The terms security and integrity are frequently heard together in database context, though the two concepts actually quite distinct Security refers to the protection of data against unauthorized disclosure, alteration, or destruction; integrity reefers to the accuracy of validity of data. In other words:
Security involves ensuring that users are allowed to do the things they are trying to do; integrity involves ensuring that the things they are trying to do are correct.
Two main approaches
As pointed out, the purpose of database security is to make sure that only an authorized person can access authorized data objects through a set of authorized operations. There are many access control methods available to implement database security. They are generally classified into two main approaches, depending on the type of object (user or data). Through which the access control is exercised, the two approaches are.
Discretionary access control
Here a given user will typically have different access rights (also known as privileges or authorities) on different objects; further different users will typically have different rights on the same object. There are various methods in this group, different in styles but the same in their approach.
Security Rules
This deals with a set up of security rules for the systems. In this approach, the components for defining access control generally include the following.
Mandatory Access Control
Mandatory controls are applicable to databases in which data has a static and rigid classification structure. As tends to be the case in military or government environments. Here the basic idea is that each data object has a classification level j (Top secret, secret, confidential etc) and each user has clearance level i the simple rules are then imposed that:
User i can see object j only if the clearance level of i is greater than or equal to the classification level of j. User i can modify object j only if the clearance level if i is equal to the classification level of j.
Threats of loss or abuse of data
Computer Virus
A computer virus is a hidden computer application that causes the loss of data or unexpected behavior of other applications.
Problems caused by computer viruses:
Hacking
This is where an external individual gains access to an internal computer system illegally through a network connection.
Problems caused by hackers:
Cracking
A type of illegal access to encrypted files. A cracker will usually attempt to identify the encryption pattern and then decrypt it using a cracking software application or self coding.
Intercepting data during transmission (sniffing)
A type of illegal access to data where an unauthorized 3rd party gains access to a data conversation between 2 or more other parties. The illegal user could then view and copy the conversation or join in and provide dummy data.
Methods of data security
Passwords
A password is a confidential code which is considered to be only known by an authorized. users. Entering the correct code enables the user to access the system/application/data file where as an incorrect code would result in the denial of access to the user.
Example
P.W :john is hidden and shown as P.W : ****
Password types
User access levels
A situation where different users have different access/modify privileges to the system. Each user is identified by a particular user name, a corresponding password and a user access type. lf a correct combination is selected the user is granted access to the specific view.
Encryption ( Cryptography)
A technique used to protect data files. It involves taking a data file and using a special encryption algorithm to convert the file into a meaningless set of data. The file could only be restored to its original meaningful form by the use of the corresponding decryption algorithm. Encryption is usually used to protect data files during file transmission.
Firewall
A firewall is a piece of software (in some instances supported by hardware devices) which filters the flow of information which enters and leaves a network. A firewall could be used to detect and block illegal access from external individuals such a computer hackers.
Antivirus Software
Antivirus software are software applications which check data and application files for virus
coding and i{ detected helps to clean infected files.
Examples:
Authentication
A technique used to confirm the identity of a unknown party prior to the transmission of data between them. The technique is usually associated with the use of digital signatures and involves the confirmation from the certification authority.
Multiple backups
A technique used to facilitate retrieval in the case of accidental or intentional loss of data. It involves storing more than a single copy of data in separate locations. If one file is lost another copy could be restored and used. Backups are usually stored in separate locations or on private data house networks.
Physical measures
Keeping original and copies of data files in safe boxes or using lock and key measures or lockable doors in data storage areas.
Security involves ensuring that users are allowed to do the things they are trying to do; integrity involves ensuring that the things they are trying to do are correct.
Two main approaches
As pointed out, the purpose of database security is to make sure that only an authorized person can access authorized data objects through a set of authorized operations. There are many access control methods available to implement database security. They are generally classified into two main approaches, depending on the type of object (user or data). Through which the access control is exercised, the two approaches are.
Discretionary access control
Here a given user will typically have different access rights (also known as privileges or authorities) on different objects; further different users will typically have different rights on the same object. There are various methods in this group, different in styles but the same in their approach.
Security Rules
This deals with a set up of security rules for the systems. In this approach, the components for defining access control generally include the following.
- Name: Name of the rule under which rule is registered in the system catalog
- Privilege: This specifies which operations are permitted using GRANT clause. Typical operations are INSERT, UPDATE, DELETE. and RETRIEVE.
- Scope: This specifies where the rule applies using ON clause (for example some subset of a relation. or some tuple.
- User: This specifies who is to be granted the specified access right using a 'to' clause. Violation
- Response: This specifies the action to be taken in the event of access violation
Eg: Create security Rule SR3
GRANT RETRIVE (Sno#, Sname, SCity), DELETE
ON Supplier where supplier. City <>'London'
To Fred, Anne
ON Attempted violation Reject
Mandatory Access Control
Mandatory controls are applicable to databases in which data has a static and rigid classification structure. As tends to be the case in military or government environments. Here the basic idea is that each data object has a classification level j (Top secret, secret, confidential etc) and each user has clearance level i the simple rules are then imposed that:
User i can see object j only if the clearance level of i is greater than or equal to the classification level of j. User i can modify object j only if the clearance level if i is equal to the classification level of j.
Threats of loss or abuse of data
- Viruses that destroy or modify data items.
- Hacking into database systems.
- Cracking of encrypted files.
- Intercepting of data over networks (during transmission)
- Attempted blackmail or misuse of stolen data.
Computer Virus
A computer virus is a hidden computer application that causes the loss of data or unexpected behavior of other applications.
Problems caused by computer viruses:
- loss of data
- file duplication
- transfer of data
- modifying file structures
- filling memory blocks
Hacking
This is where an external individual gains access to an internal computer system illegally through a network connection.
Problems caused by hackers:
- Illegal access (viewing) of confidential data.
- Copying, modifying or transferring data files.
- Leaving behind hidden applications.
Cracking
A type of illegal access to encrypted files. A cracker will usually attempt to identify the encryption pattern and then decrypt it using a cracking software application or self coding.
Intercepting data during transmission (sniffing)
A type of illegal access to data where an unauthorized 3rd party gains access to a data conversation between 2 or more other parties. The illegal user could then view and copy the conversation or join in and provide dummy data.
Methods of data security
- Passwords
- User access levels
- Encryption
- Authentication during data communication
- Multiple backups
- Antivirus software
- Physical measures
- Firewall
Passwords
A password is a confidential code which is considered to be only known by an authorized. users. Entering the correct code enables the user to access the system/application/data file where as an incorrect code would result in the denial of access to the user.
Example
P.W :john is hidden and shown as P.W : ****
Password types
- Operating System - to access the system.
- Software Application - to access the program.
- Database file - to access the database file
- User interface - to access the users view.
- Network - to access network resources.
User access levels
A situation where different users have different access/modify privileges to the system. Each user is identified by a particular user name, a corresponding password and a user access type. lf a correct combination is selected the user is granted access to the specific view.
Example:
User Name : JUSTIN Password : GodBlessYou
Access type : Administrator
Encryption ( Cryptography)
A technique used to protect data files. It involves taking a data file and using a special encryption algorithm to convert the file into a meaningless set of data. The file could only be restored to its original meaningful form by the use of the corresponding decryption algorithm. Encryption is usually used to protect data files during file transmission.
Firewall
A firewall is a piece of software (in some instances supported by hardware devices) which filters the flow of information which enters and leaves a network. A firewall could be used to detect and block illegal access from external individuals such a computer hackers.
Antivirus Software
Antivirus software are software applications which check data and application files for virus
coding and i{ detected helps to clean infected files.
Examples:
- Nortan Antivirus
- KasperSky
- Nod Eset
- AVG
Authentication
A technique used to confirm the identity of a unknown party prior to the transmission of data between them. The technique is usually associated with the use of digital signatures and involves the confirmation from the certification authority.
Multiple backups
A technique used to facilitate retrieval in the case of accidental or intentional loss of data. It involves storing more than a single copy of data in separate locations. If one file is lost another copy could be restored and used. Backups are usually stored in separate locations or on private data house networks.
Physical measures
Keeping original and copies of data files in safe boxes or using lock and key measures or lockable doors in data storage areas.
No comments:
Post a Comment