Ch.5 Database Security. Ch.5 Database Security Review



Similar documents
Computer Security: Principles and Practice

INFO/CS 330: Applied Database Systems

Computer Security (EDA263 / DIT 641)

BM482E Introduction to Computer Security

Computer Security (EDA263 / DIT 641)

Database Security. Chapter 21

Part II: Database Security

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1

Lecture 6. SQL, Logical DB Design

There are five fields or columns, with names and types as shown above.

The Relational Model. Why Study the Relational Model?

Introduction to Databases

The Relational Model. Why Study the Relational Model? Relational Database: Definitions

The Relational Model. Why Study the Relational Model? Relational Database: Definitions. Chapter 3

How To Create A Table In Sql (Ahem)

In This Lecture. SQL Data Definition SQL SQL. Notes. Non-Procedural Programming. Database Systems Lecture 5 Natasha Alechina

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Part A: Data Definition Language (DDL) Schema and Catalog CREAT TABLE. Referential Triggered Actions. CSC 742 Database Management Systems

Databases What the Specification Says

Chapter 23. Database Security. Security Issues. Database Security

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

Oracle Database 10g Express

Oracle 10g PL/SQL Training

Outline. Data Modeling. Conceptual Design. ER Model Basics: Entities. ER Model Basics: Relationships. Ternary Relationships. Yanlei Diao UMass Amherst

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. Introduction to Databases. Why databases? Why not use XML?

Databases and BigData

David Dye. Extract, Transform, Load

In This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Basic Concepts of Database Systems

Maintaining Stored Procedures in Database Application

Database Administration with MySQL

University of Massachusetts Amherst Department of Computer Science Prof. Yanlei Diao

Oracle Database 10g: Introduction to SQL


Files. Files. Files. Files. Files. File Organisation. What s it all about? What s in a file?

Oracle Database Security

Microsoft Office 2010

CSE 530A Database Management Systems. Introduction. Washington University Fall 2013

Physical Database Design Process. Physical Database Design Process. Major Inputs to Physical Database. Components of Physical Database Design

Database Design. Marta Jakubowska-Sobczak IT/ADC based on slides prepared by Paula Figueiredo, IT/DB

Auditing Data Access Without Bringing Your Database To Its Knees

SQL, PL/SQL FALL Semester 2013

2. Basic Relational Data Model

CSC 443 Data Base Management Systems. Basic SQL

The Structured Query Language. De facto standard used to interact with relational DB management systems Two major branches

Chapter 1: Introduction. Database Management System (DBMS) University Database Example

IT2304: Database Systems 1 (DBS 1)

Scheme G. Sample Test Paper-I

Database 10g Edition: All possible 10g features, either bundled or available at additional cost.

ER/Studio 8.0 New Features Guide

EECS 647: Introduction to Database Systems

Schema Evolution in SQL-99 and Commercial (Object-)Relational DBMS

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

1. INTRODUCTION TO RDBMS

Database Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.

Using SQL Server Management Studio

Testing of the data access layer and the database itself

SQL Server for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

1 File Processing Systems

ECS 165A: Introduction to Database Systems

Databases in Engineering / Lab-1 (MS-Access/SQL)

David M. Kroenke and David J. Auer Database Processing 11 th Edition Fundamentals, Design, and Implementation. Chapter Objectives

A Brief Introduction to MySQL

Extracting META information from Interbase/Firebird SQL (INFORMATION_SCHEMA)

Review: Participation Constraints

New Security Options in DB2 for z/os Release 9 and 10

Chapter 4. SQL Concepts & Facilities. Is SQL an End User Tool? AS/400 ANSI SQL Advanced Facilities

ITM661 Database Systems. Database Security and Administration

David M. Kroenke and David J. Auer Database Processing 12 th Edition

IT2305 Database Systems I (Compulsory)

Foundations of Business Intelligence: Databases and Information Management

Big Data Data-intensive Computing Methods, Tools, and Applications (CMSC 34900)

7. Databases and Database Management Systems

1.264 Lecture 15. SQL transactions, security, indexes

Instant SQL Programming

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. The Relational Model. The relational model

3. Relational Model and Relational Algebra

SQL Data Definition. Database Systems Lecture 5 Natasha Alechina

Violating The Corporate Database. Presented by Dan Cornforth Brightstar, IT Security Summit, April 2006

SQL DATA DEFINITION: KEY CONSTRAINTS. CS121: Introduction to Relational Database Systems Fall 2015 Lecture 7

Database Security. The Need for Database Security

Chapter 6 FOUNDATIONS OF BUSINESS INTELLIGENCE: DATABASES AND INFORMATION MANAGEMENT Learning Objectives

Elena Baralis, Silvia Chiusano Politecnico di Torino. Pag. 1. Active database systems. Triggers. Triggers. Active database systems.

Course MIS. Foundations of Business Intelligence

Identity Management and Access Control

2. Oracle SQL*PLUS Winter Some SQL Commands. To connect to a CS server, do:

CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY

Procedural Extension to SQL using Triggers. SS Chung

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Database Query 1: SQL Basics

ATTACHMENT 6 SQL Server 2012 Programming Standards

Database security tutorial. Part I

DATABASE MANAGEMENT SYSTEMS

Database Programming with PL/SQL: Learning Objectives

Secret Server Qualys Integration Guide

Oracle Database: SQL and PL/SQL Fundamentals

Transcription:

User Authentication Access Control Database Security Ch.5 Database Security Hw_Ch3, due today Hw_Ch4, due on 2/23 Review Questions: 4.1, 4.3, 4.6, 4.10 Problems: 4.5, 4.7, 4.8 How about the pace of the class? Please email me any comments you have How many of you have taken a Database class? 1 Ch.5 Database Security Review Database is one of most popular applications What is exactly a database? Database Management Systems (DBMS) A structured collection of data stored for applications Database Definition Language (DDL) to define database logical structure and procedural properties Database Manipulation Language (DML) provide a set of tools for developers Query languages are declarative languages for end users» Select grade=a from Class2009 A student grade system 2 1

Database Overview 3 Relational Databases A table of data: rows + columns constructed from tables of data each column holds a particular type of data: id# each row contains a specific value these: s_record Primary key: at least one column where all values are unique, forming an identifier for that row Relational DBs use multiple tables linked by identifiers Create a flat table including everything is inefficient and inflexible Many blank fields; cannot add more columns Users access the DB via a relational query language Select items based on given criteria 4 2

Relational Database Example Deal with dynamics Add/delete services Access current bill 5 Relational Database Elements Basic building block: relation / table / file tuple / row / record attribute / column / field primary key uniquely identifies a row foreign key links one table to attributes in another view is a virtual table as the result of a query restricted access to a DB 6 3

Relational Database Elements All records in the employee table plus dept info Linked by Did 7 Structured Query Language (SQL) developed by IBM in the mid-1970s standardized language to define, manipulate, and query data in a relational database several similar versions of ANSI/ISO standard CREATE TABLE department ( Did INTEGER PRIMARY KEY, Dname CHAR (30), Dacctno CHAR (6) ) CREATE VIEW newtable (Dname, Ename, Eid, Ephone) AS SELECT D.Dname E.Ename, E.Eid, E.Ephone FROM Department D Employee E CREATE TABLE employee ( WHERE E.Did = D.Did Ename CHAR (30), Did INTEGER, SalaryCode INTEGER, Eid INTEGER PRIMARY KEY, Ephone CHAR (10), FOREIGN KEY (Did) REFERENCES department (Did) ) 8 4

Database Access Control DBMS provide access control for database assume have authenticated user DBMS provides specific access rights to portions of the database e.g. create, insert, delete, update, read, write to entire database, tables, selected rows or columns possibly dependent on contents of a table entry can support a range of policies: centralized administration: a small # of privileged users ownership-based administration: owner can grant/revoke access rights to a table decentralized administration: give authorization right to other users 9 SQL Access Controls two commands: GRANT { privileges role } [ON table] TO { user role PUBLIC } [IDENTIFIED BY password] [WITH GRANT OPTION]» e.g. GRANT SELECT ON ANY TABLE TO ricflair REVOKE { privileges role } [ON table] FROM { user role PUBLIC }» e.g. REVOKE SELECT ON ANY TABLE FROM ricflair typical access rights are: SELECT, INSERT, UPDATE, DELETE, REFERENCES 10 5

Cascading Authorizations What happens if Bob revokes David s right? David gives it Ellen at t=40 after getting it from Bob at t30 David gets it from Chris at t=50 after granting it to Ellen Revoking also cascading 11 Role-Based Access Control role-based access control work well for DBMS eases admin burden, improves security categories of database users: application owner: owns the database end user: operates on the database Administrator: manages the database DB RBAC must manage roles and their users cf. RBAC on Microsoft s SQL Server Fixed server roles: for all DB management Fixed database roles: for a single DB User-defined roles: access a portion of DB 12 6

Inference 13 Inference Example Same row order 14 7

Inference Countermeasures inference detection at database design alter database structure or access controls to prevent» E.g., split tables, fine grained control Need to find all possible inference attacks a priori inference detection at query time by monitoring and altering or rejecting queries Need to detect in real-time inference detection algorithms Analyzing the dependencies between attributes within/across a table Merging views with the same constraints E.g., the access to the previous two views at the same time is not authorized 15 Statistical Databases provides data of a statistical nature e.g. counts, averages two types: pure statistical database ordinary database with statistical access» some users have normal access, others statistical access control objective to allow statistical use without revealing individual entries One security problem is inference 16 8

Statistical Database Security use a characteristic formula C a logical formula over the values of attributes e.g. (Sex=Male) AND ((Major=CS) OR (Major=EE)) query set X(C) of characteristic formula C, is the set of records matching C a statistical query is a query that produces a value calculated over a query set 17 Abstract Model of Relational DB 18 9

C = a characteristic formula, consisting of a logical formula over the values of attributes. X(C) = query set of C, the set of records satisfying C. 19 Statistical Database Example Baker is the only female EE student Count(EE Female)=1 Sum(EE Female,GP)=2.5 20 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information