Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Application Security Models Database Application Security Models 1.

Published byJared Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Application Security Models Database Application Security Models 1."— Presentation transcript:

1 Database Application Security Models Database Application Security Models 1

2 2 Objectives What we have learned –the necessary background and best practices for database security and its elements –how to create users and roles and to assign privileges to users Describe the different types of users in a database environment and the distinct purpose of each Identify and explain the concepts of five security models List the most commonly used application types

3 3 Objectives (continued) Implement the most common application security models Understand the use of data encryption within database applications

4 4 Types of Users Application: –Solves a problem –Performs a specific business function MS Word, Adobe Acrobat Reader, etc Database: collection of related data files used by an application Application user: a record created for a user within the application schema to be used for authentication to the application

5 5 Types of Users (continued) Types: –Application administrator –Application owner –Application user –Database administrator –Database user –Proxy user ( A database user that has specific roles and privileges assigned to it. Isolating application users from the database ) –Schema owner

6 6 Security Models Access Matrix Model: –Represents two main entities: objects and subjects: Columns represent objects Rows represent subjects –Objects: tables, views, procedures, database objects –Subjects: users, roles, privileges, modules –Authorization cell ( access details on the object granted to the subject. access, operation, or commands )

7 7 Security Models (continued)

8 8 Access Modes Model: –Uses objects and subjects –Specifies access modes: static and dynamic modes –Access levels: a subject has access to objects at its level and all levels below it

9 9 Security Models (continued)

10 10 Security Models (continued)

11 11 Application Types Client/Server applications: –Management Information System (MIS) department: Thirty year ago centralized information Developed mainframe projects Was a bottleneck –Personal computer was introduced. A better architecture had to be developed that could take advantage of the flexibility of the PC, overcome the bottlenecks of the MIS Department, and overcome the inability of the PC environment to grow with increasing data needs. –Based on the business model the client submits inquiries and the server responds with answers to these inquiries

12 12 Client/Server Applications

13 13 Client/Server Applications (continued) Provides a flexible and scalable structure Components: –User interface –Business logic –Data access Components usually spread out over several tiers: –Minimum two –Normally, four to five

14 14 Client/Server Applications (continued)

15 15 Client/Server Applications (continued)

16 16 Web Applications Evolved with the rise of dot-com and Web- based companies Uses the Web to connect and communicate to the server A Web application uses HTML pages created using: –ActiveX –Java applets or beans –ASP (Active Server Pages) –More

17 17 Web Applications (continued)

18 18 Web Applications (continued) Components: –Web browser layer A typical browser program that allows users to navigate through Web pages found on the Internet –Web server layer A software program residing on a computer connected to the Internet that responds to requests submitted by the Web browsers –Application server layer A software program residing on a computer that is used for data processing and for interfacing to the business logic and database server –Business logic layer A software program that implements business rules –Database server layer A software program that stores and manages data

19 19 Web Applications (continued)

20 20 Data Warehouse Applications Used in decision-support applications Collection of many types of data taken from a number of different databases Typically composed of a database server Accessed by software applications or reporting applications: online analytical processing (OLAP)

21 21 Data Warehouse Applications (continued)

22 22 Application Security Models Models: –Database role based –Application role based –Application function based –Application role and function based –Application table based

23 23 Security Model Based on Database Roles Application authenticates application users: maintain all users in a table Each user is assigned a role; roles have privileges assigned to them A proxy user is needed to activate assigned roles; all roles are assigned to the proxy user Model and privileges are database dependent

24 24 Security Model Based on Database Roles (continued)

25 25 Security Model Based on Database Roles (continued) Implementation in Oracle: –Create users –Add content to your tables –Add a row for an application user –Create a proxy user –Create roles –Grant roles to the proxy user –Look for application user’s role –Activate the role for this specific session

26 26 Security Model Based on Application Roles Application roles are mapped to real business roles (titles or positions) Application authenticates users Each user is assigned to an application role; application roles are provided with application privileges (read and write)

27 27 Security Model Based on Application Roles (continued)

28 28 Security Model Based on Application Functions Application authenticates users Application is divided into functions Considerations: –Isolates application security from database –Passwords must be securely encrypted –Must use a real database user

29 29 Security Model Based on Application Functions (continued)

30 30 Security Model Based on Application Roles and Functions Combination of models Application authenticates users Application is divided into functions: –Roles are assigned to functions –Functions are assigned to users Highly flexible model

31 31 Security Model Based on Application Roles and Functions (continued)

32 32 Security Model Based on Application Tables Depends on the application to authenticate users Application provides privileges to the user based on tables; not on a role or a function User is assigned access privilege to each table owned by the application owner

33 33 Security Model Based on Application Tables (continued)

34 34 Data Encryption Passwords should be kept confidential and preferably encrypted Passwords should be compared encrypted: –Never decrypt the data –Hash the passwords and compare the hashes A hash is an algorithm that converts a varying text message to a fixed-length message.

35 35 Data Encryption (continued)

36 36 Summary An application user is simply a record created for a user within the application schema; usually does not have database privileges or roles assigned Access matrix: –Columns represent objects –Rows represent subjects –Authorization cell Access mode

37 37 Summary (continued) Application types: client/server, Web, and Data Warehouse Application security models –Database roles –Application roles –Application functions –Roles and functions in the application –Application tables

Download ppt "Database Application Security Models Database Application Security Models 1."

Similar presentations

Lecture-7/ T. Nouf Almujally

Lecture-7/ T. Nouf Almujally
Internet Security Protocols

Internet Security Protocols
Management Information Systems, Sixth Edition

Management Information Systems, Sixth Edition
Objectives In this session, you will learn to:

Objectives In this session, you will learn to:
Data - Information - Knowledge

Data - Information - Knowledge
8.

8.
Technical Architectures

Technical Architectures
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.

1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Peoplesoft Fundamentals David Lewis 10/18/02 (adapted from Psoft Training Materials)

Peoplesoft Fundamentals David Lewis 10/18/02 (adapted from Psoft Training Materials)
Client/Server Databases and the Oracle 10g Relational Database

Client/Server Databases and the Oracle 10g Relational Database
Distributed Information Systems - The Client server model

Distributed Information Systems - The Client server model
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Chapter 4: Database Management. Databases Before the Use of Computers Data kept in books, ledgers, card files, folders, and file cabinets Long response.

Chapter 4: Database Management. Databases Before the Use of Computers Data kept in books, ledgers, card files, folders, and file cabinets Long response.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
System Analysis and Design

System Analysis and Design
Chapter 2 Database Environment Pearson Education © 2014.

Chapter 2 Database Environment Pearson Education © 2014.
Introduction to Web Applications Instructor: Enoch E. Damson.

Introduction to Web Applications Instructor: Enoch E. Damson.
Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.

Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.

Similar presentations

Ads by Google