Scribd
Upload
31 views

DBMS - MODULE - 5

Transaction process

Uploaded by

jwngcharnrzy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views

DBMS - MODULE - 5

Transaction process

Uploaded by

jwngcharnrzy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

MODULE 5:
Database Security
1. ACCESS CONTROLS

 These are security features that control how people can interact with systems and
resources.
 Goal is to protect from unauthorized access.

2. COMPONENTS OF ACCESS CONTROL

Identifying User ID Validating Password Allow access for resources

3. ACCESS CONTROL MODELS

 These are models which are associated with certain access control technologies and
security mechanisms to enforce their rules and objectives.
 Three main types
a) Discretionary Access Control ((DAC)
b) Mandatory Access Control ((MAC)
c) Role Based Access Control (RBAC)
(

Discretionary Access Control ((DAC)


 It provides users a certain amount of control over their data.
 Data owners can define access permissions for specific users or groups of users.
 Access permissions for each piece of data are stored in an Access Control Lists (ACL)
or Access Control Matrixx (ACM).

[1]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

Advantage – user friendly , flexible , easy to maintain


Disadvantage – Low Level data protection , no centralized access management and
so every time we need to refer ACL

Note : DAC is useful for Small and medium-sized companies

Mandatory Access Control (MAC)

 It is based on security label system


 Users are given security clearance and data is classified into certain levels - secret ,
top secret , confidential etc.
 Used when confidentiality is of outmost importance.
 Every object and subject is given a sensitivity level.

[2]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

For example : Umair can access secret level data from Finance
Finance records are secret level data under Finance

Advantage – High Level of data protection


Disadvantage – Manual configuration of security levels , not user friendly.

Note : MAC is useful for Government, military, law enforcement

Role Based Access Control (RBAC)

 It uses centrally administered controls to determine how subjects and


objects interact.
 It groups users into roles and permissions into rights . Thus changing a
user’s permission can be achieved just by changing the roles they are
allowed to assume.
 The operations that a user is permitted to perform are based on the user's
role.
 This approach has more benefits then DAC or MAC

[3]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

Advantages – Roles can be updated easily , high level of data protection.


Disadvantages – costly , possibility of unlawful access due to overlapping
of responsibilities.

Note : RBAC is used by the majority of enterprises with more than 500
employees

4. INTRUSION DETECTION

 An Intrusion Detection System (IDS) monitors our network for possible dangerous
activity, including malicious acts and violations of security protocols.
 When such a problem is detected, an IDS alerts the administrator but doesn’t
necessarily take any other action.
 There are several types of IDS and several methods of detection employed.

[4]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

Network Intrusion Detection System (NIDS):


• A network intrusion detection system (NIDS) monitors packets moving into and out
of a network or subset of a network to catch security threats.

Host Intrusion Detection System (HIDS):


• A host intrusion detection system lives on and monitors a single host (such as a
computer or device). It monitors the activity of clients on that computer.

Signature-based:
• Signature-based IDS relies on a preprogrammed list of known attack behaviors.
• These behaviors will trigger the alert.
• These “signatures” can include subject lines and attachments on emails known to
carry viruses.

Anomaly-based:
• Anomaly-based IDS begins at installation with a training phase where it “learns”
normal behavior on the network. It alerts an admin anytime it detects any deviation
from that model of normal behavior. AI and machine learning have been very
effective in this phase of anomaly-based systems.

5. SQL INJECTION

• When a part of a website or application allows a user to input information turned


directly into a SQL query, this makes the website vulnerable to SQL injection.
• SQL injection occurs when malicious code is inserted as user input, so once it gets
into the system and is turned into a SQL query, it begins to execute the malicious
code.
[5]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

• Usually the purpose of this malicious code is to access data to steal it (like user
credentials) or delete it (to harm a business).
• There are a few different SQL injection types, including:
a) In-band: Here attacker uses the same channel to both inject the attack and
obtain their desired data results.
b) Out-of-band: Here attacker uses two different channels to send the attack and
then receive the results.
c) Inferential: Here attacker doesn’t transfer data through the web application
but instead send payloads to the database server to look at how it responds
and use the resulting information to infer information about the database. For
example response time of SQL query inferring to likely data volume.

6. PREVENTION OF SQL INJECTION

 System should be designed to prevent SQL injection by detecting user input and
interfaces.
 By reviewing our existing code to check for possibility of vulnerabilities.
 By using tools or software to keep an eye on the security of our system. E.g - Security
Event Manager , Netsparker Vulnerability Scanner etc.

[6]
DBMS Notes Prepared By - Gautam Nath , Asst Professor , BVEC , Karimganj , Assam

[7]

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy