Scribd
Upload
318 views11 pages

Chapter 23 Database Security

This document discusses database security and authorization. It covers types of security issues including legal, policy, and system-related issues. It also discusses threats to databases like loss of integrity, availability, and confidentiality. The document describes two types of database security mechanisms: discretionary (flexible) and mandatory (required). It explains the role of database administrators in granting and revoking privileges, and provides syntax examples for doing so in SQL. Finally, it discusses mandatory access control and role-based access control models for multilevel security in databases.

Uploaded by

kirtan71
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
318 views11 pages

Chapter 23 Database Security

This document discusses database security and authorization. It covers types of security issues including legal, policy, and system-related issues. It also discusses threats to databases like loss of integrity, availability, and confidentiality. The document describes two types of database security mechanisms: discretionary (flexible) and mandatory (required). It explains the role of database administrators in granting and revoking privileges, and provides syntax examples for doing so in SQL. Finally, it discusses mandatory access control and role-based access control models for multilevel security in databases.

Uploaded by

kirtan71
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Database Security &

Authorization
Prof. Kirtankumar Rathod
Dept. of Computer Science
ISHLS, Indus University

1
Types of Security Issues:
• Database security includes the following,

• Legal and ethical issues ( right to access certain information)

• Policy issues ( what kind of information should not be made


publicly available)

• System-related issues ( at hardware / OS or DBMS level security


functions required)
2
Threats to Databases:
1. Loss of integrity
 Information must be protected from improper modification
(insert/ delete/ update operation)
2. Loss of availability
 Database objects must be available to user who have legitimate
right.
3. Loss of confidentiality
 Protection of data from unauthorized disclosure.

3
Two types of database security mechanism:
1. Discretionary (Flexible) security mechanisms
 These are used to grant privileges to users to access specific data
files, records or fields in a specified mode.

2. Mandatory (Required) security mechanisms


 These are used to enforce multilevel security by classifying the
data and users into various security classes and then implementing
the appropriate security policy of the organization.

4
Database Security and the DBA:
• The DBA’s responsibilities include granting privileges to users who
need to use the system and classifying users and data in accordance
with the policy of the organization.

• DBA perform following types of actions:


1. Account creation
2. Privilege granting
3. Privilege revocation (cancel)
4. Security level assignment

5
Discretionary Access Control based on
Granting and Revoking Privileges:
• There are two levels for assigning privileges to use the database
system:
1. The account level:
 The DBA specifies the particular privileges that each account
holds independently of the relations in the database.

2. The relation (table) level


 The DBA can control the privileges to access each individual
relation or view in the database.

6
Syntax of Grant and Revoke command in
SQL
• GRANT privilege_name ON object_name
TO {user_name |PUBLIC |role_name}
[WITH GRANT OPTION];

• REVOKE privilege_name ON object_name


FROM {user_name |PUBLIC |role_name}
• Privilege_name : ( ALL, EXECUTE or SELECT )
• Object_name : ( Table name, View name, Procedure name or Sequence)
• User_name : ( user of oracle )
• Public : ( to grant access rights to all users )
• With grant option : allows a user to grant access to other users. 7
Example of granting and revoking privileges
• GRANT SELECT ON TBL_EMP TO KIRTAN;

• GRANT INSERT, UPDATE ON TBL_EMP TO KIRTAN;

• REVOKE UPDATE ON TBL_EMP FROM KIRTAN;

• GRANT ALL PRIVILEGES TO KIRTAN;

• REVOKE ALL PRIVILEGES FROM KIRTAN;


8
Mandatory Access Control & Role-based
Access Control for Multilevel Security
• Most of the commercial DBMS currently providing only discretionary
access control. The multilevel security exists in government, military,
and intelligent applications.
• Security classes are (TS, S, C and U)
High Top Secret
Secret
Confidential
Low Unclassified

9
Mandatory Access Control & Role-based
Access Control for Multilevel Security
• Bell-LaPadula model is used for multilevel security.
• This model classifies each subject (user, account, program) and object
(relation, tuple, column, view, operation) into one of the security classes.

• Two restrictions are enforced on data access based on the subject/object


classification:
1. A subject S is not allowed read access to an object O unless class(S) >= class(O).
This is known as the simple security property.
2. A subject S is not allowed to write an object O unless class(S) <= class (O). This
is known as the star property.

10
Example of multi-level relation:

11

You might also like