Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDBMS Security - Bakul Gada.

Published byDwayne Jefferson Modified over 9 years ago

Similar presentations

Presentation on theme: "DDBMS Security - Bakul Gada."— Presentation transcript:

1 DDBMS Security - Bakul Gada

2 Overview Introduction to Database Security
Security Issues in centralized databases Security issues in Distributed Databases

3 Introduction Data security Two aspects
Protect data against unauthorized access. Two aspects Data protection. Authorization Control.

4 Aspects of Data security
Data Protection Can be achieved using data encryption techniques. Authorization Control It ensures that only authorized users perform, operations that they are allowed to perform on the database. Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

5 Authorization Control
It includes two main issues Access control Unauthorized Access to data should not be allowed. Integrity Only authorized users should be allowed to modify data in the database.

6 Centralized Authorization Control
Allowing a user to do a particular operation on the subsets of database. In RDBMS these subsets can be defined using Views. Views allow limited access to database

7 Methods of Authorization Control
Discretionary Access Control Based on privileges or access rights Mandatory Access control Based on policies that can’t be changed by individual users Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

8 Discretionary Access Control
This can be implemented at two levels Account Level Set privileges for each account on different relations Relation Level Set privileges to access each individual relation or view Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

9 GRANT and REVOKE commands
SQL supports discretionary access control through grant and revoke commands. Syntax for GRANT and REVOKE commands GRANT < operation type(s)> ON <object> TO <user(s)> REVOKE < operation type(s)> ON <object> TO <user(s)> Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

10 Mandatory Access Control
Users classified based on security classes Top Secret (TS) Secret (S) Confidential (C) Unclassified (U)

11 Bell –LaPadula Model Most Popular Model for multilevel security.
Two restrictions are enforced on data access based on subject/object classification. A subject S is not allowed to read an object O unless class(S)  class(O) A subject S is not allowed to write an object O unless class(S)  class(O) Reference: Bell D.E and LaPadula L.J., "Secure Computer Systems: Unified Exposition and Multics Interpretation", THE MITRE Corporation, July 1975.

12 Authorization Control in Distributed Environment.
More Complex. Remote User Authentication Management of distributed authorization rules Handling of Views and User Groups Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

13 Solution Information for authenticating users is replicated at all sites. All sites of the DDBMS identify & authenticate themselves similarly to the way users do.

14 Integrity How to guarantee database consistency ?
A database is said to be consistent if it satisfies the set of integrity constraints. Concurrency control techniques Locking Technique Timestamp Ordering Multiversion Concurrency Control Validation Concurrency Control Ref: Fundamentals of Database Systems - Elmasri & Navathe (3rd ed)

15 Integrity in Distributed Databases
Concurrency Control techniques need to be employed in Distributed databases. Two general classes Pessimistic Concurrency Control Optimistic Concurrency Control

16 Summary Security issues in Distributed Databases are more complex as compared to Centralized Databases. But they can be taken care of through careful study. Future Right now, RDBMS is a better choice for distributed applications. OODBMSs are much more difficult to implement in a distributed environment. Steps are being taken to do the same.

Download ppt "DDBMS Security - Bakul Gada."

Similar presentations

Operating System Security

Operating System Security
1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.

1 cs691 chow C. Edward Chow Confidentiality Policy CS691 – Chapter 5 of Matt Bishop.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Access Control Methodologies

Access Control Methodologies
Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.

Copyright © 2004 Pearson Education, Inc.. Chapter 23 Database Security and Authorization.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Distributed DBMSPage 10-12. 1© 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.

Distributed DBMSPage © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture Distributed Database.
Distributed DBMSPage 5. 1 © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture  Distributed Database.

Distributed DBMSPage 5. 1 © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture  Distributed Database.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.

IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.

DBSQL 7-1 Copyright © Genetic Computer School 2009 Chapter 7 Transaction Management, Database Security and Recovery.

Similar presentations

Ads by Google