, and shared, and the value the database brings to the organization is immense. The advantages of a relational database are that they contribute to sound logical......

Words: 554 - Pages: 3

Premium Essay

Database Security Plan

... CSS330-1404B-01: Database Security Phase 5 IP: Auditing Policies Database Security Project Plan Reginald “Reggie” Lee Colorado Technical University Online Professor Anita Arceneaux  December 22, 2014 Figure 1: (Microsoft.com, 2014) Table of Contents Database Security Architecture 3 Differences between a database and a DBMS 3 Types of database designs 4 Network Infrastructure for Database Security 5 Common Security Threats for Database Servers: 6 Additional Security Mechanisms for Protecting Database Server 9 User Account Security 11 1. New Schema for HR Database 11 2. Corporate Directory & Manager Information Views: 12 3. Created Users: 14 4. Created Roles: 15 5. Implemented the Following Access Control List using SQL: 15 6. Implementation and Utilization of Roles: 16 7. HR Database SQL 16 Database Vulnerabilities 29 Auditing Techniques 47 Example database Trigger 50 Creating and Implementing a Database Audit 50 Access Reports 61 Logon Activity History 63 Complete Audit Trail 65 DML History 67 Auditing Policies 69 SQL Server 2014 Audit Report Generation 78 Database Security Architecture Differences between a database and a DBMS When discussing the database management systems (DBMS) and databases, the lines can become blurred between the two. Many people consider a DBMS and a database to be one in the same. However, nothing could be further from the truth as they are two separate distinct entities that......

Words: 8566 - Pages: 35

Premium Essay

Database Security

...CTU Lance Robinson CSS330-1501A-01 Database Security Individual Project 3 Instructor: Anita Arceneaux 1/26/2015 Table of Contents Database Security Architecture………………………………………………………………………………………………………3-4 User Account Security………………………………………………………………………………………………………………..……5-6 Database Vulnerabilities……………………………………………………………………………………………………………………5 Auditing Techniques………………………………………………………………………………………………………………………….6 Auditing Policies………………………………………………………………………………………………………………………………..7 Week 1 Database Security Architecture In the field of computer information, there is a vast amount of information that is used for operations. This information must be stored somewhere in order to be used in the future, and for programs to use that information to run diagnostics and search the archives for operating instructions. The places that contain this information is called a database. A database is defined as a collection of information that is organized in an easily managed and accessed field. Databases can be classified by their content. The content can be entered in numeric, full-text or in images. This depends on how the database is set up to receive the collected information. One of the most popular database systems is the relational database. This database stores its information so that it can be reorganized and accessed in a lot of different ways. A database can be dispersed or copied at different points in a network. Structured Query Language is a......

Words: 672 - Pages: 3

Premium Essay

Database Security and Hipaa

...Database Security Challenges with Regards to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Paul T. MacDonald University of Maryland University College DBST670 Fall 2013 Professor Jon McKeeby Abstract With the expansion of healthcare administration now further into more levels of federal and state governments, the amount of sensitive patient data has increased incrementally This data is moved from within and without of all stages of the healthcare process. From an office visit to the doctor, to the medications filled at the local pharmacy, to the bills handled by multiple insurance agencies, delicate patient information is being viewed, handled and passed along. The list of individuals who access the confidential information can include office staff, laboratory personnel, nurses, doctors, insurance agents, case managers and many more. The Health/Insurance Portability and Accountability Act of 1996 (HIPAA) was created to safeguard patients’ medical data security and privacy. HIPAA incorporates requirements that allow for a comprehensive review that will show anyone who has looked at confidential medical patient information. HIPAA is structured to provide a complete security access and auditing for Oracle database information. This framework designates data access points such as User Access Control, System Administration, Object Access and Data Changes that should be monitored and controlled. An accurate HIPAA compliant security execution......

Words: 4360 - Pages: 18

Premium Essay

Database Security

...CSS330-1502A-01 Database Security Individual Project Key Assignment Chris Pangburn 27 April, 2015 Table of Contents Week 1: Database Security Architecture 4 Differentiate between a Database Management System and a database 4 Network Infrastructure for the best security posture 4 Additional Security mechanisms to protect the Database Server 6 Week 2: User Account Security 7 Creating Schemas 7 Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7 Creating Views 10 Week 3: Database Vulnerabilities 11 Description of tools used to perform scans 11 Scan Information 11 False Positive Information 12 Discuss SQL injection attack 12 Week 4: Auditing Techniques 14 Security hardened network design 14 Research of auditing features 14 Description of a trigger 14 Implementation of auditing 14 Week 5: Auditing Policies 15 Write SQL 15 Report based on access 15 Report based on system privileged 15 Audit report showing connection details 15 Report showing object access 15 References 16 Week 1: Database Security Architecture Differentiate between a Database Management System and a database Databases at their essence are nothing more than a collection of organized information (Mullins, 2013). A database can contain stored procedures, tables, fields, indexes, functions, views, security, and many other objects. Relationships between the data can be created which brings more meaning to how the data can......

Words: 1807 - Pages: 8

Premium Essay

Role Based Database Security

...London Metropolitan University Faculty of Computing Course Code CCP121N: Security Management Coursework Proposal: Role Based Security System SURNAME: IDUMWONYI FIRST NAME: DEAN STUDENT ID NUMBER: 11039099 Title: Role Based Security System (RBS) for Commercial Database Introduction: In the recent years Role Based Security System has been receiving considerable attention as a promising alternative to traditional discretionary and mandatory access control for the database. Mainly the business organisations are investing in software applications to automate business processes to support employees depending in their roles which means these programs required to able to reflect the roles to play in the organisation (Edward. J.C et al, 1996). In the commercial sectors this RBS is associated with roles, and users which these permissions are made number of appropriate roles, hence requiring the role’s permissions. In this project the user access privileges will allows certain user types of groups to access the particular component of the Commercial Database, therefore the system will greatly simplify the organisation’s system management permissions. For an example if you are an senior manager and a senior architect for a company and now if you have given a role which a technical support engineer, then first of all this new role has to be defined and authorised also have be given. Then the senior architect role will provide you......

Words: 832 - Pages: 4

Premium Essay

Maximum Security in Database Management

...Maximum Security in Database Management Maximum Security in Database Management Rackspace Introduction In the current world there people and organization experience un-eventualities and risk of their confidential information. My organization, Rackspace, is a hosting and cloud system organization. For this company it is vital that information is stored in data bases that are run by organizations, locally hosted on personal computers. Intruders can access this information if it is not properly secured. Therefore the purpose of this study is to inform about the current savvy technologies that can be applied to completely thwart intruders from accessing such delicate information within Rackspace. Part 1: Project Identification and Business Environment For this project to go on in a smooth and effective manner different individuals must carry on certain specified task. For Rackspace, this means that every person must hold on to a responsibility to properly and pursue it to the end. Some of the responsibilities are interdepended and other are depended. In case of an interdependent responsibility there will be a proper communicated channel of events that will ensure that information is traversed from one source to another to smoothen up events. Therefore, the following a list of responsible individuals who will implement the process of securing the database of an organization. Company Chief Executive Officer Responsible for overseeing the success......

Words: 3927 - Pages: 16

Premium Essay

Itrust Database Software Security Assessment

...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the......

Words: 7637 - Pages: 31

Premium Essay

Web Server Security and Database Server Security

...Web Server Security and Database Server Security Databases involve distributed updates and queries, while supporting confidentiality, integrity, availability, and privacy (Goodrich, & Tamassia, 2011). This entails robust access control as well as tools for detection and recovering from errors (2011). When database information is masked, there is still a possibility of an attacker garnishing sensitive data from additional database information that is available, this can be achieved and called an inference attack (2011). For databases, strategies have been designed to mitigate against inference attacks. Cell suppression is a technique used to combat an inference attack, by removing various cells in a database, and are left blank for published versions (2011). The objective is to suppress the critical cells that have relatively important information in them from being obtained in an attack (2011). Another strategy is called Generalization, and this involves replacing published versions of database information with general values (2011). Such as stating a specific date of birth with a range of years, thus a person born in 1990 could be generalized as a range 1985-1992. The critical values are intertwined with the actual values, so they are less discernable in an inference attack (2011). A Noise Addition technique can also be utilized. This requires adding randomized values to real values in a published database (2011). This provides “noise” for all the records of the...

Words: 2494 - Pages: 10

Premium Essay

Database

...IST 792 paper 2 Database security is a growing concern evidenced by an increase in the number of reported incidencets of loss of unauthorized exposure to sensitive data. As the amount of data collected, retained, and shared electronically expands, so does the need to understand database security. (Murray, 2010) Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security,information security and risk management. Security risks to database systems include, for example: * Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations); * Malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial......

Words: 524 - Pages: 3