Security Issues

Security Issues

Types of Security

Database security addresses following issues -

(1) Legal Issues: There are many legal or ethical issues with respect to right to access information. For example - If some sensitive information is present in the database, then it must not be accessed by unauthorized person.

(2) Policy Issues: There are some government or organizational policies that tells us what kind of information should be made available to access publicly.

(3) System Issues: Under this issue, it is decided whether security function should be handled at hardware level or at operating system level or at database level.

(4) Data and User Level Issues: In many organizations, multiple security levels are identified to categorize data and users based on these classifications. The security policy of organization must understand these levels for permitting access to different levels of users.

Threats to Database

Threats to database will result in loss or degradation of data. There are three kinds of loss that occur due to threats to database

(1) Loss of Integrity:

• Database integrity means information must be protected from improper modification.

• Modification to database can be performed by inserting, deleting or modifying the data.

• Integrity is lost if unauthorized changes are made to data intentionally or accidently.

• If data integrity is not corrected and work is continued then it results in inaccuracy, fraud, or erroneous decision.

(2) Loss of Availability:

• Database availability means making the database objects available to authorized

users.

(3) Loss of Confidentiality:

• Confidentiality means protection of data from unauthorized disclosure of information.

• The loss of confidentiality results in loss of public confidence, or embarrassment or some legal action against organization.

Control Measures

• There are four major control measures used to provide security on data in database.

1. Access control

2. Interface control

3. Flow control

4. Data encryption

• Access Control: The most common security problem is unauthorized access to of computer system. Generally this access is for obtaining the information or to make malicious changes in the database. The security mechanism of a DBMS must include provisions for restricting access to the database system as a whole. This function, called access control.

• Inference Control: This method is used to provide the security to statistical database security problems. Statistical databases are used to provide statistical information based on some criteria. These databases may contain information about particular age group, income-level, education criteria and so on. Access to some sensitive information must be avoided while using the statistical databases. The corresponding measure that prevents the user from completing any inference channel.

• Flow Control: It is a kind of control measure which prevents information from flowing in such a way that it reaches unauthorized users. Channels that are pathways for information to flow implicitly in ways that violate the security policy of an organization are called covert channels.

• Data Encryption: The data encryption is a control measure used to secure the sensitive data. In this technique, the data is encoded using some coding algorithm. An unauthorized user who accesses encoded data will have difficulty deciphering it, but authorized users are given decoding or decrypting algorithms (or keys) to decipher the data.

Database Security and DBA

• DBA stands for Database Administrator, who is the central authority for managing the database system.

• DBA is responsible for granting privileges to users who want to use the database system.

• The DBA has a DBA account in the DBMS which is sometimes called as system or superuser account. It provides powerful capabilities that are not made available for regular database accounts and users.

• DBA makes use of some special commands that perform following type of actions –

1. Account Creation: This command helps in creating a new account and password for a single user or for group of users.

2. Privilege Granting: This command allows the DBA to grant privileges to certain accounts.

3. Privilege Revocation: This command allows the DBA to cancel the privileges to certain accounts.

4. Security Level Assignment: This action assigns user account to the appropriate security clearance level.

Thus the DBA is responsible for the overall security of the database system.