DDBMS Security

1
DDBMS Security

• - Bakul Gada

2
Overview

• Introduction to Database Security
• Security Issues in centralized databases
• Security issues in Distributed Databases

3
Introduction

• Data security
• Protect data against unauthorized access.
• Two aspects
• Data protection.
• Authorization Control.

4
Aspects of Data security

• Data Protection
• Can be achieved using data encryption techniques.
• Authorization Control
• It ensures that only authorized users perform,
  operations that they are allowed to perform on
  the database.
• Reference Principles of Distributed Database
  Systems
• M. Tamer Ozsu Patrick Valduriez

5
Authorization Control

• It includes two main issues
• Access control
• Unauthorized Access to data should not be
  allowed.
• Integrity
• Only authorized users should be allowed to modify
  data in the database.

6
Centralized Authorization Control

• Allowing a user to do a particular operation on
  the subsets of database.
• In RDBMS these subsets can be defined using
  Views.
• Views allow limited access to database

7
Methods of Authorization Control

• Discretionary Access Control
• Based on privileges or access rights
• Mandatory Access control
• Based on policies that cant be changed by
  individual users
• Reference Database Management Systems -
  R.Ramakrishnan /
• J Gehrke (2nd ed.)

8
Discretionary Access Control

• This can be implemented at two levels
• Account Level
• Set privileges for each account on different
  relations
• Relation Level
• Set privileges to access each individual relation
  or view
• Reference Database Management Systems -
  R.Ramakrishnan /
• J Gehrke (2nd ed.)

9
GRANT and REVOKE commands

• SQL supports discretionary access control through
  grant and revoke commands.
• Syntax for GRANT and REVOKE commands
• GRANT lt operation type(s)gt ON ltobjectgt TO
  ltuser(s)gt
• REVOKE lt operation type(s)gt ON ltobjectgt TO
  ltuser(s)gt
• Reference Principles of Distributed Database
  Systems
• M. Tamer Ozsu Patrick Valduriez

10
Mandatory Access Control

• Users classified based on security classes
• Top Secret (TS)
• Secret (S)
• Confidential (C)
• Unclassified (U)

11
Bell LaPadula Model

• Most Popular Model for multilevel security.
• Two restrictions are enforced on data access
  based on subject/object classification.
• A subject S is not allowed to read an object O
  unless class(S) ? class(O)
• A subject S is not allowed to write an object O
  unless class(S) ? class(O)
• Reference Bell D.E and LaPadula L.J., "Secure
  Computer Systems Unified Exposition and Multics
  Interpretation", THE MITRE Corporation, July 1975.

12
Authorization Control in Distributed Environment.

• More Complex.
• Remote User Authentication
• Management of distributed authorization rules
• Handling of Views and User Groups
• Reference Principles of Distributed Database
  Systems
• M. Tamer Ozsu Patrick Valduriez

13
Solution

• Information for authenticating users is
  replicated at all sites.
• All sites of the DDBMS identify authenticate
  themselves similarly to the way users do.

14
Integrity

• How to guarantee database consistency ?
• A database is said to be consistent if it
  satisfies the set of integrity constraints.
• Concurrency control techniques
• Locking Technique
• Timestamp Ordering
• Multiversion Concurrency Control
• Validation Concurrency Control
• Ref Fundamentals of Database Systems - Elmasri
  Navathe (3rd ed)

15
Integrity in Distributed Databases

• Concurrency Control techniques need to be
  employed in Distributed databases.
• Two general classes
• Pessimistic Concurrency Control
• Optimistic Concurrency Control

16

• Summary
• Security issues in Distributed Databases are
  more complex as compared to Centralized
  Databases. But they can be taken care of through
  careful study.
• Future
• Right now, RDBMS is a better choice for
  distributed applications. OODBMSs are much more
  difficult to implement in a distributed
  environment. Steps are being taken to do the same.