DATABASE SECURITY

By
V. Bharath Kumar
R. Vinu Vishal

D
A
T
A
B
A
S
E

S
E
C
U
R
I
T
Y

Database Security:

Database security is the mechanism that protect

the database against intentional or accidental threats.

Database security concerns the use of a broad

range of information security controls to protect
databases against compromises of their
confidentiality, integrity and availability.

We consider database security in relation to the following

situations:
Theft

and Fraud
Loss of confidentiality
Loss of privacy
Loss of integrity
Loss of availability
Threat:
Threat is any intentional or accidental event that may
adversely affect the system.

Examples of threats:
Using

another persons log-in name to access data

Unauthorized copying data
Program/Data alteration
Illegal entry by hacker
Viruses
Data Corruption due to power loss

Computer-Based Controls:
Authorization
Views
Backup and Recovery
Integrity
Encryption
RAID Technology

 The granting of a privilege that enable a user to have a

legitimate access to a system.
They are sometimes referred as access controls.
The process of authorization involves authenticating the user
requesting access to data.
Types of Privileges:
System Privileges
Object Privileges

System Privileges:

These privileges are given by the system

administrator to the users for creating tables and views.
Example:
CREATE SESSION
Object Privileges:

These privileges are given to users by another user

for accessing his own tables or any objects.
Example:
INSERT

 Authenticating

means a mechanism that determines

whether a user is who he/she claim to be.

A system administrator is responsible for allowing

users to have access to the system by creating
individual user accounts.

A view is the dynamic result of one or more

relational operations operating on the base relations
to produce another relation.

A view is a virtual relation that does not actually

exist in the database, but is produced upon request by
a particular user, at the time of request.

The view mechanism provides a powerful and

flexible security mechanism by hiding parts of the
database from certain users.

 Backup & Recovery is the process of periodically taking a

copy of the database and log file on to offline storage media.
DBMS should provide backup facilities to assist with the
recovery of a database failure.
Types of Backup:
Physical backup
Logical backup
Physical backup:
The actual physical database files are copied on a magnetic
tape or CD.

Logical Backup:
In this type, only the data are extracted from database using
SQL statements.
Journaling:
The process of keeping and maintaining a log file of all
changes made to the database to enable recovery to be
undertaken effectively in the event of a failure.

Recovery:
Database recovery is a process of restoring a
database to the correct state in case of any failure.

Data integrity means that data is protected from

deletion and corruption.

Data integrity is normally achieved by a series of

integrity constraints or rules.

Maintaining a secure database system by

preventing data from becoming invalid.

The encoding of data by a special algorithm that renders the data unreadable by
any program without the decryption key.
There will be degradation in performance because of the time taken to decode it.
It also protects the data transmitted over communication lines.

Plain-data

Algorithm and
password

Encrypted
data

RAID is a category of disk drives that employ two or more drives in combination for fault
tolerance and performance. RAID disk drives are used frequently on servers running the
databases.
Level 0: Provides data striping.
Level 1: Provides disk mirroring.
Level 2: Hamming code parity
Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It
provides good performance and some level of fault tolerance.
Level 5: Provides data striping at the byte level and also stripe error correction information. This
results in excellent performance and good fault tolerance.

Raid 5

Microsoft Access:
System level security : Password.
User-level security : Identification as a member of groups
(Administrators and Users), permissions are granted
(Open/Run, Read, Update, Delete, etc).
Oracle DBMS:
System level security : name, password.
User-level security is based on a privilege, that is a right to
execute a particular type of SQL statements or to access
another users object. System privileges and
object privileges.

 Proxy servers
Firewalls
Message Digest Algorithms and Digital
Signature
Digital Certificates
SSL and S-HTTP

Proxy servers is a computer that sits between a Web

browser and a Web servers.
It intercepts all requests for web pages and saves them
locally for some time. Proxy server provides
improvement in performance and filters requests.

Computer A
Proxy-server
Computer B

Internet

 Firewall

- is a system that prevents unauthorized

access to or from private network. Implemented in
software, hardware or both.

Packet filter
Application gateway
Circuit-level gateway (TCP, UDP protocols)
Proxy server

 Digital

Certificate is an attachment to an electronic

message used for security purposes, most commonly
to verify that a user sending a message is who he/she
claims to be, and provide the receiver with the means
to encrypt a reply.

SSL creates a secure connection between a client and a server, over

which any amount of data can be sent securely.

S-HTTP is designed to transmit individual messages securely.

Allow Web browsers and servers to authenticate each other.

Permit Web site owners to control access to particular servers,

directories, files

Allow sharing of sensitive information (credit card numbers) only

between browser and server

Ensure that data exchange between browser and server is reliable