DDBMS Security - Bakul Gada
Overview Introduction to Database Security Issues in centralized databases Security issues in Distributed Databases
Introduction l Data security – l Protect data against unauthorized access. Two aspects – – Data protection. Authorization Control.
Aspects of Data security l Data Protection – l Can be achieved using data encryption techniques. Authorization Control – It ensures that only authorized users perform, operations that they are allowed to perform on the database. Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Authorization Control l It includes two main issues – Access control l – Unauthorized Access to data should not be allowed. Integrity l Only authorized users should be allowed to modify data in the database.
Centralized Authorization Control l Allowing a user to do a particular operation on the subsets of database. l In RDBMS these subsets can be defined using Views. – Views allow limited access to database
Methods of Authorization Control l Discretionary Access Control – l Based on privileges or access rights Mandatory Access control – Based on policies that can’t be changed by individual users Reference: Database Management Systems - R. Ramakrishnan / J Gehrke (2 nd ed. )
Discretionary Access Control l This can be implemented at two levels – Account Level l – Set privileges for each account on different relations Relation Level l Set privileges to access each individual relation or view Reference: Database Management Systems - R. Ramakrishnan / J Gehrke (2 nd ed. )
GRANT and REVOKE commands l SQL supports discretionary access control through grant and revoke commands. – Syntax for GRANT and REVOKE commands l GRANT < operation type(s)> ON <object> TO <user(s)> l REVOKE < operation type(s)> ON <object> TO <user(s)> Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Mandatory Access Control l Users classified based on security classes – – Top Secret (TS) Secret (S) Confidential (C) Unclassified (U)
Bell –La. Padula Model l l Most Popular Model for multilevel security. Two restrictions are enforced on data access based on subject/object classification. – – A subject S is not allowed to read an object O unless class(S) class(O) A subject S is not allowed to write an object O unless class(S) class(O) Reference: Bell D. E and La. Padula L. J. , "Secure Computer Systems: Unified Exposition and Multics Interpretation", THE MITRE Corporation, July 1975.
Authorization Control in Distributed Environment. l l More Complex. Remote User Authentication Management of distributed authorization rules Handling of Views and User Groups Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez
Solution l Information for authenticating users is replicated at all sites. l All sites of the DDBMS identify & authenticate themselves similarly to the way users do.
Integrity l l l How to guarantee database consistency ? A database is said to be consistent if it satisfies the set of integrity constraints. Concurrency control techniques – – Locking Technique Timestamp Ordering Multiversion Concurrency Control Validation Concurrency Control Ref: Fundamentals of Database Systems - Elmasri & Navathe (3 rd ed)
Integrity in Distributed Databases l Concurrency Control techniques need to be employed in Distributed databases. l Two general classes – – Pessimistic Concurrency Control Optimistic Concurrency Control
l l Summary Security issues in Distributed Databases are more complex as compared to Centralized Databases. But they can be taken care of through careful study. Future Right now, RDBMS is a better choice for distributed applications. OODBMSs are much more difficult to implement in a distributed environment. Steps are being taken to do the same.
Скачать презентацию DDBMS Security — Bakul Gada Overview Introduction
3cabd83113e4b5e6fa638e599a610bde.ppt