Chapter 07: Database Security and Recovery Database Security Introduction • Database security issues are often lumped together with data integrity issues, but the two concepts are really quite distinct. Security refers to the protection of data against unauthorized disclosure, alteration, or destruction; integrity refers to the accuracy or validity of that data. • To put it a little glibly: – Security means protecting the data against unauthorized users. – Integrity means protecting the data against authorized users. Need for Database Securit • In the case of shared data, multiple users try to access the data at the same time. In order to maintain the consistency of the data in the database, database security is needed. • Due to the advancement of internet, data are accessed through World Wide Web, to protect the data against hackers, database security is needed. • The plastic money (Credit card) is more popular. The money transaction has to be safe. More specialized software both to enter the system illegally to extract data and to analyze the information obtained is available. General Considerations • There are numerous aspects to the security problem, some of them are: – Legal, social, and ethical aspects – Physical controls – Policy questions – Operational problems – Hardware control – Operating system support – Issues that are the specific concern of the database system itself Database Security System Database Security Goals and Threats • Security threat can be broadly classified into accidental, intentional according to the way they occur. • The accidental threats include human errors, errors in software, and natural or accidental disasters: – Human errors include giving incorrect input, incorrect use of applications. – Errors in software include incorrect application of security policies, denial of access to authorized users. – Natural or accidental disasters include the damage of hardware or software. Classification of Database Security • Physical security. – Physical security refers to the security of the hardware associated with the system and the protection of the site where the computer resides. Natural events such as fire, floods, and earthquakes can be considered as some of the physical threats. • Logical security. – Logical security refers to the security measures residing in the operating system or the DBMS designed to handle threats to the data. The DBMS’s security mechanism • security rules: – made known to the system • appropriate definitional language – remembered by the system • security / authorisation rules stored in the catalogue – checked by the system • security / authorisation subsystem Discretionary access control • example in a pseudo-code CREATE SECURITY RULE Rule1 GRANT RETRIEVE ( S_id, S_name, City ) , DELETE ON Suppliers WHERE City ≠ ‘London’ TO Jim, Fred, Mary ON ATTEMPTED VIOLATION Reject ; [...]... character Database Recovery Overview • • • • • Transactions Recovery Transaction Recovery Failure Recovery Plans Transactions • Concept: Logical unit of work and logical unit of recovery • Definition: The execution of a program that accesses or changes the contents of the database Example Transaction Transaction Support • Can have one of two outcomes: – Success - transaction commits and database reaches... the database s consistent state After commit, changes can’t be lost Recovery • If nothing ever goes wrong there is no need for recovery • Recovery - restoring the database to a state that is known to be correct after some failure has rendered the current state incorrect • Correct - does not violate any integrity rule – A database is correct iff it satisfies the logical AND of all known rules Recovery. .. assist with recovery: – Backup mechanism, which makes periodic backup copies of database – Logging facilities, which keep track of current state of transactions and database changes – Checkpoint facility, which enables updates to database in progress to be made permanent – Recovery manager, which allows DBMS to restore the database to a consistent state following a failure Transaction recovery • Transfer... WHERE S.S_id = SP.S_id AND P.P_id = SP.P_id AND P.City = ‘Rome’ )) ; GRANT SELECT ON View2 TO John Example #3 CREATE VIEW View3 AS SELECT P_id, ( SELECT SUM (Contracts.Qty) FROM Contracts WHERE Contracts.P_id = Parts.P_id ) AS Quantity FROM Parts; GRANT SELECT ON View3 TO Bill Example #4 GRANT INSERT ON Transactions WHERE Day() NOT IN (‘Saturday’, ‘Sunday’) AND Time() > ’ 9:00’ AND Time() < ‘17:00’ TO... • Application program is series of transactions with non -database processing in between Transactions • Desirable Transaction Properties • ACID properties – Atomicity - All parts of a transaction must be completed or aborted – Consistency - Database transformed from one consistent state to another consistent state • Note: At intermediate steps database not necxessarily consistent Isolation - Actions... 9:00’ AND Time() < ‘17:00’ TO Till; Till is a group of users Other issues • logical “OR” between security rules • anything not explicitly allowed is implicitly prohibited • audit trial - for critical data • request (text), terminal, user, date and time, data objects affected, old values, new values Mandatory access control • each data object has a classification level • each user has a clearance level... and database reaches a new consistent state – Failure - transaction aborts, and database must be restored to consistent state before it started – Such a transaction is rolled back or undone • Committed transaction cannot be aborted • Aborted transaction that is rolled back can be restarted later Transactions • Transforms database from one consistent state to another, although consistency may be violated...Discretionary access control • components of a security rule – – – – – name (Rule1) (why?) privileges (RETRIEVE on certain attributes, ) scope (ON … WHERE …) users (user IDs) violation response (procedure) General format of a rule (pseudo-code) CREATE SECURITY RULE GRANT ON TO [ ON ATTEMPTED... clearance level of U is greater or equal to the classification level of O • user U can modify object O only if the clearance level of U is equal to the classification level of O • used for DBs with a static and rigid classification structure Data encryption - generalities • when the system was bypassed • plain-text • original data • encryption • encryption algorithm, encryption key • cipher-text • encrypted... relation – this restriction is somehow ad-hoc; though, it induces in simplicity • • default: reject • but it could be on any complexity, in theory – examples - what would it be needed? SQL’s GRANT and REVOKE GRANT ON TO | PUBLIC [ WITH GRANT OPTION ] REVOKE [ GRANT OPTION FOR] ON FROM . Chapter 07: Database Security and Recovery Database Security Introduction • Database security issues are often lumped together with data integrity. support – Issues that are the specific concern of the database system itself Database Security System Database Security Goals and Threats • Security threat can be broadly classified into accidental,. or software. Classification of Database Security • Physical security. – Physical security refers to the security of the hardware associated with the system and the protection of the site