Database Security

1 of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

2/ 9

2 of 19
 What is Database Security
Database security means protection of a database against
unauthorized access, either intentional or unintentional
Database security requires the mechanisms, that protect a database
against the intentional or accidental threats
Such mechanisms affect the hardware, software, people, and data
components of a database management system
Database security protects against:
Theft and fraud,
Loss of confidentiality
Loss of privacy
Loss of integrity
Loss of availability

3/ 9

3of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

TOP

4 of 19
 Threats
A threat is any situation or event, whether intentional or accidental, that
may adversely affect a system
Sample threats
Unauthorized amendment or copying of data
Using another person's means of access
Program alteration
Wire tapping
Illegal entry by hacker
Blackmail
Theft
Failure of security mechanisms
And the others …

5 of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

7/ 9

6 of 19
 Countermeasures
Countermeasures range from the physical controls to the administrative
controls
Security of Database Management System (DBMS) is as good as security
of an operating system running DBMS
We consider the following computer-based security controls in a
multiuser environment
Authorization and authentication
Encryption
Views
Backup and recovery
Integrity

7/ 9

7 of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

TOP 8/ 9

8 of 19
 Authorization and authentication
Authorization means granting a right or a privilege to have a legitimate
access to a system or the resources operated by a system
Authorization is usually built into the software and it determines what
system or object a user can access and what a user is allowed to do with
it
In a process of authorization subject representing a user or a program
requests and obtains access to an object, that represent relational table,
relational view, etc
A process of authorization requires authentication of a subject

9 of 19
 Authorization and authentication
Authentication is a mechanism, that determines whether a user is who
he or she claims to be
A system administrator is responsible for allowing the users to have
access to a computer system by creating the individual user accounts
When an account is created a user is given a unique identifier and a user
picks a password associated with the identifier
To reduce the total number of user names and passwords it is possible
to authenticate user's access to a database system through earlier
authentication of access to an operating system
Such solution is not as safe as two separate passwords and it is
consistent with a principle saying, that simplification of data access
always reduces data security

0/ 9

10 of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

TOP 0/ 9

11 of 19
 Access Control
A typical way to control access to a database system is based on
granting and revoking privileges
A privilege allows a user to creat , to drop, or to access in read write
mode some database objects like relational tables, relational views,
index, etc or to perform certain operations
The privileges are granted to a user to accomplish their task
The excessive privileges can compromise security
A user who creates a database object becomes an owner of the object
and he/she automatically gets all privileges on the object
DBMS keeps track of all granted privileges to ensure that only selected
user can access and can perform operations on the database objects

2/ 9

12 of 19
 Access Control
There are four different strategies of access control:
Discretionary Access Control (DAC)
Role Based Access Control (RBAC)
Attribute Based Access Control (ABAC)
Mandatory Access Control (MAC)

3/ 9

13 of 19
 Database Security
Outline

What is Database Security ?

Threats
Countermeasures
Authorization and authentication
Access Control
Encryption

TOP 7/ 9

18 of 19
 Encryption
Encryption of data means encoding of data by a special algorithm, that
renders the data unreadable by any program without the decryption key
Sensitive data can be encoded to protect it against external threats or

Some DBMS provide special facilities to encrypt data and to access

encrypted data after decoding it
Usually there is a degradation in performance because of time needed
to decode data
A typical cryptosystem includes:
An encryption key to encrypt data (plaintext)
An encryption algorithm that with the encryption key transfroms plaintext into
ciphertext
A decryption key to decrypt the ciphertext
A decryption algorithm to use decryption key with cipher text and to create the
original plaintext

8/ 9

18 of 19