Security of the database

Security of the database

• 1.
  Security of theDatabase A Presentation By_ Pratik Tamgadge 1/14/2014 1
• 2.
  Contents • What isDatabase Security? • Issues in Database security • How to Secure? – – – – – – Access Control Mechanism Cryptography Backup and Recovery RAID Implementation Views Digital Signatures • Security in Microsoft Access and Oracle DBMS 1/14/2014 2
• 3.
  What is DatabaseSecurity? • In today’s world, we need everything secured whether it is your mobile phone , computer , vehicle or almost anything. • So do your Database. • As it stores your Personal, Confidential and Critical data. • If we look at the definition part of Database Security , we may say, It’s the mechanism that protects the database against intentional or accidental threats. 1/14/2014 3
• 4.
  Issues in DatabaseSecurity • Unauthorized access to your Database. • Managing large amount of data which belongs to relatively large organization. • Keeping track of all the authorized Users of the Database. • Physical Security. • Network Security. 1/14/2014 4
• 5.
  Now How You’llSecure it? Well, these are some basic security measures which you can have to your Databases. Access Control Mechanism » As the name “Access Control” itself describes that this mechanism is all about User’s Access to the Databases. » In this mechanism, we have three kinds of Access Control. 1. Discretionary Access Control 2. Mandatory Access Control. 3. Role based Access Control. 1/14/2014 5
• 6.
  Discretionary Access Control • Theword “Discretionary” means to act in a way to avoid the Revealing of Confidential information. • In this method , we can GRANT and REVOKE privileges to different Users of the Database. Now you will think, what is this? GRANT? REVOKE? Privileges? Well, GRANT = “To allow” OR “To give some rights”, REVOKE = “To cancel the GRANT” i.e. “Not to allow” and Privileges = Permissions i.e. various commands like CREATE,UPDATE etc. • • GRANT and REVOKE are Database Commands used to operate Database. We will use these commands like this, » GRANT [Privileges] ON [Database Objects] TO USER [With GRANT Option]; » REVOKE [Privileges] ON [Database Object] FROM USER; 1/14/2014 6
• 7.
  Mandatory Access Control • • • Thismethod provides Multilevel Security by Classifying data and Users into different SECURITY LEVELS. Now in this, Security has its class or level. Implementation of Mandatory Access Control is in, – Government of Nations – Military – Business Intelligence • Mandatory Access Control provides Security for extreme Confidential Information. • Security Classes are like, – – – – • • Top Security (TS) Secret (S) Confidential (C) Unclassified (U) Note : Intensity of Security is like, TS > S > C > U Now you will wonder how security is classified? Well, it is classified using Bell-LaPadula Model. 1/14/2014 7
• 8.
  Role Based AccessControl • Roll based Access Control provides Security according to the ROLE of the User who is accessing the Database. • ROLE of the user is created using CREATE command. • Role gives permissions to only authorized users to access the data. • Thus Roles provides security in a smart and simple way. 1/14/2014 8
• 9.
  Cryptography • Cryptography isa way of enclosing the data called Encryption while Sending and disclosing that data called Decryption while it is received. • Have a look at this, 1/14/2014 9
• 10.
  Cryptography contd. • There aretwo types of Cryptography. – Symmetric Key Cryptography • In this , Both sender and receiver have the same key for Encryption and Decryption. – Asymmetric Key Cryptography • In this , Sender uses Public Key for Encryption and Receiver uses its own Private key for Decryption. 1/14/2014 10
• 11.
  Backup and Recovery •Backup - The process of periodically taking a copy of the database and log file on to offline storage media. • Journaling - The process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure. 1/14/2014 11
• 12.
  RAID Implementation RAID i.e.Redundant Array of Inexpensive Disks, is a category of disk drives that employ two or more drives in combination for fault tolerance and Performance. This Array of Disks have levels as follows, • Level 0: Provides data striping (spreading out blocks of each file across multiple disks) but no redundancy. This improves performance but does not deliver fault tolerance. • Level 1: Provides disk mirroring. • Level 2: Error correcting Codes by using Parity Check. • Level 3: Same as Level 0, but also reserves one dedicated disk for error correction data. It provides good performance and some level of fault tolerance. • Level 4: Uses Block level Stripping which keeps Parity block on a separate disk. • Level 5: Provides data striping at the byte level and also stripe error correction information. This results in excellent performance and good fault tolerance. • Level 6: P+Q Redundancy Scheme i.e. Stores extra redundant information in case of disk failures. 1/14/2014 12
• 13.
  Views • A viewis the dynamic result of one or more relational operations operating on the base relations to produce another relation. A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request. • The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users. 1/14/2014 13
• 14.
  Message Digest Algorithms and DigitalSignatures • Message digest algorithm is the one-way hash function that produces a fixed-length string (hash) from an arbitrary-sized message. It’s computationally infeasible that there is another message with the same digest, the digest does not reveal anything about the message. • Digital signature consist of two parts: a string of bits that is computed from the message and the private key of organization. • Digital signature is used to verify that the message comes from this organization. 1/14/2014 14
• 15.
  Security in MicrosoftAccess and Oracle DBMS Microsoft Access • System level security - password. • User-level security - identification as a member of groups (Administrators and Users), permissions are granted (Open/Run, Read, Update, Delete, etc). Oracle DBMS • System level security - name, password. • User-level security is based on a privilege, i.e a right to execute a particular type of SQL statements or to access another user’s object. • System privileges and object privileges. 1/14/2014 15 End of the Presentation
• 16.
  Thank You! 1/14/2014 16