1 / 20

Database Security

Database Security. By Bei Yuan. Why do we need DB Security?. Make data arranged and secret Secure other’s DB. Security Issues:. Security Policy Access Control Encryption Internet Security Threat Monitoring (Auditing). Security Policy. Exposures: A form of possible loss of a firm.

cindy
Download Presentation

Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Database Security By Bei Yuan

  2. Why do we need DB Security? • Make data arranged and secret • Secure other’s DB

  3. Security Issues: • Security Policy • Access Control • Encryption • Internet Security • Threat Monitoring (Auditing)

  4. Security Policy • Exposures: A form of possible loss of a firm. • Vulnerabilities: Weakness in an enterprise’s system. • Threats: Specific, potential attack on the enterprise. • Controls: Eliminate threats, vulnerabilities and exposures

  5. A security system is a system.

  6. Access Control ♦ Access Control Models ♦ User Authentication

  7. Access Control Models • Discretionary Access Control (DAC) Model • Mandatory Access Control (MAC) Model • Role-Based Access Control (RABC) Model

  8. Discretionary Access Control • Ownership-based, flexible, most widely used, low assurance • Privileged users: DBA and owners of the tables

  9. Limitations of DAC

  10. Mandatory Access Control • Administration-based • Data flow control rules • High level of security, but less flexible

  11. MAC Policy

  12. Role-Based Access Control • Flexible • Separation of duty • Able to express DAC, MAC, and user-specific policies using role constraints • Easy to incorporated into current tech

  13. User Authentication • Password-Based Authentication • Host-Based Authentication • Third Party-Based Authentication

  14. Encryption • Full Database Encryption • Partial Database Encryption • Off-Line Database Encryption

  15. Full Database Encryption • Limit readability of DB files in the OS • Redundance • Time-consuming in changing encryption key

  16. Off-line Database Encryption A note of caution: Organizations considering this should thoroughly test that data which is encrypted before storage off- line can be decrypted and re-imported successfully before embarking on large-scale encryption of backup data.

  17. Internet Security • Server Security — Static Web Pages — Dynamic Page Generation • Session Security

  18. Session Security • Secret-key Security (Using single key) • Public-key Security (Using two keys) — SSL protocol

  19. Auditing • Audit via the database or operating system • The DBA must be able to log every relevant user action in order to recreate a series of actions. • The series of user actions is called the audit trail.

  20. Conclusion Database security will always be the critical component of every information system. “Security costs. Pay for it, or pay for not having it.”

More Related