Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 1
Module 7Module 7
Data Base Security MModified by :Ahmad Al GhoulPPhiladelphia UniversityFFaculty Of Administrative & Financial SciencesBBusiness Networking & System Management DepartmentRRoom Number 32406EE-mail Address: [email protected]
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 2
Contents
Concept of a Data Base Components of Data Bases Advantages of Using Data Bases Security Requirements Integrity of the Data Base Element Integrity Field Checks Access Control Change Log
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 3
Concept of a Data Base Collection of data and a set of rules that organise the data
by specifying certain relationships among the data. The data items are stored in a file User is not concerned with the precise physical format of
the file. A data base administrator is the person
– who defines the rules that organise the data– Controls who should have access to what parts of the data
The user interacts with the database through a program called data base manager or DBMS (front-end).
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 4
Components of Data Bases
The data base file consists of – Records: contains one related group of data– Each record contains fields or elements
A data base can be viewed as a two-dimensional table
The logical structure of a data base is called a schema
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 5
Components of Data Bases The name of each column is called an attribute of the data
base. A relation is a set of columns. Users interact with data base managers through commands
that retrieve, modify, add or delete fields and records of the data base– Commands are called a query
DBMSs have precise rules of syntax for queries.SELECT NAME = ‘AYŞE’
retrieves all records having the value AYŞE in the NAME field.
The result of executing a query is a subschema
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 6
Advantages of Using Data Bases Shared access
– Many users can use one common, centralised set of data Min. Redundancy
– Individual users do not have to collect and maintain their own sets of data
Consistency– A change to data value affects all users of data value
Integrity– Values are protected against accidental or malicious incorrect
changes Controlled access
– Only authorised users are allowed to view or modify data values
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 7
Security Requirements Physical data base integrity
– İmmune to power failures Logical data base integrity
– Structure is preserved Element integrity
– Data contained in each element is correct Auditibility
– Trace who accessed/ modified elements Access control
– User is allowed to access to only authorised data User authentication
– To ensure every user is positively identified Availability
– Users can access the data base in general and all the data for which they are authorised
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 8
Integrity of the Data Base Trust the accuracy of the data values Updates are performed only by authorised
individuals Data must be protected from corruption
– The whole data base is damaged– Individual data items are unreadable
Integrity of the data base is the responsibility of the DBMS
Periodic back-ups of a data base DBMS must maintain a log of transactions
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 9
Element Integrity
Authorised users are responsible for putting correct data into the data base– Mistakes in collecting data – Mistakes in computing results– Mistakes in entering data
The DBMS maintains the integrity by:– Applying field checks– Access control– Change log
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 10
Field Checks
Test for appropriate values in a position– Numeric
– Uppercase letter
– A set of acceptable characters
The check ensures that a value falls within specified bounds or is not greater thatn the sum of the values in two other fields
Prevents simple errors as the data is enetered.
25060
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 11
Access Control
A data base may contain data from different sources– Redundant data might have been stored in
many places Data bases have led to the collection and
control of this data at one central source– Who has authorisation to update which
elements– Policy issues
Network Security Philadelphia Universityl
Ahmad Al-Ghoul 2010-2011 12
Change Log
A list of every change made to the data base The log contains
– Original– Modified values
With this log a data base administrator can undo any changes that were in error.
Top Related