Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA ACCESS CONTROL, MANAGEMENT DATA AND SECURITY (CIB125) PERTEMUAN 6

Published byIvan Kurniawan Modified over 5 years ago

Similar presentations

Presentation on theme: "DATA ACCESS CONTROL, MANAGEMENT DATA AND SECURITY (CIB125) PERTEMUAN 6"— Presentation transcript:

1 DATA ACCESS CONTROL, MANAGEMENT DATA AND SECURITY (CIB125) PERTEMUAN 6
IR. NIZIRWAN ANWAR, MT PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS ILMU KOMPUTER

2 Semantic Data Control Involves: View management Security control
Integrity control Objective : Insure that authorized users perform correct operations on the database, contributing to the maintenance of the database integrity.

3 Query Modification View – virtual relation
EMP ENO ENAME TITLE E1 J. Doe Elect. Eng View – virtual relation generated from base relation(s) by a query not stored as base relations Example : CREATE VIEW SYSAN(ENO,ENAME) AS SELECT ENO,ENAME FROM EMP WHERE TITLE= "Syst. Anal." E2 M. Smith Syst. Anal. E3 A. Lee Mech. Eng. E4 J. Miller Programmer E5 B. Casey Syst. Anal. E6 L. Chu Elect. Eng. E7 R. Davis Mech. Eng. E8 J. Jones Syst. Anal. ENO ENAME E2 M.Smith E5 B.Casey E8 J.Jones SYSAN

4 View Management Views can be manipulated as base relations Example : SELECT ENAME, PNO, RESP FROM SYSAN, ASG WHERE SYSAN.ENO = ASG.ENO

5 View Management To restrict access CREATE VIEW ESAME AS SELECT *
FROM EMP E1, EMP E2 WHERE E1.TITLE = E2.TITLE AND E1.ENO = USER Query SELECT * FROM ESAME

6 Query Modification Queries expressed on views ; Queries expressed on base relations Example : SELECT ENAME, PNO, RESP FROM SYSAN, ASG WHERE SYSAN.ENO = ASG.ENO SELECT ENAME,PNO,RESP FROM EMP, ASG WHERE EMP.ENO = ASG.ENO AND TITLE = "Syst. Anal." ENAME PNO RESP M.Smith P1 Analyst M.Smith P2 Analyst B.Casey P3 Manager J.Jones P4 Manager

7 Data Security Data protection
Prevents the physical content of data to be understood by unauthorized users Uses encryption/decryption techniques (Public key) Access control Only authorized users perform operations they are allowed to on database objects Discretionary access control (DAC) Long been provided by DBMS with authorization rules Multilevel access control (MAC) Increases security with security levels

8 Discretionary Access Control (DAC)
Main actors Subjects (users, groups of users) who execute operations Operations (in queries or application programs) Objects, on which operations are performed Checking whether a subject may perform an op. on an object Authorization= (subject, op. type, object def.) Defined using GRANT OR REVOKE Centralized: one single user class (admin.) may grant or revoke Decentralized, with op. type GRANT More flexible but recursive revoking process which needs the hierarchy of grants

9 Multilevel Access Control
Different security levels (clearances) Top Secret > Secret > Confidential > Unclassified Access controlled by 2 rules: No read up subject S is allowed to read an object of level L only if level(S) ≥ L Protect data from unauthorized disclosure, e.g. a subject with secret clearance cannot read top secret data No write down: subject S is allowed to write an object of level L only if level(S) ≤ L Protect data from unauthorized change, e.g. a subject with top secret clearance can only write top secret data but not secret data (which could then contain top secret data)

10 Latihan soal Jelaskan konsep fragmentation berdasarkan information requirements dan buat contoh sederhana pada masing approach di bawah ini Primary Horizontal Fragmentation (PHF) Derived Horizontal Fragmentation (DHF)

Download ppt "DATA ACCESS CONTROL, MANAGEMENT DATA AND SECURITY (CIB125) PERTEMUAN 6"

Similar presentations

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.

Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.
Relational Model dww-database system.

Relational Model dww-database system.
Distributed DBMSPage 6. 1© 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database Design.

Distributed DBMSPage 6. 1© 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database Design.
Distributed DBMSPage 7-9. 1© 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.

Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.7/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.

Distributed DBMS © M. T. Özsu & P. Valduriez Ch.7/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Relational Model The main reference of this presentation is the textbook and PPT from : Elmasri & Navathe, Fundamental of Database Systems, 4 th edition,

Relational Model The main reference of this presentation is the textbook and PPT from : Elmasri & Navathe, Fundamental of Database Systems, 4 th edition,
Relational Model Indra Budi Fakultas Ilmu Komputer UI 2 Essentials of Relational Approach The Relational Model of Data is Based on.

Relational Model Indra Budi Fakultas Ilmu Komputer UI 2 Essentials of Relational Approach The Relational Model of Data is Based on.
Access Control Methodologies

Access Control Methodologies
DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.

Slide #5-1 Chapter 5: Confidentiality Policies Overview –What is a confidentiality model Bell-LaPadula Model –General idea –Informal description of rules.
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Distributed Database Design & Semantic Data Control

Distributed Database Design & Semantic Data Control
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.7/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.

Distributed DBMS © M. T. Özsu & P. Valduriez Ch.7/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Similar presentations

Ads by Google