1. ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication They do auditing All at the proprietary database level. A for pay solution, not based on open standards.

2. The DBMS_CRYPTO Package Formerly DBMS_OBFUSCATION (Release 8) Extensive control of options Generate as many, or as few keys as you desire Granular access control, Manual salt generation, algorithm selection, chaining mode Limited Transparency

3. Transparent Data Encryption Integrated with the Oracle database for simplicity Alter table encrypt column … Provides application transparency No API calls, database triggers or views required Media protection of PII data Social security numbers Credit Card Numbers Performance Works with existing indexes for fast searches

4. Separation of duties DBA starts up Database Security DBA opens wallet containing master key Wallet password is separate from System or DBA password No access to wallet

5. Master key and column keys Column keys encrypted by master key Master key stored in PKCS#12 wallet Security DBA opens wallet containing master key Column keys encrypt data in columns

6. End to End Security Data Encrypted On Backup Files Data Written To Disk Automatically Encrypted Data Automatically Decrypted Through SQL Interface Oracle Advanced Security Network Encryption Oracle Advanced Security Strong Authentication Oracle Advanced Security Transparent Data Encryption

7. AUDITING Audit & monitor database activity Logon failures, privilege usage, data access, object access,and other activities Standard Audit Trail (over 250 audit actions) Gives first level of information about access to the database Statement auditing Privilege auditing Schema Object auditing Fine-Grained Auditing (FGA) Gives second level of information about specific operations to the database Enables you to monitor data access based on content. Oracle Database 10g Auditing

8. Fine-grained auditing (FGA) Beginning with Oracle9i Database, Oracle provides the capability to audit specific rows within a table. This is accomplished using the DBMS_FGA package. Features Attach audit policy to table or view Specify audit condition using a SQL predicate User’s query text with bind variables are written to audit record upon a triggering audit event Event handler can alert administrator to triggering condition (e.g. write record to log, send page)