Database Security and Authorization

Views:
 
Category: Education
     
 

Presentation Description

about database management

Comments

Presentation Transcript

Database Security and Authorization :

Database Security and Authorization

Introduction to Database Security Issues :

Introduction to Database Security Issues Types of Security Legal and ethical issues regarding the right to access certain information. Some information may be deemed to be private and cannot be accessed legally by unauthorized persons. In the United States, there are numerous laws governing privacy of information. Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available—for example, credit ratings and personal medical records.

Types of Security:

Types of Security System-related issues such as the system levels at which various security functions should be enforced—for example, whether a security function should be handled at the physical hardware level, the operating system level, or the DBMS level. The need in some organizations to identify multiple security levels and to categorize the data and users based on these classifications—for example, top secret, secret, confidential, and unclassified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.

PowerPoint Presentation:

In a multiuser database system, the DBMS must provide techniques to enable certain users or user groups to access selected portions of a database without gaining access to the rest of the database . A DBMS typically includes a database security and authorization subsystem that is responsible for ensuring the security of portions of a database against unauthorized access.

PowerPoint Presentation:

Discretionary security mechanisms: These are used to grant privileges to users, including the capability to access specific data files, records, or fields in a specified mode (such as read, insert, delete, or update). Mandatory security mechanisms: These are used to enforce multilevel security by classifying the data and users into various security classes (or levels) and then implementing the appropriate security policy of the organization. For example, a typical security policy is to permit users at a certain classification level to see only the data items classified at the user’s own (or lower) classification level.

Control Measures:

Control Measures A ccess Control- preventing unauthorized persons from accessing the system itself—either to obtain information or to make malicious changes in a portion of the database. It is done by creating users accounts to log in to the DBMS.

PowerPoint Presentation:

Inference Control- statistical database, which is used to provide statistical information or summaries of values based on various criteria. For example, a database for population statistics may provide statistics based on age groups, income levels, size of household, education levels, and other criteria. Users are allowed to access the database to retrieve statistical information about a population but not to access the detailed confidential information on specific individuals . Such security is called statistical database security. User should not be able to infer the individual information using queries.

PowerPoint Presentation:

Flow Control- It prevents information from flowing in such a way that it reaches the unauthorized users. Data Encryption- It is used to protect sensitive data—such as credit card numbers—that is being transmitted via some type of communications network. Encryption can be used to provide additional protection for sensitive portions of a database as well. The data is encoded by using some coding algorithm.

Database Security and the DBA:

Database Security and the DBA DBA privileged commands include commands for granting and revoking privileges to individual accounts, users, or user groups and for performing the following types of actions: 1. Account creation: This action creates a new account and password for a user or a group of users to enable them to access the DBMS. 2. Privilege granting : This action permits the DBA to grant certain privileges to certain accounts. 3. Privilege revocation : This action permits the DBA to revoke (cancel) certain privileges that were previously given to certain accounts. 4. Security level assignment : This action consists of assigning user accounts to the appropriate security classification level.

Access Protection, User Accounts, and Database Audits:

Access Protection, User Accounts, and Database Audits Whenever a person or a group of persons needs to access a database system, the individual or group must first apply for a user account. The DBA will then create a new account number and password for the user if there is a legitimate need to access the database. The user must log in to the DBMS by entering the account number and password whenever database access is needed.

PowerPoint Presentation:

DBMS keeps track of database users and their accounts and passwords by creating an encrypted table or file with the two fields AccountNumber and Password . The database system must also keep track of all operations on the database that are applied by a certain user throughout each log-in session, which consists of the sequence of database interactions that a user performs from the time of logging in to the time of logging off.

PowerPoint Presentation:

To keep a record of all updates applied to the database and of the particular user who applied each update, we can modify the system log. Recall that the system log includes an entry for each operation applied to the database that may be required for recovery from a transaction failure or system crash.

PowerPoint Presentation:

If any tampering with the database is suspected, a database audit is performed, which consists of reviewing the log to examine all accesses and operations applied to the database during a certain time period . When an illegal or unauthorized operation is found, the DBA can determine the account number used to perform this operation .

PowerPoint Presentation:

Database audits are particularly important for sensitive databases that are updated by many transactions and users, such as a banking database that is updated by many bank tellers. A database log that is used mainly for security purposes is sometimes called an audit trail.

Discretionary Access Control Based on Granting/Revoking of Privileges :

Discretionary Access Control Based on Granting/Revoking of Privileges The typical method of enforcing discretionary access control in a database system is based on the granting and revoking of privileges. there are two levels for assigning privileges to use the database system: 1. The account level: At this level, the DBA specifies the particular privileges that each account holds independently of the relations in the database. 2. The relation (or table) level: At this level, we can control the privilege to access each individual relation or view in the database.

PowerPoint Presentation:

The privileges at the account level apply to the capabilities provided to the account itself and can include the CREATE SCHEMA or CREATE TABLE privilege, to create a schema or base relation; the CREATE VIEW privilege; the ALTER privilege, etc. The second level of privileges applies to the relation level, whether they are base relations or virtual (view) relations.

PowerPoint Presentation:

To control the granting and revoking of relation privileges, each relation R in a database is assigned an owner account, which is typically the account that was used when the relation was created in the first place. The owner of a relation is given all privileges on that relation.

PowerPoint Presentation:

In SQL the following types of privileges can be granted on each individual relation R: • SELECT (retrieval or read) privilege on R: Gives the account retrieval privilege. In SQL this gives the account the privilege to use the SELECT statement to retrieve tuples from R. • MODIFY privileges on R: This gives the account the capability to modify tuples of R. In SQL this privilege is further divided into UPDATE, DELETE, and INSERT privileges to apply the corresponding SQL command to R. In addition, both the INSERT and UPDATE privileges can specify that only certain attributes of R can be updated by the account. • REFERENCES privilege on R: This gives the account the capability to reference relation R when specifying integrity constraints. This privilege can also be restricted to specific attributes of R.

PowerPoint Presentation:

Specifying Privileges Using Views The mechanism of views is an important discretionary authorization mechanism in its own right . For example, if the owner A of a relation R wants another account B to be able to retrieve only some fields of R, then A can create a view V of R that includes only those attributes and then grant SELECT on V to B . The same applies to limiting B to retrieving only certain tuples of R; a view V can be created by defining the view by means of a query that selects only those tuples from R that A wants to allow B to access.

PowerPoint Presentation:

Revoking Privileges In some cases it is desirable to grant some privilege to a user temporarily. For example, the owner of a relation may want to grant the SELECT privilege to a user for a specific task and then revoke that privilege once the task is completed. Hence, a mechanism for revoking privileges is needed.

Propagation of Privileges Using the GRANT OPTION :

Propagation of Privileges Using the GRANT OPTION Whenever the owner A of a relation R grants a privilege on R to another account B, the privilege can be given to B with or without the GRANT OPTION. If the GRANT OPTION is given, this means that B can also grant that privilege on R to other accounts.

Examples :

Examples GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2; GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION; REVOKE SELECT ON EMPLOYEE FROM A3; CREATE VIEW A3EMPLOYEE AS SELECT NAME, BDATE, ADDRESS FROM EMPLOYEE WHERE DNO = 5; GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION;

Introduction to Statistical Database Security :

Introduction to Statistical Database Security Statistical databases are used mainly to produce statistics on various populations. The database may contain confidential data on individuals, which should be protected from user access. However, users are permitted to retrieve statistical information on the populations, such as averages, sums, counts, maximums, minimums, and standard deviations.

PowerPoint Presentation:

Example is a PERSON relation with the attributes NAME, SSN, INCOME, ADDRESS, CITY, STATE, ZIP, SEX , and LAST_DEGREE. A population is a set of tuples of a relation (table) that satisfy some selection condition. Hence each selection condition on the PERSON relation will specify a particular population of PERSON tuples .

PowerPoint Presentation:

Statistical queries involve applying statistical functions to a population of tuples . For example, we may want to retrieve the number of individuals in a population or the average income in the population. However, statistical users are not allowed to retrieve individual data, such as the income of a specific person. Statistical database security techniques must prohibit the retrieval of individual data.

PowerPoint Presentation:

We can control the access to database by allowing only queries that involve statistical aggregate functions such as COUNT, SUM, MIN, MAX, AVERAGE, and STANDARD DEVIATION. Such queries are sometimes called statistical queries.

PowerPoint Presentation:

In some cases it is possible to infer the values of individual tuples from a sequence of statistical queries. This is particularly true when the conditions result in a population consisting of a small number of tuples . SELECT COUNT (*) FROM PERSON WHERE <condition>;

PowerPoint Presentation:

Now suppose that we are interested in finding the SALARY of ‘Jane Smith’, and we know that she has a PH.D. degree and that she lives in the city of Bellaire, Texas. We issue the statistical query Q1 with the following condition: (LAST_DEGREE=‘PH.D.’ AND SEX=‘F’ AND CITY=‘Bellaire’ AND STATE=‘Texas’) If we get a result of 1 for this query, we can issue Q2 with the same condition and find the INCOME of Jane Smith.

PowerPoint Presentation:

The possibility of inferring individual information from statistical queries is reduced if no statistical queries are permitted whenever the number of tuples in the population specified by the selection condition falls below some threshold. Another technique for prohibiting retrieval of individual information is to prohibit sequences of queries that refer repeatedly to the same population of tuples .