security issues in database
play

Security Issues in Database Dr.Nermin Hamza Ewais Assistance - PowerPoint PPT Presentation

Dec 07, 2022 •212 likes •1.06k views

Security Issues in Database Dr.Nermin Hamza Ewais Assistance Professor IT department Faculty of Computing and information Technology King Abd El-Aziz University Abstract Many organizations today are implementing cloud-based solutions to

  1. Security Issues in Database Dr.Nermin Hamza Ewais Assistance Professor IT department Faculty of Computing and information Technology King Abd El-Aziz University

  2. Abstract  Many organizations today are implementing cloud-based solutions to reduce cost and improve the efficient . Due to its high demand, cloud providers are now offering a new service besides the traditional services (IaaS, PaaS and Saas) known as Database as a service or DBaaS which is essentially an on-demand database accessible to the consumers from the cloud over the Internet  The new trend is to make the database outsourced, which gained benefits such as increase data availability, reduce, the cost.  We presented a model based on outsourcing database. The model architecture performs most of the data processing through the SMP (Secure Middle Part), for reducing computation and communication overhead by partially encrypting the data and information and increasing data confidentiality through using deferent encryption techniques. 2 Dr. Nermin Hamza Ewais 18/04/2017

  3. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 3 Dr. Nermin Hamza Ewais 18/04/2017

  4. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 4 Dr. Nermin Hamza Ewais 18/04/2017

  5. 1- Cloud and Cloud Database 5 Dr. Nermin Hamza Ewais 18/04/2017

  6. Cloud  The Term Cloud refers to Network or Internet .  In Other words , we can say that the cloud is some thing which can present in remote location.  Cloud computing is a general term for the delivery of hosted services over the internet.( could be software or Hardware) 6 Dr. Nermin Hamza Ewais 18/04/2017

  7. Cloud : Service Categories  Infrastructure as a service (IaaS)  Platform as a service (PaaS)  Software as a service (SaaS). 7 Dr. Nermin Hamza Ewais 18/04/2017

  8. Cloud : Service Categories  Infrastructure as a service (IaaS)  Is category of cloud computing services. With IaaS, you rent IT infrastructure — servers and virtual machines (VMs), storage, networks, operating systems — from a cloud provider on a pay-as- you-go basis..  Characteristics of IaaS  Distribution of resources as a service  Utility pricing model and variable costs,  Allows multiple users to work on a single set of hardware 8 Dr. Nermin Hamza Ewais 18/04/2017

  9. Cloud : Service Categories  Platform as a service (PaaS)  a cloud provider delivers hardware and software tools -- usually those needed for application development -- to its users as a service  PaaS Characteristics  Develop, test and deploy software and applications  Built-in scalability for load balancing and failover  Web-based tools for the creation, modification and flawless deployment of User Interfaces 9 Dr. Nermin Hamza Ewais 18/04/2017

  10. Cloud : Service Categories  Software as a service (SaaS).  SaaS is the basic and most important form of cloud services that represents the largest portion of the cloud market. It uses the web to distribute applications that are hosted and run by third- party vendors.  As a client, you can run SaaS applications directly via a web browser without having to download or install anything.  Characteristics of SaaS  Access to commercial software on the web  Centralized software management  Managed software upgrades and integration of different software parts with help of APIs 10 Dr. Nermin Hamza Ewais 18/04/2017

  11. Cloud : Service Categories 11 Dr. Nermin Hamza Ewais 18/04/2017

  12. Cloud : Service Categories 12 Dr. Nermin Hamza Ewais 18/04/2017

  13. What about Cloud Database 13 Dr. Nermin Hamza Ewais 18/04/2017

  14. Database as Service  Database as a Service (DBaaS) is a new service model Based on SaaS, DBaaS moves database management system (DBMS) from a traditional client-server architecture to a third party architecture – where data management is not handled by the data owner.  The traditional Client-Server : where the data owner is responsible for managing DBMS and responding to user ’ s queries 14 Dr. Nermin Hamza Ewais 18/04/2017

  15. Database as Service  DBaaS eliminates the need for installing, maintaining and storing data on the local database servers (hard drives or disks).  DBaaS supports structured, unstructured or semi- structured data  Data owners outsource their data to data service providers such as Google , Amazon , and Microsoft etc. who manage large data sets . 15 Dr. Nermin Hamza Ewais 18/04/2017

  16. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 16 Dr. Nermin Hamza Ewais 18/04/2017

  17. 2- Database Security 17 Dr. Nermin Hamza Ewais 18/04/2017

  18. Database Security Services The database security services are: 1. Database Identification and Authentication 2. Database Access control 3. Database Confidentiality 4. Database Integrity 5. Database Availability 6. Database Physical security. 18 Dr. Nermin Hamza Ewais 18/04/2017

  19. Database Identification and Authentication  This service ensures that the users and programs are correctly identified and verified.  This service depends on the operating systems or database application or both.  The famous mechanisms are DB authentication with passwords, operating system authentication, Kerberos etc … 19 Dr. Nermin Hamza Ewais 18/04/2017

  20. 20 Dr. Nermin Hamza Ewais 18/04/2017

  21. Database Access control  Access control service is also called Authorization security service.  It ensures that the correctly subject, such as users programs, can only perform operations on the allowed database object, such as tables and views.  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC) 21 Dr. Nermin Hamza Ewais 18/04/2017

  22. Database Access control  Discretionary Access Control (DAC)  Subject access object according to a list of permissions granted to the subjects.  In DAC one user could create any object and grant or revoke some permissions as reading, writing … etc. to another user.  Example :  User may transfer object ownership to another user(s).  User may determine the access type of other users.  After several attempts, authorization failures restrict user access. 22 Dr. Nermin Hamza Ewais 18/04/2017

  23. Database Access control  Mandatory Access Control (MAC)  Policies regulate access to data by subjects on the basis of the predefined classifications of the subjects and objects in the system  In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects.  For example, if a user has a security clearance of secret, and he requests a data object with a security classification of top secret, then the user will be denied access because his clearance is lower than the classification of the object. 23 Dr. Nermin Hamza Ewais 18/04/2017

  24. Database Access control  Role-Based Access Control (RBAC)  Permissions are assigned according to the Role and are centrally administered according to the organization structure  A fundamental difference between DAC and RBAC is that users in RBAC cannot pass access permissions on to other users DAC. 24 Dr. Nermin Hamza Ewais 18/04/2017

  25. Database Confidentiality  This service will prevent the improper discovery of information to unauthorized users. This service can be achieved by two methods , which are  encryption and employee confidentiality training 25 Dr. Nermin Hamza Ewais 18/04/2017

  26. Database Integrity  Database integrity ensures that both the creation and changing of information are done according to a set of predefined rules and constrains  Many mechanisms  Checksum mechanism,  this one is done to ensure the integrity of the stored data by calculate the check sum of this stored data and then store the result.  When the data is accessed the checksum is recalculated to verify the data. 26 Dr. Nermin Hamza Ewais 18/04/2017

  27. Database Availability  Database Availability services make sure that data is accessible to the right person when it is needed.  Availability implies the system fault tolerance and redundancy in the data.  The main mechanisms used to reach database availability is hardware redundancy, database backup, recover log 27 Dr. Nermin Hamza Ewais 18/04/2017

  28. Database Physical security  This service is often disregarded.  physical security asset is the first step in database security.  Several methods can be done in order to achieve physical security as:  walls can be built, security doors, alarms, locks, spring- loaded floors and so on. 28 Dr. Nermin Hamza Ewais 18/04/2017

  29. Take a break 29 Dr. Nermin Hamza Ewais 18/04/2017

  30. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 30 Dr. Nermin Hamza Ewais 18/04/2017

  31. 3- The Database Security Model 31 Dr. Nermin Hamza Ewais 18/04/2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting Revoking Views Database Systems SQL Insertion Attacks Michael Pound Further Reading The Manga Guide to Databases, Chapter 5 Database

285 views • 7 slides
Database Security Enforced Database security - only authorized users can perform authorized

Database Security Enforced Database security - only authorized users can perform authorized

IT360: Applied Database Systems Database Security Kroenke: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 1 Rights Database Security Enforced Database security - only authorized users can perform authorized activities Responsibilities

317 views • 9 slides
CSE 416 Database Issues Database Preliminaries Recap important topics Recap terminology

CSE 416 Database Issues Database Preliminaries Recap important topics Recap terminology

Session 13 Database Issues CSE 416 Database Issues Database Preliminaries Recap important topics Recap terminology Use a good DB modelling tool (e.g., Workbench) You will implement the DB on a shared CS server (e.g., MySQL)

500 views • 12 slides
Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel Secure Databases RBAC in Commercial DBMS Statistical Database Security Simone Fischer-Hbner Applied Security, DAVC17 Relational Database

194 views • 6 slides
DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall

DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall

DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall 2020 University of Virginia 1 Levels of DB Security There are 6 levels that impact database security Database Level database users and

591 views • 21 slides
DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall

DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall

DATABASE SECURITY CS4750 Database Systems Prof. Nada Basit Email: basit@virginia.edu Fall 2020 University of Virginia 1 Levels of DB Security There are 6 levels that impact database security Database Level database users and

380 views • 18 slides
Outline Database Security: Research Motivation and Practice Access Control Multilevel

Outline Database Security: Research Motivation and Practice Access Control Multilevel

Outline Database Security: Research Motivation and Practice Access Control Multilevel Relational Data Model Concurrency and Object Oriented Elisa Bertino, Sushil Jajodia and issues Pierangela Samarati Conclusions Presented

492 views • 5 slides
Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory

Course Content Database Management Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2003 Concurrency Control Data Base Recovery and Security CMPUT 391: Database Recovery and Security

274 views • 12 slides
Session 8 Database, Cloud and IoT Security Sbastien Combfis Fall 2019 This work is

Session 8 Database, Cloud and IoT Security Sbastien Combfis Fall 2019 This work is

I5020 Computer Security Session 8 Database, Cloud and IoT Security Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Database Security

384 views • 24 slides
Database Security CS461/ECE422 Spring 2012 Overview Database

Database Security CS461/ECE422 Spring 2012 Overview Database

Database Security CS461/ECE422 Spring 2012 Overview Database model RelaAonal Databases Access Control Inference and StaAsAcal Databases Database

548 views • 27 slides
Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security

Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security Statistical Database A statistical database is a database which provides statistics on subsets of records OLAP vs. OLTP Statistics may be

397 views • 37 slides
NEBC Database Course 2008 Database Users And Security Backing-Up Data Tim Booth :

NEBC Database Course 2008 Database Users And Security Backing-Up Data Tim Booth :

NEBC Database Course 2008 Database Users And Security Backing-Up Data Tim Booth : tbooth@ceh.ac.uk Overview Areas covered: Controlling who can connect Table-level privileges Defining user groups Remote connections to

557 views • 17 slides
Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin c.coltekin@rug.nl Information science/Informatiekunde Fall 2011/12 Security in Web applications Web, Databases & Security http://xkcd.com/327/ C . C

952 views • 47 slides
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 15 Chapter 5: Database security

CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 15 Chapter 5: Database security

CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 15 Chapter 5: Database security Database Security Relational Databases constructed from tables of data each column holds a particular type of data each row contains a

935 views • 24 slides
EGTDC Database Course 2004 Database Users And Security Backing-Up Data Tim Booth :

EGTDC Database Course 2004 Database Users And Security Backing-Up Data Tim Booth :

EGTDC Database Course 2004 Database Users And Security Backing-Up Data Tim Booth : tbooth@ceh.ac.uk Environmental Genomics Thematic Programme Data Centre http://envgen.nox.ac.uk Overview Areas covered: Controlling who can connect

344 views • 16 slides
TDDD17 Informatjon Security Topic: Database Security Olaf Hartjg olaf.hartjg@liu.se

TDDD17 Informatjon Security Topic: Database Security Olaf Hartjg olaf.hartjg@liu.se

TDDD17 Informatjon Security Topic: Database Security Olaf Hartjg olaf.hartjg@liu.se Acknowledgement: Many of the slides in this slide set are adaptations from slides made available for the database textbook by Elmasri and Navathe. Before

572 views • 24 slides
Implementation and Evaluation of a NAT-Gateway for the General Internet Signaling Transport

Implementation and Evaluation of a NAT-Gateway for the General Internet Signaling Transport

Implementation and Evaluation of a NAT-Gateway for the General Internet Signaling Transport Protocol Roland Bless and Martin Rhricht Institute of Telematics, Department of Computer Science KIT University of the State of Baden-Wuerttemberg

345 views • 15 slides
Towards a compliance audit of SLAs for data replication in Cloud storage J. Leneutre B.

Towards a compliance audit of SLAs for data replication in Cloud storage J. Leneutre B.

Towards a compliance audit of SLAs for data replication in Cloud storage J. Leneutre B. Djebaili, C. Kiennert, J. Leneutre, L. Chen, Data Integrity and Availability Verification Game in Untrusted Cloud Storage, Conference on Decision and Game

484 views • 33 slides
Mission Critical Security for your Mission Critical Applications Bringing NonS top to the

Mission Critical Security for your Mission Critical Applications Bringing NonS top to the

Mission Critical Security for your Mission Critical Applications Bringing NonS top to the Enterprise and the Enterprise to NonS top About XYPRO 29 years serving the HP NonS top community S pecialists in Mission

448 views • 19 slides
SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar

SCADA Testbed for Vulnerability Assessments, Penetration Testing and Incident Forensics Sundar Krishnan & Dr. Mingkui Wei Department of Computer Science Sam Houston State University, Huntsville, Texas ISDFS 2019 SC SCADA Ov Overv

635 views • 22 slides
E-Mail Tools David Hilley davidhi@cc.gatech.edu David Hilley, March 5, 2008 L A T EX - p. 1

E-Mail Tools David Hilley davidhi@cc.gatech.edu David Hilley, March 5, 2008 L A T EX - p. 1

E-Mail Tools David Hilley davidhi@cc.gatech.edu David Hilley, March 5, 2008 L A T EX - p. 1 Roadmap Introduction / Overview Roadmap Introduction Local Mail Utilities Local Mail Utilities & Configuration Mail Server

520 views • 21 slides
CORPORATION December 2, 2011 Fred Hume, President and CEO Safe Harbor The matters that we

CORPORATION December 2, 2011 Fred Hume, President and CEO Safe Harbor The matters that we

DATA I/O CORPORATION December 2, 2011 Fred Hume, President and CEO Safe Harbor The matters that we discuss today will include forward-looking statements that involve risks factors that could cause Data I/O Corporations results to differ

765 views • 30 slides
Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J.

Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J.

Architecture Principles for Data Privacy of Cloud-based Medical Device Services Dr. Andrzej J. Knafel Data Protection Laws Architecture for Selected Technical Controls of Data Privacy Conclusions Data Protection Overview of laws and controls

411 views • 22 slides
ZKLang Implementation and Standardization Jan Camenisch 1 , Manu Drijvers 1 , Maria

ZKLang Implementation and Standardization Jan Camenisch 1 , Manu Drijvers 1 , Maria

ZKLang Implementation and Standardization Jan Camenisch 1 , Manu Drijvers 1 , Maria Dubovitskaya, 1 Jason Law 2 , ... 1: IBM Research Zurich 2: Evernym W3C Verifiable Claims (VC) An effort for standardizing protocols and languages

472 views • 20 slides

More recommend