Chapter 5 Database Application Security Models

Slides:



Advertisements
Similar presentations
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Advertisements

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Lecture-7/ T. Nouf Almujally
Management Information Systems, Sixth Edition
Database Management System
Data - Information - Knowledge
8.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
1 Chapter 2 Database Environment Transparencies © Pearson Education Limited 1995, 2005.
Client/Server Databases and the Oracle 10g Relational Database
Database Management: Getting Data Together Chapter 14.
The Architecture of Transaction Processing Systems
Chapter 4: Database Management. Databases Before the Use of Computers Data kept in books, ledgers, card files, folders, and file cabinets Long response.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
Chapter 2 Database Environment Pearson Education © 2014.
Introduction to Web Applications Instructor: Enoch E. Damson.
Chapter 4 Database Management Systems. Chapter 4Slide 2 What is a Database Management System (DBMS)?  Database An organized collection of related data.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Emmanuel Cecchet et al.  Performance Scalability of J2EE application servers.  Test effect of: ◦ Application Implementation Methods ◦ Container Design.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Chapter 2 Database System Concepts and Architecture
Database Application Security Models
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
CST221: Database Systems Dr. Zhen Jiang Computer Science Department West Chester University West Chester, PA
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
The McGraw-Hill Companies, Inc Information Technology & Management Thompson Cats-Baril Chapter 3 Content Management.
CSC271 Database Systems Lecture # 4.
Security Architecture
M1G Introduction to Database Development 6. Building Applications.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Web Design and Development for E-Business By Jensen J. Zhao Copyright 2003 Prentice Hall, Inc. Web Design and Development for E-Business Jensen J. Zhao.
Database Application Security Models Database Application Security Models 1.
CHAPTER 8: MANAGING DATA RESOURCES. File Organization Terms Field: group of characters that represent something Record: group of related fields File:
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
5-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
MANAGING DATA RESOURCES ~ pertemuan 7 ~ Oleh: Ir. Abdul Hayat, MTI.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
1 Introduction to Oracle Chapter 1. 2 Before Databases Information was kept in files: Each field describes one piece of information about student Fields.
Controlling User Access. 2 home back first prev next last What Will I Learn? Compare the difference between object privileges and system privileges Construct.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
Oracle 11g: SQL Chapter 7 User Creation and Management.
Chapter 2 Database Environment.
3-1 Modeling Basic Entities DBMS Create Sort Search Addition Deletion Modification Create Sort Search Addition Deletion Modification DBMS is a Software.
Database Security. Introduction to Database Security Issues (1) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To.
ISC321 Database Systems I Chapter 2: Overview of Database Languages and Architectures Fall 2015 Dr. Abdullah Almutairi.
Slide 1 © 2016, Lera Technologies. All Rights Reserved. Oracle Data Integrator By Lera Technologies.
Management Information Systems by Prof. Park Kyung-Hye Chapter 7 (8th Week) Databases and Data Warehouses 07.
James A. Senn’s Information Technology, 3rd Edition
Client/Server Databases and the Oracle 10g Relational Database
Chapter 2 Database System Concepts and Architecture
Server Concepts Dr. Charles W. Kann.
Chapter 2 Database Environment Pearson Education © 2009.
MANAGING DATA RESOURCES
Introduction of Week 9 Return assignment 5-2
INTRODUCTION A Database system is basically a computer based record keeping system. The collection of data, usually referred to as the database, contains.
Presentation transcript:

Chapter 5 Database Application Security Models Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models

Objectives Describe the different types of users in a database environment and the distinct purpose of each Identify and explain the concepts of five security models List the most commonly used application types Database Security and Auditing

Objectives (continued) Implement the most common application security models Understand the use of data encryption within database applications Database Security and Auditing

Types of Users Application: Solves a problem Performs a specific business function Database: collection of related data files used by an application Application user: user within the application schema Database Security and Auditing

Types of Users (continued) Application administrator Application owner Application user Database administrator Database user Proxy user Schema owner Virtual user Database Security and Auditing

Security Models Access Matrix Model: Represents two main entities: objects and subjects: Columns represent objects Rows represent subjects Objects: tables, views, procedures, database objects Subjects: users, roles, privileges, modules Authorization cell Database Security and Auditing

Security Models (continued) Database Security and Auditing

Security Models (continued) Access Modes Model: Based on the Take-Grant model Uses objects and subjects Specifies access modes: static and dynamic modes Access levels: a subject has access to objects at its level and all levels below it Database Security and Auditing

Security Models (continued) Database Security and Auditing

Security Models (continued) Database Security and Auditing

Application Types Client/Server applications: Management Information System (MIS) department: Thirty year ago centralized information Developed mainframe projects Was a bottleneck Personal computer was introduced: developing need for client/server applications Based on the business model Database Security and Auditing

Client/Server Applications Database Security and Auditing

Client/Server Applications (continued) Provides a flexible and scalable structure Components: User interface Business logic Data access Components usually spread out over several tiers: Minimum two Normally, four to five Database Security and Auditing

Client/Server Applications (continued) Database Security and Auditing

Client/Server Applications (continued) Database Security and Auditing

Web Applications Evolved with the rise of dot-com and Web-based companies Uses the Web to connect and communicate to the server A Web application uses HTML pages created using: ActiveX Java applets or beans ASP (Active Server Pages) Database Security and Auditing

Web Applications (continued) Database Security and Auditing

Web Applications (continued) Components: Web browser layer Web server layer Application server layer Business logic layer Database server layer Database Security and Auditing

Web Applications (continued) Database Security and Auditing

Data Warehouse Applications Used in decision-support applications Collection of many types of data taken from a number of different databases Typically composed of a database server Accessed by software applications or reporting applications: online analytical processing (OLAP) Database Security and Auditing

Data Warehouse Applications (continued) Database Security and Auditing

Application Security Models Database role based Application role based Application function based Application role and function based Application table based Database Security and Auditing

Security Model Based on Database Roles Application authenticates application users: maintain all users in a table Each user is assigned a role; roles have privileges assigned to them A proxy user is needed to activate assigned roles; all roles are assigned to the proxy user Model and privileges are database dependent Database Security and Auditing

Security Model Based on Database Roles (continued) Database Security and Auditing

Security Model Based on Database Roles (continued) Implementation in Oracle: Create users Add content to your tables Add a row for an application user Look for application user’s role Activate the role for this specific session Database Security and Auditing

Security Model Based on Database Roles (continued) Implementation in SQL Server: Use application roles: Special roles you that are activated at the time of authorization Require a password and cannot contain members Connect a user to the application role: overrules user’s privileges Database Security and Auditing

Security Model Based on Database Roles (continued) Implementation in SQL Server (continued): Create and drop application roles using the command line and the Enterprise Manager: SP_ADDAPPROLE SP_DROPAPPROLE You can activate application roles using SP_SETAPPROLE Database Security and Auditing

Security Model Based on Database Roles (continued) Implementation in SQL Server (continued): Connect to database as the proxy user Validate the user name and password Retrieve the application role name Activate the application role Database Security and Auditing

Security Model Based on Database Roles (continued) Database Security and Auditing

Security Model Based on Application Roles Application roles are mapped to real business roles Application authenticates users Each user is assigned to an application role; application roles are provided with application privileges (read and write) Database Security and Auditing

Security Model Based on Application Roles (continued) Database Security and Auditing

Security Model Based on Application Roles (continued) Implementation in SQL Server Create a database user Connect the application to the database using this user Create stored procedures to perform all database operations Database Security and Auditing

Security Model Based on Application Functions Application authenticates users Application is divided into functions Considerations: Isolates application security from database Passwords must be securely encrypted Must use a real database user Granular privileges require more effort during implementation Database Security and Auditing

Security Model Based on Application Functions (continued) Database Security and Auditing

Security Model Based on Application Roles and Functions Combination of models Application authenticates users Application is divided into functions: Roles are assigned to functions Functions are assigned to users Highly flexible model Database Security and Auditing

Security Model Based on Application Roles and Functions (continued) Database Security and Auditing

Security Model Based on Application Tables Depends on the application to authenticate users Application provides privileges to the user based on tables; not on a role or a function User is assigned access privilege to each table owned by the application owner Database Security and Auditing

Security Model Based on Application Tables (continued) Database Security and Auditing

Security Model Based on Application Tables (continued) Implementation in SQL Server: Grant authorization on application functions to the end user Alter authorization table from the security model based on database roles; incorporate the table and access columns required to support model Database Security and Auditing

Application Security Models Database Security and Auditing

Application Security Models (continued) Database Security and Auditing

Data Encryption Passwords should be kept confidential and preferably encrypted Passwords should be compared encrypted: Never decrypt the data Hash the passwords and compare the hashes Database Security and Auditing

Data Encryption (continued) Database Security and Auditing

Summary An application user is simply a record created for a user within the application schema; usually does not have database privileges or roles assigned Access matrix: Columns represent objects Rows represent subjects Authorization cell Access mode Database Security and Auditing

Summary (continued) Application types: client/server, Web, and Data Warehouse Application security models Database roles Application roles Application functions Roles and functions in the application Application tables Database Security and Auditing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.