DDBMS Security - PowerPoint PPT Presentation

About This Presentation
Title:

DDBMS Security

Description:

Allowing a user to do a particular operation on the subsets of database. ... Bell LaPadula Model. Most Popular Model for multilevel security. ... – PowerPoint PPT presentation

Number of Views:451
Avg rating:3.0/5.0
Slides: 17
Provided by: ameya
Category:

less

Transcript and Presenter's Notes

Title: DDBMS Security


1
DDBMS Security
  • - Bakul Gada

2
Overview
  • Introduction to Database Security
  • Security Issues in centralized databases
  • Security issues in Distributed Databases

3
Introduction
  • Data security
  • Protect data against unauthorized access.
  • Two aspects
  • Data protection.
  • Authorization Control.

4
Aspects of Data security
  • Data Protection
  • Can be achieved using data encryption techniques.
  • Authorization Control
  • It ensures that only authorized users perform,
    operations that they are allowed to perform on
    the database.
  • Reference Principles of Distributed Database
    Systems
  • M. Tamer Ozsu Patrick Valduriez

5
Authorization Control
  • It includes two main issues
  • Access control
  • Unauthorized Access to data should not be
    allowed.
  • Integrity
  • Only authorized users should be allowed to modify
    data in the database.

6
Centralized Authorization Control
  • Allowing a user to do a particular operation on
    the subsets of database.
  • In RDBMS these subsets can be defined using
    Views.
  • Views allow limited access to database

7
Methods of Authorization Control
  • Discretionary Access Control
  • Based on privileges or access rights
  • Mandatory Access control
  • Based on policies that cant be changed by
    individual users
  • Reference Database Management Systems -
    R.Ramakrishnan /
  • J Gehrke (2nd ed.)

8
Discretionary Access Control
  • This can be implemented at two levels
  • Account Level
  • Set privileges for each account on different
    relations
  • Relation Level
  • Set privileges to access each individual relation
    or view
  • Reference Database Management Systems -
    R.Ramakrishnan /
  • J Gehrke (2nd ed.)

9
GRANT and REVOKE commands
  • SQL supports discretionary access control through
    grant and revoke commands.
  • Syntax for GRANT and REVOKE commands
  • GRANT lt operation type(s)gt ON ltobjectgt TO
    ltuser(s)gt
  • REVOKE lt operation type(s)gt ON ltobjectgt TO
    ltuser(s)gt
  • Reference Principles of Distributed Database
    Systems
  • M. Tamer Ozsu Patrick Valduriez

10
Mandatory Access Control
  • Users classified based on security classes
  • Top Secret (TS)
  • Secret (S)
  • Confidential (C)
  • Unclassified (U)

11
Bell LaPadula Model
  • Most Popular Model for multilevel security.
  • Two restrictions are enforced on data access
    based on subject/object classification.
  • A subject S is not allowed to read an object O
    unless class(S) ? class(O)
  • A subject S is not allowed to write an object O
    unless class(S) ? class(O)
  • Reference Bell D.E and LaPadula L.J., "Secure
    Computer Systems Unified Exposition and Multics
    Interpretation", THE MITRE Corporation, July 1975.

12
Authorization Control in Distributed Environment.
  • More Complex.
  • Remote User Authentication
  • Management of distributed authorization rules
  • Handling of Views and User Groups
  • Reference Principles of Distributed Database
    Systems
  • M. Tamer Ozsu Patrick Valduriez

13
Solution
  • Information for authenticating users is
    replicated at all sites.
  • All sites of the DDBMS identify authenticate
    themselves similarly to the way users do.

14
Integrity
  • How to guarantee database consistency ?
  • A database is said to be consistent if it
    satisfies the set of integrity constraints.
  • Concurrency control techniques
  • Locking Technique
  • Timestamp Ordering
  • Multiversion Concurrency Control
  • Validation Concurrency Control
  • Ref Fundamentals of Database Systems - Elmasri
    Navathe (3rd ed)

15
Integrity in Distributed Databases
  • Concurrency Control techniques need to be
    employed in Distributed databases.
  • Two general classes
  • Pessimistic Concurrency Control
  • Optimistic Concurrency Control

16
  • Summary
  • Security issues in Distributed Databases are
    more complex as compared to Centralized
    Databases. But they can be taken care of through
    careful study.
  • Future
  • Right now, RDBMS is a better choice for
    distributed applications. OODBMSs are much more
    difficult to implement in a distributed
    environment. Steps are being taken to do the same.
Write a Comment
User Comments (0)
About PowerShow.com