5# Database Security

DATABASE SECURITY

Why Database?
We use database because it is shared access, it will minimal the redundancy data. Moreover it contains Data consistency, Data integrity and Controlled access.


What is Database Secure?

It is the protection that is located in databases from unauthorized access. It is important because information is a critical resource in enterprise and securing data has become a billion dollar industry and people want to secure their confidential information not only from hackers but also from legal, professional direct marketing corporations.

A good database is based on Data independence, Shared access, Minimal redundancy, Data consistency, Data integrity Privacy which signifies that an unauthorized user cannot disclose data and integrity which ensures that an unauthorized user cannot modify data and Availability which ensures that data be made available to the authorized user unfailingly.


There are four levels of enforcing database security that is Physical security which such as storage medium safekeeping and fire protection, Operating system security which such as the use of an access control matrix, capability list and accessory list and DBMS security such as protection mechanisms and query modification and also Data encryption such as RSA scheme and data encryption standard.


There are five basic security requirements for database such as database integrity, element integrity, access control, user authentication and availability.

Database Integrity

Users must be able to trust the accuracy of the data values in database. Updates in database must be performed only to authorized individuals and most important is data must be protected from corruption either by an outside illegal program action and an outside force. One way for database to secure is to make a backup.

Element Integrity

DBMS maintains element integrity in three ways such as Field checks which tests the appropriate values in a position such as null value control, default value. Next is access control is controls the access rights to users such as the authorization to update certain element and at last Change log which maintaining change log for the database (a change log is a list of every change made to the database.

Why we need audit record?

This helps to maintain the integrity of a database or discover who had affected what values and when. It also enables users to build up access to protected data incrementally.


Access Control

In access control we focus on Recall, access control for Operating Systems which deals with unrelated data and with entire files and lastly with access control for Databases which deals with records and fields and also concerned with inference of one field from another.


Availability

We focus on Availability on Arbitration of two users' request for the same record and withholding some non protected data to avoid revealing protected data.

Good Internal Consistency.

To get a good consistency, error detection and code correction is needed. One of the way is Hamming Codes. Hamming code is a linear error-correcting code named after its inventor, Richard Hamming. Hamming codes can detect up to two simultaneous bit errors, and correct single-bit errors thus, reliable communication is possible when the Hamming distance between the transmitted and received bit patterns is less than or equal to one.

The goal of Hamming codes is to create a set of parity bits that overlap such that a single-bit error (the bit is logically flipped in value) in a data bit or a parity bit can be detected and corrected. While multiple overlaps can be created, the general method is presented in Hamming codes.

Other than that, good internal consistencies also depend on shadow fields, recovery such as back up, concurrency and monitor.

Secrecy Vs Precision
Secrecy

It is focus only data that is not sensitive and reject any query which mentions a sensitive field.

Precision

Protect all sensitive data while revealing as much no sensitive data as possible.
Do you know Inference?
It derived sensitive data from non- sensitive data. Three basic paths to controlling the inference problem that is suppressing obviously sensitive information, track what the user knows, and disguise the data.



Multilevel Security in Database.
1) Encryption

If sensitive data is encrypted, a user who accidentally receives sensitive data cannot interpret the data. It is not foolproof since the user can mount a plaintext attack and substitute the encrypted form of his or her data. Thus the solution is to use different encryption for each record and a different key for each field or just cryptographically link fields of a record by using a block chaining method such as Cipher Block Chaining (CBC), Cipher Feedback (CFB).


2) Integrity lock

It is a way to provide both integrity and limited access for a database. Method nicknamed 'spray paint' since each element is painted with a color which denotes its sensitivity. The color is maintained with the element and not in an external table. It can be classify on three way that is unforgeable which malicious subject cannot create a new sensitivity label for an element. Next is unique which malicious subject cannot copy a sensitive level from another element and lastly concealed which a malicious subject cannot even determine the sensitivity level of an arbitrary object.


3) Sensitivity lock

A sensitivity lock is a combination of a unique identifier and the security level. It must not be able to identify two elements having identical security levels just by looking at the security portion of the integrity lock. As a result of the encryption, the lock's contents, especially the security level, are concealed.


4) Trusted Front-End

A trusted front end also known as a guard functions much like the monitor we discussed while we were studying operating system security methods. Many DBMS built and put into use without consideration for multilevel security.

5) Commutative filters

This is an interface with both the user and database manager. The filter reformats query such that DBMS does as much of the work as possible, screening out many unacceptable records and provides second screening to select only data to which user has access.
Thank you for spending time to read this page. =)