Professional Documents
Culture Documents
Chapter Four
Chapter Four
Database Security
data correctness,
update integrity
inference and
aggregation
Cryptography sealed
2 filtered
Introduction to Databases
Database is a collection of related data and a set of rules that
data.
The data items are stored in a file, but the precise physical format
organize the data and also controls who should have access to
what part of the data.
The user interacts with the database through a program called a
3
database manager or database management system (DBMS),
Concepts and Terminologies
1. Record:- the database file consists of records, each of which
contains one related group of data.
Each record contains fields or elements, the elementary data
items themselves.
The database can be viewed as a two-dimensional table, where a
called subschema.
4
Schema and subschema can be used to present to users only those
Contd.
3. Attribute:- the rules of a database identify the columns with
names, these names of each column are called attributes of the
database.
4. Relation:- is a set of columns.
The relation specifies clusters of related data values, in much the
r relation name in R
t(ID)= R/0101/04
t(Department)= BIS
7
Query Languages
8
Advantages of using databases
1. Shared Access:- Many users can share and use one common,
centralized set of data.
7. Availability:- Users can access the database in general and all the
11
Integrity of the Database
If a database is to serve as a central repository of data, users must
Authorized users are responsible for entering correct data into the
database.
Users and programs can make mistakes collecting data, computing
they are made and to correct errors after they are inserted.
The corrective action can be done in three ways:
1. The DBMS can apply field check, activities that test for
appropriate values in a position.
14
Contd.
3. Maintaining changing log files for the database:- A change log
Using this log a database administrator can undo any change that
15
Auditability
For some applications it may be desirable to generate an audit record
inference.
17
It is possible to access data by inference without needing direct
Contd.
Restricting inference may mean prohibiting certain paths to prevent
possible inferences.
Restricting access to control inference also limits queries from
database objects.
An access control list of several hundred files is much more easier to
For example, a DBMS might insist that a user pass both specific
operating system.
The DBMS runs as an application program on top of the operating
system.
This system design means there is no trusted path from the DBMS to
three dimensions:
unauthorized users.
improper values
Constraint conditions can also detect incorrect values.
22
Two-Phase Update
A serious problem for a database manager is the failure of the computing
If the data item to be modified was a long field, half of the field might
show the new value, while the other half would contain the old value.
Solution
1. The first phase, intent phase, the DBMS gathers the resources it needs
because all these steps can be restarted and repeated after the system
resumes processing.
The last event of the first phase, called committing, involves the
writing of commit flag to the database.
The commit flag means that the DBMS has passed the point of no
return.
After committing, the DBMS begins making the permanent changes.
Assignment].
database.
25
Each time a data item is placed in the database and/or retrieved from
Contd.
Some of these codes point out the place of the errors, others show
The more information provided the more space required to store the
codes
Shadow Fields
copy and all later changes are then applied from the audit log.
27
Concurrency/Consistency
Database systems are often multiuser systems.
If two users try attempt to read the same data item, there is no
this may lead to conflict, because the value written one user may
depend on the previous value of the data item.
Solution
The DBMS treats the entire query-update cycle as a single atomic
28
operation.
Contd.
Read-Write problem
read it.
If the read is done while the write is in progress, the reader may
Solution
The DBMS locks any read request until a write has been
completed.
29
Monitors
The monitor is the unit of a DBMS responsible for the structural
a numeric field.
30
Range Comparisons
The range comparison monitor tests each new value to ensure that
If the data value is outside the range, it is rejected and not entered
of a database.
31 elements
State Constraints
State constraints describe the condition of the entire database.
The commit flag, which is set at the start of the commit phase
32
Transaction Constraints
Transaction constraint describe conditions necessary before the
“vacant”
totally sensitive.
34 The most difficult problem is, the case in which some but not all
Factors which Make Data Sensitive
1. Inherently Sensitive:- The value itself may be so revealing that it is
sensitive.
2. From a Sensitive Source:- The source of a data may indicate a need
for confidentiality.
Information from an informer whose identity would be compromised
if the information were disclosed.
3. Declared Sensitive:- the database administrator or the owner of the
data may have declared the data to be sensitive.
4. Part of a Sensitive attribute or a Sensitive record:- in a database,
an entire attribute or record may be classified as sensitive.
5. Sensitive in relation to previously disclosed information:- Some
35 data become sensitive in the presence of other data.
DBMS considers the following factors when dealing with Access Decision
1. Availability of Data
2. Acceptability of Access
3. Assurance of Authenticity
36
Types of disclosures
1. Exact data
2. Range of data
3. Negative results
4. Existence
5. Probable values
37
Access control
Operating system
Database Management System
Granularity!
38
Granularity
Database
Relation
Record
Attribute
Advantages vs. disadvantages
of supporting
Element
different granularity levels
39
Relation-Level Granularity
(Works)= Secret
Person- Company- Salary
name name
Smith BB&C $43,982
40
Tuple-level Granularity
Works
Person- Company- Salary
name name
Smith BB&C $43,982 P
41
Attribute-Level Granularity
Works
Person- Company- Salary
name =P name =P =S
Smith BB&C $43,982
42
Cell-Level Granularity
Works
Person- Company- Salary
name name
Smith P BB&C P $43,982 S
43
Access Control
Security Mechanisms
through Views
Stored Procedures
Grant and Revoke
Query modification
44
Security Through Views
Assign rights to access predefined views
CREATE VIEW Outstanding-Student
AS SELECT NAME, COURSE, GRADE
FROM Student
WHERE GRADE > B
Problem:
Difficult to maintain updates.
45
Security Through Views
Student relation
46
Security Through Views
CREATE VIEW Outstanding-Student
AS SELECT NAME, COURSE, GRADE
FROM Student
WHERE GRADE > B
Outstanding-Student
47
Security Through Views
CREATE VIEW Fall-Student
AS SELECT NAME, COURSE
FROM Student
WHERE SEMESTER=“Fall 2000”
NAME COURSE
Fall-Student
White CSCE 122
Black CSCE 313
Green CSCE 850
Blue CSCE 122
48
Stored Procedures
Assign rights to execute compiled programs
GRANT RUN ON <program> TO <user>
Problem:
Programs may access resources for which the user
who runs the program does not have permission.
49
Grant and
GRANT Revoke
<privilege> ON <relation>
To <user>
[WITH GRANT OPTION]
------------------------------------------------------------------------------------------------------------------------------------
50
Grant and Revoke
REVOKE <privileges> [ON <relation>]
FROM <user>
-------------------------------------------------------------------------------------------------------------------------
REVOKE SELECT* ON Student FROM Blue
REVOKE UPDATE ON Student FROM Black
REVOKE SELECT(NAME) ON Student FROM Brown
51
Query Modification
GRANT SELECT(NAME) ON Student TO Blue WHERE
COURSE=“CSCE 590”
Blue’s query:
SELECT *
FROM Student
Modified query:
SELECT NAME
FROM Student
WHERE COURSE=“CSCE 580”
52