Database Reference
In-Depth Information
CHAPTER SUMMARY
•
An organization's database, being a vital asset, must be protected from unin-
tentional and intentional threats by an effective security system.
•
The security system must safeguard a database against theft, vandalism, and
fraud; it must preserve the privacy of those about whom data is stored; it must
also guarantee proper access privileges to authorized users.
•
General security procedures include controls in the physical environment, pre-
vention of malicious acts, and securing of equipment. A strong security policy
must guide the procedures. Contingency plans are absolutely necessary.
•
Computer-based security measures: protection through authorizing only those
who have to be given database access, tailoring access provisions through user
views, backup and recovery procedures, and safeguarding of sensitive data by
encryption.
•
Discretionary access control relates to granting access privileges to authorized
users for accessing specific data items on prescribed access modes. Mandatory
access control classifies database objects by levels of criticality, assigns security
clearance levels to subjects such as users, and matches object levels to subject
clearances for providing access.
•
Statistical databases pose a special security challenge for protecting privacy. A
number of solution options have been proposed.
•
Encryption of data provides protection from intruders who attempt to bypass
the normal access control mechanisms. The encryption method codes data
to make them unintelligible to an intruder and then decodes the data back to
original format for use by an authorized user.
•
The encryption technique involves encryption and decryption keys along with
encryption and decryption algorithms. Symmetric encryption uses the same key
for both encryption and decryption; asymmetric encryption uses different keys.
•
The Data Encryption Standard (DES) is a single-key encryption technique
requiring that the encryption key be kept secret.
•
In the public key encryption technique, a public key and a private key are used.
The public key is openly available, whereas the private key is chosen and kept
secret by the authorized user.
REVIEW QUESTIONS
1. List the major goals and objectives of a database security system. Which ones
are important?
2. What are the types of general access control procedures in a database
environment?
3. What is data privacy? What are some of the privacy issues to be addressed?
4. What is discretionary access control? What are the types of access privileges
available to users?
5. Describe an authorization graph with an example.
Search WWH ::
Custom Search