Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

Published byCody Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Overview of Database Security Introduction Security Problems Security Controls Designing Database Security."— Presentation transcript:

1 Overview of Database Security Introduction Security Problems Security Controls Designing Database Security

2 Security Problems Outline Threats to database security Database protection requirements

3 Security Problems Threats to Database Security What is a threat? Three Consequences Two Kind of threats

4 Security Problems What is a threat? A threat can be defined as a hostile agent that, either casually or by using specialized technique, disclose, modify or delete the information managed by a database management system.

5 Security Problems Three Consequences Improper release of information Improper modification of data Denial of service

6 Security Problems Two Kinds of Threat Accidental (Non-fraudulent) Intentional (fraudulent)

7 Security Problems Causes of Non-fraudulent Threat Natural or accidental disasters Errors or bugs in hardware or software Human errors

8 Security Problems Fraudulent Threat from Two Classes of User Authorized users Those who abuse their privileges and authority Hostile agents Those improper users (outsider or insiders) who attack the software and/or hardware system, or improperly read or write data in a database

9 Security Problems Three Typical Attacks Virus Trojan Horse Trapdoor

10 Security Problems Virus A code able to copy itself and to damage permanently and often irreparably the environment where it gets reproduced

11 Security Problems Trojan Horse A program which, under an apparent utility, collects information for its own fraudulent use

12 Security Problems Trapdoor A code segment hidden within a program; a special input will start this segment and allow its owner to skip the protection mechanisms and to access the database beyond his or her privileges

13 Security Problems Database Protection Requirements Protection from Improper Access It consists of granting access to a database only to authorized users Protection from Inference Users must be prevented from tracking back to information on individual entities starting from statistical aggregated information Integrity of the Database Ensuring the logical consistency of data in a database User Authentication Identifying uniquely the database users

14 Security Problems Database Protection Requirements Accountability and Auditing Recording all accesses to the database for analysis and for deterrence of unauthorized accesses Management and Protection of Sensitive Data Protecting the sensitive data from unauthorized users Multilevel Protection Information may be classified at various levels of protection Confinement To avoid undesired information transfer between systems

Download ppt "Overview of Database Security Introduction Security Problems Security Controls Designing Database Security."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Information Security EDU 5815 1. IT Security Terms EDU 5815 2.

Information Security EDU IT Security Terms EDU
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Auditing Computer Systems

Auditing Computer Systems
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Chapter 1 – Introduction

Chapter 1 – Introduction
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Operating Systems Protection & Security.

Operating Systems Protection & Security.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.

Similar presentations

Ads by Google