Security of the Database

A Presentation By_ Pratik Tamgadge

1/16/2014 1

Contents
What is Database Security? Issues in Database security How to Secure?
Access Control Mechanism Cryptography Backup and Recovery RAID Implementation Views Digital Signatures

Security in Microsoft Access and Oracle DBMS

1/16/2014

What is Database Security?

In todays world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. So do your Database. As it stores your Personal, Confidential and Critical data. If we look at the definition part of Database Security , we may say, Its the mechanism that protects the database against intentional or accidental threats.
1/16/2014 3

Issues in Database Security

Unauthorized access to your Database. Managing large amount of data which belongs to relatively large organization.

Keeping track of all the authorized Users of the Database.

Physical Security. Network Security.
1/16/2014 4

Now How Youll Secure it?

Well, these are some basic security measures which you can have to your Databases.

Access Control Mechanism

As the name Access Control itself describes that this mechanism is all about Users Access to the Databases. In this mechanism, we have three kinds of Access Control. 1. Discretionary Access Control 2. Mandatory Access Control. 3. Role based Access Control.

1/16/2014

Discretionary Access Control

The word Discretionary means to act in a way to avoid the Revealing of Confidential information. In this method , we can GRANT and REVOKE privileges to different Users of the Database. Now you will think, what is this? GRANT? REVOKE? Privileges?

Well, GRANT = To allow OR To give some rights, REVOKE = To cancel the GRANT i.e. Not to allow and Privileges = Permissions i.e. various commands like CREATE,UPDATE etc.
GRANT and REVOKE are Database Commands used to operate Database. We will use these commands like this,

GRANT [Privileges] ON [Database Objects] TO USER [With GRANT Option]; REVOKE [Privileges] ON [Database Object] FROM USER;
1/16/2014 6

Mandatory Access Control

This method provides Multilevel Security by Classifying data and Users into different SECURITY LEVELS. Now in this, Security has its class or level. Implementation of Mandatory Access Control is in,
Government of Nations Military Business Intelligence

Mandatory Access Control provides Security for extreme Confidential Information.

Security Classes are like,
Top Security (TS) Secret (S) Confidential (C) Unclassified (U) Note : Intensity of Security is like, TS > S > C > U

Now you will wonder how security is classified? Well, it is classified using Bell-LaPadula Model.
1/16/2014 7

Role Based Access Control

Roll based Access Control provides Security according to the ROLE of the User who is accessing the Database. ROLE of the user is created using CREATE command.

Role gives permissions to only authorized users to access the data. Thus Roles provides security in a smart and simple way.

1/16/2014

Cryptography
Cryptography is a way of enclosing the data called Encryption while Sending and disclosing that data called Decryption while it is received. Have a look at this,

1/16/2014

Cryptography

contd.

There are two types of Cryptography.

Symmetric Key Cryptography
In this , Both sender and receiver have the same key for Encryption and Decryption.

Asymmetric Key Cryptography

In this , Sender uses Public Key for Encryption and Receiver uses its own Private key for Decryption.
1/16/2014 10

Backup and Recovery

Backup - The process of periodically taking a copy of the database and log file on to offline storage media. Journaling - The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure.

1/16/2014

11

RAID Implementation
RAID i.e. Redundant Array of Inexpensive Disks, is a category of disk drives that employ two or more drives in combination for fault tolerance and Performance. This Array of Disks have levels as follows,
Level 0: Provides data striping (spreading out blocks of each file across multiple disks) but no redundancy. This improves performance but does not deliver fault tolerance. Level 1: Provides disk mirroring.

Level 2: Error correcting Codes by using Parity Check.

Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It provides good performance and some level of fault tolerance. Level 4: Uses Block level Stripping which keeps Parity block on a separate disk.

Level 5: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance.
Level 6: P+Q Redundancy Scheme i.e. Stores extra redundant information in case of disk failures.
1/16/2014 12

Views
A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users.

1/16/2014

13

Message Digest Algorithms and Digital Signatures

Message digest algorithm is the one-way hash function that produces a fixed-length string (hash) from an arbitrary-sized message. Its computationally infeasible that there is another message with the same digest, the digest does not reveal anything about the message. Digital signature consist of two parts: a string of bits that is computed from the message and the private key of organization. Digital signature is used to verify that the message comes from this organization.
1/16/2014 14

Security in Microsoft Access and Oracle DBMS

Microsoft Access
System level security - password. User-level security - identification as a member of groups (Administrators and Users), permissions are granted (Open/Run, Read, Update, Delete, etc).

Oracle DBMS
System level security - name, password. User-level security is based on a privilege, i.e a right to execute a particular type of SQL statements or to access another users object. System privileges and object privileges.
1/16/2014 15 End of the Presentation

Thank You!
1/16/2014 16