Database Security. Sarajane Marques Peres, Ph.D. University of São Paulo
|
|
- Garry Daniels
- 8 years ago
- Views:
Transcription
1 Database Security Sarajane Marques Peres, Ph.D. University of São Paulo Based on Elsmari x Navathe / Silberschatz, Korth, Sudarshan s books
2
3 Types of security Legal and ethical issues regarding the right to access certain informalon. Some informalon may be private and cannot be accessed legally by unauthorized organizalons or persons. Policy issues at the governmental, insltulonal, or corporate level. Credit ralngs or personal medical records. System- related issues such as the system levels at which various security funclons should be enforce. A security funclon should be handled at the physical hardware level, or OS level or DBMS level. The need in some organiza8ons to idenlfy mullple security level and to categorize the data and users based on these classificalons: Top secret, secret, confidenlal, and unclassified
4 Threats to databases Integrity: the requirement that informalon be protected from improper modificalon. Loss of integrity: unauthorized changes, by either intenlonal or accidental acts. Availability: making objects available to a human user or a program to which they have a legilmate right. Confiden8ality: the proteclon of data from unauthorized disclosure.
5 Control measures Three important factors need to be considered before deciding whether it is safe to reveal the data: Data availability: If a user is updalng a field, then this field becomes inaccessible and other users should not be able to view this data (concurrency control). Access acceptability: Data should only be revealed to authorized users. Be careful: data can reveal informalon Authen8city assurance: Before granlng access, certain external characterislcs about the user may also be considered (working hours). The system may track previous queries to ensure that a combinalon of queries does not reveal sensilve data.
6 Control measures System log Recovery purposes Id transac8ons Start / commit transac8ons Read / write opera8ons Old / new values of data Audit purposes Id user Log in / log out 8me Id computer / device
7 Control measures Sensi8vity of data is a measure of the importance assigned to the data by its owner for the purpose of denolng its needs for proteclon. SensiLve data: Inherently sensilve: person s salary or that a palent has HIV/AIDS From a sensilve source: an informer whose idenlty must be kept secret. Declared sensilve A sensilve azribute or sensilve record: the salary azribute of an employee SensiLve in relalon to previously disclosed data: the exact laltude and longitude informalon for a localon where some previously recorded event happened that was later deemed sensilve.
8 Control measures Access control: Prevent unauthorized persons from accessing the system itself, either to obtain informalon or to make malicious changes. User accounts and passwords to control the login process. The DBA has a DBA account (a superuser accout), which provides powerful capabililes that are not made available to regular database accounts and users, including commands for granlng and revoking privileges to individual accounts, users, or user groups. AcLons: account crea8on, privilege gran8ng, privilege revoca8on, security level assignment.
9 Control measures DiscreLonary Access Control: based on the granlng and revoking of privileges Level: Account level: the DBA specifies the parlcular privileges that each account holds. Create schema; create table/view; alter table/view; drop table/view; modify (tuples); select (query). Rela8on level: the DBA can control the privilege to access each individual relalon or view in the database. access matrix model, where the rows of a matrix M represent subjects (users, programs) and the columns represent objects (relalons, records, columns, views, operalons); each posilon M(i, j) in the matrix represents the types of privileges (read, write, update) that subject i holds on object j. It is possible to use VIEWS in order to specify some kind of privilege!
10 The example Considering four accounts: A1, A2, A3 e A4 GRANT CREATETAB TO A1; % A1 is able to create base rela8ons CREATE SCHEMA EXAMPLE AUTHORIZATION A1; % the same effect A1 creates the relalons EMPLOYEE and DEPARTMENT. He is the owner.
11 The example A1 GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2; % A2 was given the privilege to insert and delete tuples in both of these rela8ons. % A1 does not want A2 to be able to propagate these privileges to addi8onal accounts GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRAND OPTION; % A1 wants to allow account A3 to retrieve informa8on from either of the two tables and also to be able to propagate the SELECT privilege to other accounts.
12 The example A3 GRANT SELECT ON EMPLOYEE TO A4; A1 REVOKE SELECT ON EMPLOYEE FROM A3;
13 The example A3 GRANT SELECT ON EMPLOYEE TO A4; A1 REVOKE SELECT ON EMPLOYEE FROM A3; The DBMS must now revoke the SELECT privilege on EMPLOYEE from A3, and it must also automalcally revoke the SELECT privilege on EMPLOYEE from A4.
14 The example A1 CREATE VIEW A3EMPLOYEE AS SELECT Name, Bdate, Address FROM EMPLOYEE WHERE Dno = 5; GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION; GRANT UPDATE ON EMPLOYEE (Salary) TO A4;
15 Control measures Role- Based Access Control Privileges and other permissions are associated with organizalonal roles, rather than individual users. Individual users are then assigned to appropriate roles. GRANT ROLE full- Lme TO employee_type1 GRANT ROLE intern TO employee_type2
16 Control measures StaLsLcal Database Security StaLsLcal databases are used mainly to produce stalslcs about various populalons. The database may contain confidenlal data about individuals, which should be protected from user access. However, users are permized to retrieve stalslcal informalon about the populalons, such as averages, sums, counts, maximums, minimums, and standard devialons.
17 Control measures StaLsLcal Database Security we may want to retrieve the number of individuals in a populalon or the average income in the populalon. stalslcal users are not allowed to retrieve individual data, such as the income of a specific person. Sta8s8cal queries: queries that involve stalslcal aggregate funclons such as COUNT, SUM, MIN, MAX, AVERAGE, and STANDARD DEVIATION.
18 An inference StaLsLcal Database Security It is possible to infer the values of individual tuples from a sequence of stalslcal queries. Consider the following stalslcal queries
19 An inference Suppose the following condilon for Q1: Last_degree= Ph.D. AND Sex= F AND City= Bellaire AND State= Texas If we get a result of 1 for this query, we can issue Q2 with the same condilon and find the Salary of Jane Smith. Even if the result of Q1 on the preceding condilon is not 1 but is a small number say 2 or 3 we can issue stalslcal queries using the funclons MAX, MIN, and AVERAGE to idenlfy the possible range of values for the Salary of Jane Smith.
20 Control measures StaLsLcal Database Security This is why no stalslcal queries are permized whenever the number of tuples in the populalon specified by the seleclon condilon falls below some threshold. it is prohibited sequences of queries that refer repeatedly to the same populalon of tuples. it is recommended to introduce slight inaccuracies or noise into the results of stalslcal queries deliberately, to make it difficult to deduce individual informalon from the results.
21 SQL InjecLon In an SQL InjecLon azack, the azacker injects a string input through the applicalon, which changes or manipulates the SQL statement to the azacker s advantage. Types SQL ManipulaLon Code InjecLon FuncLon Call InjecLon
22 SQL InjecLon SQL ManipulaLon AlternaLva (usar parametrização)
23 SQL InjecLon
24 SQL InjecLon The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed.
25 SQL InjecLon Code Injec8on: the azacker can inject or introduce code into a computer program to change the course of execulon. Func8on Call Injec8on: In this kind of azack, a database funclon or operalng system funclon call is inserted into a vulnerable SQL statement.
26 The end!!!!
Chapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationCOSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1
COSC344 Database Theory and Applications Lecture 23 Security and Auditing COSC344 Lecture 23 1 Overview Last Lecture Indexing This Lecture Database Security and Auditing Security Mandatory access control
More informationDatabase Security and Authorization
Database Security and Authorization 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts,
More informationITM661 Database Systems. Database Security and Administration
ITM661 Database Systems Database Security and Administration Outline Introduction to Database Security Issues Types of Security Threats to databases Database Security and DBA Access Protection, User Accounts,
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationSECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)
SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E) 2 LECTURE OUTLINE Threats and countermeasures Access control mechanisms SQL s grant and revoke Role of views 3 THREATS What are the threats? Loss of integrity
More informationDISCRETIONARY ACCESS CONTROL. Tran Thi Que Nguyet Faculty of Computer Science & Engineering HCMC University of Technology ttqnguyet@cse.hcmut.edu.
DISCRETIONARY ACCESS CONTROL Tran Thi Que Nguyet Faculty of Computer Science & Engineering HCMC University of Technology ttqnguyet@cse.hcmut.edu.vn Outline 1 2 3 4 Introduction to Discretionary Access
More informationDatabase Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.
Database Security Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.edu 937-775-5119 Goals of DB Security Integrity: Only authorized users should be
More informationChapter 24. Database Security. Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Chapter 24 Database Security Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 Introduction to Database Security Issues Types of Security Legal and ethical issues: privacy issues
More informationCS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University
CS377: Database Systems Data Security and Privacy Li Xiong Department of Mathematics and Computer Science Emory University 1 Principles of Data Security CIA Confidentiality Triad Prevent the disclosure
More informationDatabase and Data Mining Security
Database and Data Mining Security 1 Threats/Protections to the System 1. External procedures security clearance of personnel password protection controlling application programs Audit 2. Physical environment
More informationIntroduction to Databases
Page 1 of 5 Introduction to Databases An introductory example What is a database? Why do we need Database Management Systems? The three levels of data abstraction What is a Database Management System?
More informationOracle Database 10g Express
Oracle Database 10g Express This tutorial prepares the Oracle Database 10g Express Edition Developer to perform common development and administrative tasks of Oracle Database 10g Express Edition. Objectives
More informationIT2304: Database Systems 1 (DBS 1)
: Database Systems 1 (DBS 1) (Compulsory) 1. OUTLINE OF SYLLABUS Topic Minimum number of hours Introduction to DBMS 07 Relational Data Model 03 Data manipulation using Relational Algebra 06 Data manipulation
More informationIT2305 Database Systems I (Compulsory)
Database Systems I (Compulsory) INTRODUCTION This is one of the 4 modules designed for Semester 2 of Bachelor of Information Technology Degree program. CREDITS: 04 LEARNING OUTCOMES On completion of this
More informationIn This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.
In This Lecture Database Systems Lecture 14 Natasha Alechina Database Security Aspects of security Access to databases Privileges and views Database Integrity View updating, Integrity constraints For more
More informationCHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY
CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY 2.1 Introduction In this chapter, I am going to introduce Database Management Systems (DBMS) and the Structured Query Language (SQL), its syntax and usage.
More informationDatabase Security. Database Security Requirements
Database Security Laurie Williams williams@csc.ncsu.edu John Slankas John_Slankas@ncsu.edu Physical database integrity Logical database integrity Element integrity Auditability Access Control User Authentication
More informationOracle Database: SQL and PL/SQL Fundamentals
Oracle University Contact Us: 1.800.529.0165 Oracle Database: SQL and PL/SQL Fundamentals Duration: 5 Days What you will learn This course is designed to deliver the fundamentals of SQL and PL/SQL along
More informationHow To Create A Table In Sql 2.5.2.2 (Ahem)
Database Systems Unit 5 Database Implementation: SQL Data Definition Language Learning Goals In this unit you will learn how to transfer a logical data model into a physical database, how to extend or
More informationOracle Database: SQL and PL/SQL Fundamentals
Oracle University Contact Us: +966 12 739 894 Oracle Database: SQL and PL/SQL Fundamentals Duration: 5 Days What you will learn This Oracle Database: SQL and PL/SQL Fundamentals training is designed to
More informationPart A: Data Definition Language (DDL) Schema and Catalog CREAT TABLE. Referential Triggered Actions. CSC 742 Database Management Systems
CSC 74 Database Management Systems Topic #0: SQL Part A: Data Definition Language (DDL) Spring 00 CSC 74: DBMS by Dr. Peng Ning Spring 00 CSC 74: DBMS by Dr. Peng Ning Schema and Catalog Schema A collection
More informationDB2 - DATABASE SECURITY
DB2 - DATABASE SECURITY http://www.tutorialspoint.com/db2/db2_database_security.htm Copyright tutorialspoint.com This chapter describes database security. Introduction DB2 database and functions can be
More informationDatabase Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.
Database Security Rights Enforced IT420: Database Management and Organization Database Security Textbook: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 Database security - only authorized users can
More informationDatabase Security. The Need for Database Security
Database Security Public domain NASA image L-1957-00989 of people working with an IBM type 704 electronic data processing machine. 1 The Need for Database Security Because databases play such an important
More informationOracle Database: SQL and PL/SQL Fundamentals NEW
Oracle University Contact Us: + 38516306373 Oracle Database: SQL and PL/SQL Fundamentals NEW Duration: 5 Days What you will learn This Oracle Database: SQL and PL/SQL Fundamentals training delivers the
More informationOracle Database 11g SQL
AO3 - Version: 2 19 June 2016 Oracle Database 11g SQL Oracle Database 11g SQL AO3 - Version: 2 3 days Course Description: This course provides the essential SQL skills that allow developers to write queries
More informationIT360: Applied Database Systems. Database Security. Kroenke: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227
IT360: Applied Database Systems Database Security Kroenke: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 1 Database Security Rights Enforced Database security - only authorized users can perform authorized
More informationDatabase Security. Chapter 21
Database Security Chapter 21 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed to. E.g., A student can t see other students grades. Integrity: Users should
More informationOracle SQL. Course Summary. Duration. Objectives
Oracle SQL Course Summary Identify the major structural components of the Oracle Database 11g Create reports of aggregated data Write SELECT statements that include queries Retrieve row and column data
More informationConcepts of Database Management Seventh Edition. Chapter 7 DBMS Functions
Concepts of Database Management Seventh Edition Chapter 7 DBMS Functions Objectives Introduce the functions, or services, provided by a DBMS Describe how a DBMS handles updating and retrieving data Examine
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationINFO/CS 330: Applied Database Systems
INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Introduction to DB Security Secrecy:Users should not be
More informationOracle Database: SQL and PL/SQL Fundamentals NEW
Oracle University Contact Us: 001-855-844-3881 & 001-800-514-06-97 Oracle Database: SQL and PL/SQL Fundamentals NEW Duration: 5 Days What you will learn This Oracle Database: SQL and PL/SQL Fundamentals
More informationDatabase security issues PETRA BILIĆ ALEXANDER SPARBER
Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information
More informationDATABASDESIGN FÖR INGENJÖRER - 1DL124
1 DATABASDESIGN FÖR INGENJÖRER - 1DL124 Sommar 2005 En introduktionskurs i databassystem http://user.it.uu.se/~udbl/dbt-sommar05/ alt. http://www.it.uu.se/edu/course/homepage/dbdesign/st05/ Kjell Orsborn
More informationDATABASE SECURITY, INTEGRITY AND RECOVERY
DATABASE SECURITY, INTEGRITY AND RECOVERY DATABASE SECURITY, INTEGRITY AND RECOVERY Database Security and Integrity Definitions Threats to security and integrity Resolution of problems DEFINITIONS SECURITY:
More informationOracle Database 10g: Introduction to SQL
Oracle University Contact Us: 1.800.529.0165 Oracle Database 10g: Introduction to SQL Duration: 5 Days What you will learn This course offers students an introduction to Oracle Database 10g database technology.
More informationDivision of IT Security Best Practices for Database Management Systems
Division of IT Security Best Practices for Database Management Systems 1. Protect Sensitive Data 1.1. Label objects containing or having dedicated access to sensitive data. 1.1.1. All new SCHEMA/DATABASES
More informationChapter 9, More SQL: Assertions, Views, and Programming Techniques
Chapter 9, More SQL: Assertions, Views, and Programming Techniques 9.2 Embedded SQL SQL statements can be embedded in a general purpose programming language, such as C, C++, COBOL,... 9.2.1 Retrieving
More informationOracle Database: Introduction to SQL
Oracle University Contact Us: 1.800.529.0165 Oracle Database: Introduction to SQL Duration: 5 Days What you will learn This Oracle Database: Introduction to SQL training teaches you how to write subqueries,
More informationOracle Database: Introduction to SQL
Oracle University Contact Us: +381 11 2016811 Oracle Database: Introduction to SQL Duration: 5 Days What you will learn Understanding the basic concepts of relational databases ensure refined code by developers.
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationOracle Database: Introduction to SQL
Oracle University Contact Us: 1.800.529.0165 Oracle Database: Introduction to SQL Duration: 5 Days What you will learn View a newer version of this course This Oracle Database: Introduction to SQL training
More informationRelational Database: Additional Operations on Relations; SQL
Relational Database: Additional Operations on Relations; SQL Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Overview The course packet
More informationOracle Database 12c: Introduction to SQL Ed 1.1
Oracle University Contact Us: 1.800.529.0165 Oracle Database 12c: Introduction to SQL Ed 1.1 Duration: 5 Days What you will learn This Oracle Database: Introduction to SQL training helps you write subqueries,
More informationB.Sc (Computer Science) Database Management Systems UNIT-V
1 B.Sc (Computer Science) Database Management Systems UNIT-V Business Intelligence? Business intelligence is a term used to describe a comprehensive cohesive and integrated set of tools and process used
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationT-SQL STANDARD ELEMENTS
T-SQL STANDARD ELEMENTS SLIDE Overview Types of commands and statement elements Basic SELECT statements Categories of T-SQL statements Data Manipulation Language (DML*) Statements for querying and modifying
More informationDatabase Administration with MySQL
Database Administration with MySQL Suitable For: Database administrators and system administrators who need to manage MySQL based services. Prerequisites: Practical knowledge of SQL Some knowledge of relational
More informationThere are five fields or columns, with names and types as shown above.
3 THE RELATIONAL MODEL Exercise 3.1 Define the following terms: relation schema, relational database schema, domain, attribute, attribute domain, relation instance, relation cardinality, andrelation degree.
More informationOracle Database Security. Nathan Aaron ICTN 4040 Spring 2006
Oracle Database Security Nathan Aaron ICTN 4040 Spring 2006 Introduction It is important to understand the concepts of a database before one can grasp database security. A generic database definition is
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 5 Database Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Database Security 1 Relational Databases constructed
More informationDatabase security. André Zúquete Security 1. Advantages of using databases. Shared access Many users use one common, centralized data set
Database security André Zúquete Security 1 Advantages of using databases Shared access Many users use one common, centralized data set Minimal redundancy Individual users do not have to collect and maintain
More informationBasic Concepts of Database Systems
CS2501 Topic 1: Basic Concepts 1.1 Basic Concepts of Database Systems Example Uses of Database Systems - account maintenance & access in banking - lending library systems - airline reservation systems
More informationDATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS
DATABASE SECURITY MECHANISMS AND IMPLEMENTATIONS Manying Qiu, Virginia State University, mqiu@vsu.edu Steve Davis, Clemson University, davis@clemson.edu ABSTRACT People considering improvements in database
More informationSOX Compliance & Your Database
SOX Compliance & Your Database Achieving & Maintaining Database Compliance for SOX Complying with SOX data requirements can be confusing, especially with so many products providing protection on only a
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationDFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)
Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage
More informationInstant SQL Programming
Instant SQL Programming Joe Celko Wrox Press Ltd. INSTANT Table of Contents Introduction 1 What Can SQL Do for Me? 2 Who Should Use This Book? 2 How To Use This Book 3 What You Should Know 3 Conventions
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationDuration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff
D80198GC10 Oracle Database 12c SQL and Fundamentals Summary Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff Level Professional Delivery Method Instructor-led
More informationTrusted RUBIX TM. Version 6. Multilevel Security in Trusted RUBIX White Paper. Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM TEL +1-202-412-0152
Trusted RUBIX TM Version 6 Multilevel Security in Trusted RUBIX White Paper Revision 2 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr - Suite 118 Gaithersburg, MD
More informationDatabase Systems Introduction Dr P Sreenivasa Kumar
Database Systems Introduction Dr P Sreenivasa Kumar Professor CS&E Department I I T Madras 1 Introduction What is a Database? A collection of related pieces of data: Representing/capturing the information
More informationADO and SQL Server Security
ADO and SQL Server Security Security is a growing concern in the Internet/intranet development community. It is a constant trade off between access to services and data, and protection of those services
More informationMitigating Risks and Monitoring Activity for Database Security
The Essentials Series: Role of Database Activity Monitoring in Database Security Mitigating Risks and Monitoring Activity for Database Security sponsored by by Dan Sullivan Mi tigating Risks and Monitoring
More informationSecurity and Authorization. Introduction to DB Security. Access Controls. Chapter 21
Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed
More informationCh.5 Database Security. Ch.5 Database Security Review
User Authentication Access Control Database Security Ch.5 Database Security Hw_Ch3, due today Hw_Ch4, due on 2/23 Review Questions: 4.1, 4.3, 4.6, 4.10 Problems: 4.5, 4.7, 4.8 How about the pace of the
More informationChapter 8 A secure virtual web database environment
Chapter 8 Information security with special reference to database interconnectivity Page 146 8.1 Introduction The previous three chapters investigated current state-of-the-art database security services
More informationIntroduction to Database Systems
Introduction to Database Systems A database is a collection of related data. It is a collection of information that exists over a long period of time, often many years. The common use of the term database
More informationThe Relational Model. Why Study the Relational Model?
The Relational Model Chapter 3 Instructor: Vladimir Zadorozhny vladimir@sis.pitt.edu Information Science Program School of Information Sciences, University of Pittsburgh 1 Why Study the Relational Model?
More informationChapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification
Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 Outline More Complex SQL Retrieval Queries
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More information1 File Processing Systems
COMP 378 Database Systems Notes for Chapter 1 of Database System Concepts Introduction A database management system (DBMS) is a collection of data and an integrated set of programs that access that data.
More informationSerious Threat. Targets for Attack. Characterization of Attack. SQL Injection 4/9/2010 COMP620 1. On August 17, 2009, the United States Justice
Serious Threat SQL Injection COMP620 On August 17, 2009, the United States Justice Department tcharged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit
More informationTHE BCS PROFESSIONAL EXAMINATION Diploma. October 2004 EXAMINERS REPORT. Database Systems
THE BCS PROFESSIONAL EXAMINATION Diploma October 2004 EXAMINERS REPORT Database Systems Question 1 1. a) In your own words, briefly describe why a relational database design must be normalised prior to
More informationComputer Security (EDA263 / DIT 641)
Computer Security (EDA263 / DIT 641) Lecture 12: Database Security Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Sweden Outline Introduction to databases
More informationIntroduction to Databases
Introduction to Databases IT University of Copenhagen January 7, 2005 This exam consists of 6 problems with a total of 16 questions. The weight of each problem is stated. You have 4 hours to answer all
More informationIntroduction to Computing. Lectured by: Dr. Pham Tran Vu t.v.pham@cse.hcmut.edu.vn
Introduction to Computing Lectured by: Dr. Pham Tran Vu t.v.pham@cse.hcmut.edu.vn Databases The Hierarchy of Data Keys and Attributes The Traditional Approach To Data Management Database A collection of
More informationDatabase 10g Edition: All possible 10g features, either bundled or available at additional cost.
Concepts Oracle Corporation offers a wide variety of products. The Oracle Database 10g, the product this exam focuses on, is the centerpiece of the Oracle product set. The "g" in "10g" stands for the Grid
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationDatabase System Architecture & System Catalog Instructor: Mourad Benchikh Text Books: Elmasri & Navathe Chap. 17 Silberschatz & Korth Chap.
Database System Architecture & System Catalog Instructor: Mourad Benchikh Text Books: Elmasri & Navathe Chap. 17 Silberschatz & Korth Chap. 1 Oracle9i Documentation First-Semester 1427-1428 Definitions
More informationInformation Systems Access Policy
Information Systems Access Policy I. PURPOSE The purpose of this policy is to maintain an adequate level of security to protect data and information systems from unauthorized access. This
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationDATABASE SECURITY - ATTACKS AND CONTROL METHODS
DATABASE SECURITY - ATTACKS AND CONTROL METHODS Emil BURTESCU 1 PhD, Associate Professor, Department of Accounting and Management Informatics, University of Pitesti, Pitesti, Romania E-mail: emil.burtescu@yahoo.com,
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationData Warehousing. Yeow Wei Choong Anne Laurent
Data Warehousing Yeow Wei Choong Anne Laurent Databases Databases are developed on the IDEA that DATA is one of the cri>cal materials of the Informa>on Age Informa>on, which is created by data, becomes
More informationExposed Database( SQL Server) Error messages Delicious food for Hackers
Exposed Database( SQL Server) Error messages Delicious food for Hackers The default.asp behavior of IIS server is to return a descriptive error message from the application. By attacking the web application
More informationCS2Bh: Current Technologies. Introduction to XML and Relational Databases. Introduction to Databases. Why databases? Why not use XML?
CS2Bh: Current Technologies Introduction to XML and Relational Databases Spring 2005 Introduction to Databases CS2 Spring 2005 (LN5) 1 Why databases? Why not use XML? What is missing from XML: Consistency
More informationLecture 6. SQL, Logical DB Design
Lecture 6 SQL, Logical DB Design Relational Query Languages A major strength of the relational model: supports simple, powerful querying of data. Queries can be written intuitively, and the DBMS is responsible
More informationDatabase Systems. National Chiao Tung University Chun-Jen Tsai 05/30/2012
Database Systems National Chiao Tung University Chun-Jen Tsai 05/30/2012 Definition of a Database Database System A multidimensional data collection, internal links between its entries make the information
More informationCS143 Notes: Views & Authorization
CS143 Notes: Views & Authorization Book Chapters (4th) Chapter 4.7, 6.5-6 (5th) Chapter 4.2, 8.6 (6th) Chapter 4.4, 5.3 Views What is a view? A virtual table created on top of other real tables Almost
More informationDatabase Auditing and Compliance in a Mainframe Environment. Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc.
Database Auditing and Compliance in a Mainframe Environment Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc. Table of Contents Introduction................................................................................
More information