Database Reference
In-Depth Information
ACTION
TEST
INTERROGATION
YES
NO
1
Unconditional access to all relations in request?
GRANT
DENY
Next test
2
Any relation in request unconditionally prohibited?
3
Unconditional access to all attributes in request?
GRANT
DENY
Next test
4
Any attribute in request unconditionally prohibited?
5
Unconditional access to all groups of attributes in request?
GRANT
DENY
Inform user
6
Any group of attributes in request unconditionally prohibited?
Figure 16-7
Arbiter interrogation list.
•
Monitor for continued attempts of security breaches by same user for possible
censure.
Authentication
Let us return to the authorization of access privileges to Samantha Jenkins. The
authorization matrix contains security authorization rules for her. When she
attempts to perform any database operation, the DBMS, through its arbiter module,
can verify authorization rules as applicable and either allow or deny the operation.
When Samantha Jenkins signs on to the database system with her user-id, in effect,
she declares that she is Samantha Jenkins. All authorization she can have relates to
the user known to the system as Samantha Jenkins.
Now when she signs on with her user-id and declares that she is Samantha
Jenkins, how does the system know that she is really who she says she is? How can
the system be sure that it is really Samantha Jenkins and not someone else signing
on with her user-id? How can the system authenticate her identity? Authentication
is the determination of whether the user is who he or she claims to be or declares
he or she is through the user-id.
It is crucial that the authentication mechanism be effective and failsafe. Other-
wise, all the effort and sophistication of the authorization rules will be an utter
waste. How can you ensure proper authentication? Let us examine a few of the
common techniques for authentication.
Passwords.
Passwords, still the most common method, can be effective if properly
administered. Passwords must be changed fairly often to deter password thefts. They
must be stored in encrypted formats and be masked while being entered. Password
formats need to be standardized to avoid easily detectable combinations. A data-
base environment with highly sensitive data may require one-time-use passwords.
Personal information.
The user may be prompted with questions for which the user
alone would know the answers such as mother's maiden name, last four digits of
social security number, first three letters of the place of birth, and so on.
Biometric verification.
Verification through fingerprints, voiceprints, retina images,
and so on. Smartcards recorded with such biometric data may be used.
Search WWH ::
Custom Search