Ch.

8 DATABASE SECURITY AND INTEGRITY

 Security and Integrity violation:
 Now a day’s importance of database system is increased. It is widely used for commercial data
processing application. So it is necessary to secure such database from an unauthorized access or
manipulation.
 There are two types of misuse at database ,they are categorized as follows:

A. Accidental loss of database.

B. Intentional data loss.

A. Accidental loss of database :

Accidental loss of database consistency may result from:
1) Crashes during transaction processing.
2) Anomalies caused by concurrency access to database
3) Anomalies caused by the distribution of data over several computers.
4) Logical errors.

It is easier to protect than Intentional data loss concurrency control protocol, recovery system works
to avoid this type of data loss.

B. Malicious access / Intentional data loss occur in following case:

 Unauthorized reading of data (theft).
 Unauthorized modification of data.
 Unauthorized destruction of data

 100% Protection from malicious access is not possible.

 Security is refer to both security and integrity where security means to protect from malicious
access, whereas integrity refers to the avoidance of accidental loss of consistency.
 To protect the database, we must take security measures at below level.
 Physical: - The site containing computer must be physically secured. We consider
implementing this
o Guard protection
o Log entry
o Considering different encryption.
 Human: User must be authorized before accessing security problem related to human.
1. Unskilled person.
2. employee exchange information for a bride
3. Dissatisfied with organization.
 Operating system: Weakness in operating system security may cause as a means of
unauthorized access to database.
 Network: All database system allow remote access , so while data transferring over network
different security problem arises such as active wire tapping .So implement encrypted while
transferring packet on n/w.
 Database system: Database system users may be authorized to access only a limited portion of
database .Some users issue SELECT queries but does not issue modify/update queries on database.

 Definition of important terms:

 Database security: It is used to provide the protection to database from modification or
destruction.
 Database integrity: It is used to provide the protection to database from accidental loss of
consistency against unauthorized users.
 Authorization: It is set of rules that can determine which user has what type access to
which portion of database.

 Authentication:
 It is the process which provides the access over the secured database to the authorized
users only.
Authentication is used to verifying the identity of a person of software connecting to database.
e.g.: Student authenticates them by showing id-card.
  Before making any request to the system the user has to identify himself to the system and
authenticate his identification.
Simplest and most common scheme used password system.
 Password authentication: -
 User enters name and no. and authenticates himself by password.
It is very simple to implement but having some drawbacks i.e. passwords are not secured. The
solution to this drawback is store password in an encrypted form.
 Digital signature is used to authenticate the user’s data process is same as physical signature
on documents.
 Authentication can be categorized in 3 ways.
1. By knowing any key or string (password).
2. By knowing anything (card, Smart card).
3. By knowing Biological characteristics of user (finger prints, iris recognization, and voice
recognization).

 Authorization :
 Set of rules that can be used to determine which user has what type of access to which portion of
database.
It is maintained in the form of table called access matrix.
 Rows in matrix called as subject and column in matrix called as object.

 Objects: An object in access matrix needs protection against an unauthorized user.(e.g. .file ,folder,
printer etc)
In database system object is a unit of data item that need to be protected (data item granularity is
different depending or requirement)

Student Branch
Student READ READ
Staff WRITE WRITE
HOD WRITE

2) Subject: Subject operates on object.

E.g. A user of database who have some rights on a data item.

3) Access type: User will get the access to database for data manipulation and control operation
performed on database such as add, drop, and alter.

o Types of Authorization :
 Read authorization: Allows reading, but not modification of data.
 Insert authorization: Allows insertion of new data but not modification of existing data.
 Update authorization: Allows modification, but not deletion data.
 Deletion authorization: Allows deletion of data user may be assigned all, none or a
combination of this type of authorization related to data. A user may be granted access to modify
the database scheme.
 1) Index Authorization: It allows creation and deletion of indices.
2) Resource Authorization: Allows creation of new relation.
3) Alteration Authorization: Allow addition or deletion of attribute in a relation.
4) Drop Authorization: Allow deletion of relation .It is different from Delete. In this if relation
dropped data &relation no longer exists, but in delete, tuples only deleted.

 Granting of privileges :
 A user who has granted some form of authorization may be allowed to pass on this authorization
to other user.
 Authorization can be revoked or cancelled
E.g. passing of authorization form one user to another can be represented by authorization graph.
Nodes of this graph are users and edges Ui-Uj indicates, user Ui grants the update authorization on to
Uj .The root of the graph is DBA following fig. shows authorization graph.

U1 U4

DBA U2 U5

U3

 A user has an authorization if and only if there is path from the root of authorization graph down
to the node representing user.
 If authorization of Ui has revoked then Un authorization should be revoked because Un has
been granted by Ui.

 Views:
It is logically represents subset of data from one or more table’s .A view contain no data of its own,
but is like a window through which data from table can be viewed or changed.

 The tables on which views are based are called ‘Base Table’.
 View is stored as select statement in data dictionary.’

 Advantages:
1) Restrict access of data.
2) Views can be used to make simple queries to retrieve result of complicated queries.
3) To provide data independence.
4) To provide different views of same data.

 Types of views
1. simple view
2. Complex view.

 Creating a view :
CREATE VIEW empview1
Embed a sub query within as

SELECT emp_no, name, Sal

FROM emp
WHERE deptno=80;

 Describe structure of view by using

DESCRIBE empview;