ch23-Database Security and Authorization

Ch23-Database - Copyright 2007 Ramez Elmasri and Shamkant B Navathe Slide 23 1 Chapter 23 Database Security and Authorization Copyright 2007 Ramez

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Slide 23- 1 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Chapter 23 Database Security and Authorization
Background image of page 2
Slide 23- 3 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Chapter Outline 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts, and Database Audits 2 Discretionary Access Control Based on Granting Revoking Privileges 2.1 Types of Discretionary Privileges 2.2 Specifying Privileges Using Views 2.3 Revoking Privileges 2.4 Propagation of Privileges Using the GRANT OPTION 2.5 Specifying Limits on Propagation of Privileges
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Slide 23- 4 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Chapter Outline (contd.) 3 Mandatory Access Control and Role-Based Access Control for Multilevel Security 3.1 Comparing Discretionary Access Control and Mandatory Access Control 3.2 Role-Based Access Control 3.3 Access Control Policies for E-Commerce and the Web 4 Introduction to Statistical Database Security 5 Introduction to Flow Control 5.1 Covert Channels 6 Encryption and Public Key Infrastructures 6.1The Data and Advanced Encryption Standards 6.2 Public Key Encryption 6.3 Digital Signatures
Background image of page 4
Slide 23- 5 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe 1 Introduction to Database Security Issues Types of Security Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Slide 23- 6 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Introduction to Database Security Issues (2) Threats to databases Loss of integrity Loss of availability Loss of confidentiality To protect databases against these types of threats four kinds of countermeasures can be implemented: Access control Inference control Flow control Encryption
Background image of page 6
Slide 23- 7 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Introduction to Database Security Issues (3) A DBMS typically includes a database security and authorization subsystem that is responsible for ensuring the security portions of a database against unauthorized access. Two types of database security mechanisms: Discretionary security mechanisms Mandatory security mechanisms
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Slide 23- 8 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Introduction to Database Security Issues (4) The security mechanism of a DBMS must include provisions for restricting access to the database as a whole This function is called access control and is handled by creating user accounts and passwords to control login process by the DBMS.
Background image of page 8
Slide 23- 9 Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Introduction to Database Security Issues (5) The security problem associated with databases is that of controlling the access to a statistical
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/23/2012 for the course CS 348 taught by Professor Staff during the Fall '08 term at Purdue University-West Lafayette.

Page1 / 70

Ch23-Database - Copyright 2007 Ramez Elmasri and Shamkant B Navathe Slide 23 1 Chapter 23 Database Security and Authorization Copyright 2007 Ramez

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online