KEMBAR78
Database Security and Management Systems | PPTX
Uploaded byIsmaelKakaRealsoft
PPTX, PDF49 views

Database Security and Management Systems

Database security involves protecting a database from unauthorized access and threats through various mechanisms affecting hardware, software, and data. It includes authorization, authentication, and access control strategies to manage user privileges, as well as encryption to safeguard sensitive data. Effective database security requires a combination of physical, administrative, and technical countermeasures to mitigate risks such as theft, fraud, and loss of integrity.

Download to read offline
Database Security
What is Database Security • Database security means protection of a database against unauthorized access, either intentional or unintentional • Database security requires the mechanisms, that protect a database against the intentional or accidental threats • Such mechanisms affect the hardware, software, people, and data components of a database management system • Database security protects against: • Theft and fraud, • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability
Threats • A threat is any situation or event, whether intentional or accidental, that may adversely effect on a system Sample threats: • Unauthorized amendment or copying of data • Using another person's means of access • Program alteration • Wire tapping • Illegal entry by hacker • Blackmail • Theft • Failure of security mechanisms And the others
Countermeasures • Countermeasures range from the physical controls to the administrative controls • Security of Database Management System (DBMS) is as good as security of an operating system running DBMS • We consider the following computer-based security controls in a multiuser environment • Authorization and authentication • Encryption • Views • Backup and recovery • Integrity
Authorization and authentication • Authorization means granting a right or a privilege to have a legitimate access to a system or the resources operated by a system • Authorization is usually built into the software and it determines what system or object a user can access and what a user is allowed to do with it • In a process of authorization a subject representing a user or a program requests and obtains access to an object, that represent relational table, relational view, etc • A process of authorization requires authentication of a subject
Authorization and authentication • Authentication is a mechanism, that determines whether a user is who he or she claims to be • A system administrator is responsible for allowing the users to have access to a computer system by creating the individual user accounts • When an account is created a user is given a unique identifier and a user picks a password associated with the identifier • To reduce the total number of user names and passwords it is possible to authenticate user's access to a database system through earlier authentication of access to an operating system • Such solution is not as safe as two separate passwords and it is consistent with a principle saying, that simplification of data access always reduces data security
Access Control • A typical way to control access to a database system is based on granting and revoking privileges • A privilege allows a user to create, to drop, or to access in read or write mode some database objects like relational tables, relational views, index, etc or to perform certain operations • The privileges are granted to a user to accomplish their task • The excessive privileges can compromise security • A user who creates a database object becomes an owner of the object and he/she automatically gets all privileges on the object • DBMS keeps track of all granted privileges to ensure that only selected user can access and can perform operations on the database objects
Access Control • There are two different strategies of access control: • Discretionary Access Control (DAC) Mandatory Access Control (MAC) • In Discretionary Access Control each user is given the access rights (privileges) on the specific database objects • A user obtains the privileges in a moment when he/she creates an object and the access of other users to the object is at a discretion of an owner • It is an effective system with some weaknesses, for example: • A user Alice creates a new relational table R and grants write access to such table to a user Bob • a user Bob owns a relational table S, which is not accessible to a user Alice • a user Alice modifies a software used by a user Bob, such that it copies the contents of a table S to a table R • user Alice returns a software used by user Bob to its original state
Access Control • Mandatory Access Control is based on system-wide policies that cannot be changed by the individual users • Each database object is assigned a security class and each user is assigned a clearance for a security class and the rules are imposed on reading and writing the database objects by the users • DBMS determines whether a user can read or write a database object based on certain rules, that involve a security level of the object and a clearance of the user
Encryption • Encryption of data means encoding of data by a special algorithm, that renders the data unreadable by any program without the decryption key • Sensitive data can be encoded to protect it against external threats or access • Some DBMS provide special facilities to encrypt data and to access encrypted data after decoding it • Usually there is a degradation in performance because of time needed to decode data
Encryption • A typical cryptosystem includes: • An encryption key to encrypt data (plaintext) • An encryption algorithm that with the encryption key transfroms plaintext into ciphertext • A decryption key to decrypt the ciphertext • A decryption algorithm to use decryption key with cipher text and to create the original plaintext

More Related Content

PPT
Lecture 7 Database security managent such as backup, replication.ppt
byAnnKingori
 
PPTX
Presentation on Database Security in DBMS
byGaurav977214
 
PDF
Security Issues Surrounding Data Manipulation in a Relational Database
byDavid Murphy
 
PPTX
Database security
byafzaalkhalid1
 
PPTX
unit 5 in the database for master of Engineering
bypoonkodiraja2806
 
PPTX
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
PPTX
database Security for data security .pptx
byKarimAhmed722436
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 
Lecture 7 Database security managent such as backup, replication.ppt
byAnnKingori
 
Presentation on Database Security in DBMS
byGaurav977214
 
Security Issues Surrounding Data Manipulation in a Relational Database
byDavid Murphy
 
Database security
byafzaalkhalid1
 
unit 5 in the database for master of Engineering
bypoonkodiraja2806
 
Database Security, Threats & Countermeasures.pptx
bySaqibAhmedKhan4
 
database Security for data security .pptx
byKarimAhmed722436
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
byAnuradhaGupta789099
 

Similar to Database Security and Management Systems

PPT
Database security copy
byfika sweety
 
PPTX
Database Security ppt on digital marketing
bypoonamBhalla5
 
PPTX
Database security and privacy
byMd. Ahasan Hasib
 
PPTX
Database security
bySoftware Engineering
 
PPT
Database Security
byalraee
 
PPTX
01 database security ent-db
byuncleRhyme
 
PDF
Data base Access Control a look at Fine grain Access method
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
PPT
Dbms ii mca-ch12-security-2013
byProsanta Ghosh
 
PDF
Chapter 6 Database Security and Authorization (4).pdf
byabrehamcheru14
 
DOCX
Database Security—Concepts,Approaches, and ChallengesElisa
byOllieShoresna
 
PDF
Database security presentation in easy way
byArsalanMaqsood1
 
PPTX
Database Security Methods, DAC, MAC,View
byDr-Dipali Meher
 
PPTX
Database security
byMaryamAsghar9
 
PPTX
ch20 Secuity & Admin Transparencies-6E.pptx
byalhashediyemen1
 
PDF
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
byDr Amit Phadikar
 
PPT
Security and Authorization introductory notes.ppt
bySubburamSivakumar1
 
PPTX
Security of the database
byPratik Tamgadge
 
PPTX
3130703_DBMS_GTU_Study_Material_Presentations_Unit-8_16102020044754AM.pptx
byRameshPrasadBhatta2
 
PDF
uu (2).pdf
byuzairAsif268
 
PDF
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 
Database security copy
byfika sweety
 
Database Security ppt on digital marketing
bypoonamBhalla5
 
Database security and privacy
byMd. Ahasan Hasib
 
Database security
bySoftware Engineering
 
Database Security
byalraee
 
01 database security ent-db
byuncleRhyme
 
Data base Access Control a look at Fine grain Access method
byInternational Journal of Engineering Inventions www.ijeijournal.com
 
Dbms ii mca-ch12-security-2013
byProsanta Ghosh
 
Chapter 6 Database Security and Authorization (4).pdf
byabrehamcheru14
 
Database Security—Concepts,Approaches, and ChallengesElisa
byOllieShoresna
 
Database security presentation in easy way
byArsalanMaqsood1
 
Database Security Methods, DAC, MAC,View
byDr-Dipali Meher
 
Database security
byMaryamAsghar9
 
ch20 Secuity & Admin Transparencies-6E.pptx
byalhashediyemen1
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
byDr Amit Phadikar
 
Security and Authorization introductory notes.ppt
bySubburamSivakumar1
 
Security of the database
byPratik Tamgadge
 
3130703_DBMS_GTU_Study_Material_Presentations_Unit-8_16102020044754AM.pptx
byRameshPrasadBhatta2
 
uu (2).pdf
byuzairAsif268
 
databasesecurit-phpapp01.pdf
byAnSHiKa187943
 

Recently uploaded

PDF
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PDF
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
PDF
“Toward Hardware-agnostic ADAS Implementations for Software-defined Vehicles,...
byEdge AI and Vision Alliance
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
The End of the Missed Call - How AI Recaptures Lost Leads and Secures ROI
byiovox
 
PDF
Morgenbooster: Navigating Ai Criticism with Systems Thinking
by1508 A/S
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
BSides NYC 2025: Inside Cloud Attack Paths End-to-End Adversary Simulation
byMauricio Velazco
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
A 4-Terminal Approach to Validating Charge Conservation in MOSFET Compact Models
byEalwan Lee
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
Expert Python App Development Company for Modern Enterprises
bySynapseIndia
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
“Depth Estimation from Monocular Images Using Geometric Foundation Models,” a...
byEdge AI and Vision Alliance
 
“Toward Hardware-agnostic ADAS Implementations for Software-defined Vehicles,...
byEdge AI and Vision Alliance
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
The End of the Missed Call - How AI Recaptures Lost Leads and Secures ROI
byiovox
 
Morgenbooster: Navigating Ai Criticism with Systems Thinking
by1508 A/S
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 

Database Security and Management Systems

  • 1.
  • 2.
    What is DatabaseSecurity • Database security means protection of a database against unauthorized access, either intentional or unintentional • Database security requires the mechanisms, that protect a database against the intentional or accidental threats • Such mechanisms affect the hardware, software, people, and data components of a database management system • Database security protects against: • Theft and fraud, • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability
  • 3.
    Threats • A threatis any situation or event, whether intentional or accidental, that may adversely effect on a system Sample threats: • Unauthorized amendment or copying of data • Using another person's means of access • Program alteration • Wire tapping • Illegal entry by hacker • Blackmail • Theft • Failure of security mechanisms And the others
  • 4.
    Countermeasures • Countermeasures rangefrom the physical controls to the administrative controls • Security of Database Management System (DBMS) is as good as security of an operating system running DBMS • We consider the following computer-based security controls in a multiuser environment • Authorization and authentication • Encryption • Views • Backup and recovery • Integrity
  • 5.
    Authorization and authentication •Authorization means granting a right or a privilege to have a legitimate access to a system or the resources operated by a system • Authorization is usually built into the software and it determines what system or object a user can access and what a user is allowed to do with it • In a process of authorization a subject representing a user or a program requests and obtains access to an object, that represent relational table, relational view, etc • A process of authorization requires authentication of a subject
  • 6.
    Authorization and authentication •Authentication is a mechanism, that determines whether a user is who he or she claims to be • A system administrator is responsible for allowing the users to have access to a computer system by creating the individual user accounts • When an account is created a user is given a unique identifier and a user picks a password associated with the identifier • To reduce the total number of user names and passwords it is possible to authenticate user's access to a database system through earlier authentication of access to an operating system • Such solution is not as safe as two separate passwords and it is consistent with a principle saying, that simplification of data access always reduces data security
  • 7.
    Access Control • Atypical way to control access to a database system is based on granting and revoking privileges • A privilege allows a user to create, to drop, or to access in read or write mode some database objects like relational tables, relational views, index, etc or to perform certain operations • The privileges are granted to a user to accomplish their task • The excessive privileges can compromise security • A user who creates a database object becomes an owner of the object and he/she automatically gets all privileges on the object • DBMS keeps track of all granted privileges to ensure that only selected user can access and can perform operations on the database objects
  • 8.
    Access Control • Thereare two different strategies of access control: • Discretionary Access Control (DAC) Mandatory Access Control (MAC) • In Discretionary Access Control each user is given the access rights (privileges) on the specific database objects • A user obtains the privileges in a moment when he/she creates an object and the access of other users to the object is at a discretion of an owner • It is an effective system with some weaknesses, for example: • A user Alice creates a new relational table R and grants write access to such table to a user Bob • a user Bob owns a relational table S, which is not accessible to a user Alice • a user Alice modifies a software used by a user Bob, such that it copies the contents of a table S to a table R • user Alice returns a software used by user Bob to its original state
  • 9.
    Access Control • MandatoryAccess Control is based on system-wide policies that cannot be changed by the individual users • Each database object is assigned a security class and each user is assigned a clearance for a security class and the rules are imposed on reading and writing the database objects by the users • DBMS determines whether a user can read or write a database object based on certain rules, that involve a security level of the object and a clearance of the user
  • 10.
    Encryption • Encryption ofdata means encoding of data by a special algorithm, that renders the data unreadable by any program without the decryption key • Sensitive data can be encoded to protect it against external threats or access • Some DBMS provide special facilities to encrypt data and to access encrypted data after decoding it • Usually there is a degradation in performance because of time needed to decode data
  • 11.
    Encryption • A typicalcryptosystem includes: • An encryption key to encrypt data (plaintext) • An encryption algorithm that with the encryption key transfroms plaintext into ciphertext • A decryption key to decrypt the ciphertext • A decryption algorithm to use decryption key with cipher text and to create the original plaintext