This presentation is the property of its rightful owner.
Sponsored Links
1 / 70

پایگاه داده پیشرفته امنیت Advance Database System Security جناب آقای دکتر محمد حسین ندیمی PowerPoint PPT Presentation


  • 293 Views
  • Uploaded on
  • Presentation posted in: General

پایگاه داده پیشرفته امنیت Advance Database System Security جناب آقای دکتر محمد حسین ندیمی دانشکده مهندسی کامپیوتر دانشگاه آزاد اسلامی واحد نجف آباد. مسئله ی امنیت، جنبه های مختلفی دارد:.

Download Presentation

پایگاه داده پیشرفته امنیت Advance Database System Security جناب آقای دکتر محمد حسین ندیمی

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Advance database system security

Advance Database System

Security

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

:

  • ( )

  • ( (Terminal) )

  • ( )

  • ( )

  • ( (Server) )

  • ( (Recovery Log) )

  • ( )

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

  • ... .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • . ( ) . ( ...).

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • !!

  • .

  • .

  • .

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • (Constraint) .

  • (Declaratively) .

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

DBMS

  • Discretionary

  • Mandatory

  • Role-Based

  • Data Object (Tuple) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • ( ) ( U1 A B u2 B A ). .

  • (Classification Level) (Clearance Level) . . ( U1 A B B A U2 B A ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

. DBMS . DBMS .

:

) ( (Security Constraints) ).

) ( ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Authorization subsystem

Authorization Subsystem

  • . ( ). (Security Subsystem) DBMS (Authorization Subsystem) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • (Source) . ID (ID ).

  • . - .

    (Biometric) :

  • ...

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • () .

  • . ( ). .

  • :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • GRANT .

  • Relvar ON .

  • ( ID ) relvar TO .

    ALL .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Privilege

Privilege

  • (Commalist) RETRIEVE .

  • ( )=>

  • ( ) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • P . Value- Independent

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • LS

  • S . Value- Dependent.

  • ( LS) S# CITY .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • : Giovanni Rome .

  • Fidel . Fidel .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • (Syntax) AUTHORITY WHEN Context Control .

  • EX5 Purchasing ( ) .

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • (Built-In) :

  • OR . ( ) .

  • ) Nancy ) ( ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • . .

  • QUEL .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

:

  • U .

  • U QUEL .

  • P U :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

  • Silent : U ( ).

  • .

  • .

  • .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

    : U P . RETRIEVE Illusion( ) P . . . .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Define permit

DEFINE PERMIT

  • AUTHORITY WHERE ( AT FROM ON WHEN .

    : APPEND REPLACE QUEL INSERT UPDATE .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Audit trail

Audit Trail

  • .

  • .

    : ( ) .

  • .

  • ( ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

:

  • ( ).

  • .

  • .

  • .

  • .

  • ( ).

  • ( ).

    .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

  • ( ) ( ) .

  • ( < < < ) Bell La Padula :

  • i j i j ( ).

  • i j i j ( ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • i i .

  • .

    : (INSERT) i j .

    ( ).

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • 1990 DBMS .

  • : Orange Book Lavender Book TCB .

  • TCB (Trusted Computing Base)

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Orange book lavender book

Orange Book Lavender Book

  • ( ) A B C D .

  • D C B A (Verified Protection) .

  • : C C1 C2 ( C1 C2 ) .

  • C1 .

  • C2 .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • B . B1B2B3 ( B1 B3 ):

  • B1 ( . ). .

  • B2 . . :

    )

    ) .

    3. B3 .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • A .

  • DBMS B1 . C2 .

  • DBMS .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

S

  • . ( = 4 = 3 = 2 ).

  • U3 U2 3() 2() . U3 U2 S . U3 ( S1S2S3S5) U2 (S1 S3) . S4 .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • .

  • . U3 S4 INSERT .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • INSERT U3 S4 . .

  • : {S#} {S#,CLASS} .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

  • (Polyinstantiation) .

  • . INSERT .

    : S4 U4 U3 ( ) U2 ( ) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16) STATISTICAL DATABASE

5-16 ) (Data Encryption)

:

4-16 ) (SQL Facilities) SQL

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

:

:

(Deduction) . (Confidential) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

  • STATES .

  • .

  • U Alf .

  • U Alf .

:

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

( 1) :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

( 2) :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

( 3) :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

B=N/4: 2

N-B : 8=2-10

  • U .

  • .

  • ( 1) B .

  • ( 23) N-B. (N ).

( 1) :

C :

(C >= B) C B .

( 23) :

C :

(C<=N-B) C N-B .

: :

(8C2)(N-BC (B

C (N-B C (B .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

.

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

7

8

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

78 U Alf ( U Alf ).

Alf :

10

9

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

(IndividualTracker) :

U BE I .

:

(individual tracker) Alf Alf .

BE BE1ANDBE2 ( 12)

BE1ANDNOTBE2 I ( 78 - 910)

( C

(N-BC(B .)

:

{ X : BE } = {X : BE1 AND BE2 } = { X : BE1 } MINUS { X : BE1 AND NOT BE2 }

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

(GeneralTracker) :

  • (GeneralTracker) ( ).

  • C

  • (N-2B C (2B

  • (B N/4 ).

  • T NOT ,T .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

:

1 : T :

2 : . T NOT T :

T .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

3: () () BE BEORT BEORNOTT :

4: BE ( 3 2) BE Alf ..

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

5 : T NOT T :

6 : Alf BE OR T BE OR NOT T :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) STATISTICAL DATABASE

7 : Alf ( 5 ) 6 :

778 728 = 50K

:

: T .

: :

( ) ( ) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • :

  • . . . .

  • :

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

:

  • Encryption: ((Plaintext ( (ciphertext .

  • Decryption: (ciphertext) plaintext)) .

  • Symmetricalgorithms : . :DES (Data Encryption Standard)

  • Asymmetricalgorithms : . . : -RSA

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

(Plain Text And Key)

(Encryption Algoritm)

(Cipher Text)

1- ( substitution )

2- (Permutation)

3- DES (Data Encryption Standard)

4- AES( Public Key)

RSA

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • (substitution Method):

  • .

: ( ).

:

  • :

  • : ( + .)

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • : 00 26 (=00 A=01,,Z=26 ).

  • : .

  • : 27 .

  • : .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • (Permutation Method) :

  • . .

:

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • DES: IBM 1977 .

  • 64

  • 64

  • 56 + 8 Parity 256

    .

  • .

  • 16 .

  • .

  • :

  • DES 56 .

  • .

DES Ki .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

  • AES (AdvancedEncryptionStandard):

  • 2000 (AES) Rijndael 128 192 256 .

  • .

  • .

  • :

  • 1- 2-

  • Diffe Hellman .

  • RSA ( Rivest,Shamir,Adleman) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

5-16 ) (Data Encryption)

RSA :

  • 1 : p q r = p*q .

  • : p c . (

  • p B .

  • : e (p-1)*(q-1) (p-1),(q-1) .

  • : d e (p-1)*(q-1) .

  • : c p .

  • : e,r d .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

  • SQL .

  • SQL :

    • (View Mechanism):

    • .

    • (Authorization Subsystem) :

    • .

(Views and Security) :

. . GRANT .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

(Views and Security) :

GRANT .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

(Views and Security) :

SQL CURRENT_USER,CUREENT_DATE,

CURRENT_TIME ... .

.

: ( ) .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

GRANT,REVOKE :

PRIVILEGE :

.

.

: T SELECT,INSERT,DELETE,UPDATE,REFRENCE,TRIGGER T ( .)

OBJECT :

OBJECT TYPE<TYPE NAME>,

TABLE<TABLE NAME>

USER ID COMMALIST :

PUBLIC ( .)

SQL ( ACCOUNTING .)

WITH GRANT OPTION :

.

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

REVOKE :

A B A B . REVOKE .

GRANT OPTION FOR :

.

OPTION :

RESTRICT,CASCADE .

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

4-16 ) (SQL Facilities) SQL

RESTRICT,CASCADE :

P A P B C . A P B c .

REVOKE P C .

REVOKE :

CASCADE : .

RESTRICT: ( REVOKE .)

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


Advance database system security

Advance Database System lectures, Dr. Mohammad HosseinNadimi, Faculty of Computer Engineering, Najafabad Branch, Islamic Azad University


  • Login