Database Security | Part 2

Database Security | Part 2

Protection to government and commercial databases

The techniques of protection are mainly the following:

  • Partitioning in databases (with associated problems of redundancy and data inconsistency);
  • Cryptographic techniques;
  • Integrity lock: use of checksum (checksums), which, calculated according to the value of the data, are stored and recalculated at each access to the data. If the amount is changed, it means that the data has been improperly altered (integrity check);
  • Front-end security between users and DBMS;
  • Views, or definition by the database administrator (DBA) of sub-schemes (views) of the database showing just the data available.

To translate policies into mechanisms, and to verify the safety, security models are used. Addition, crucial aspects of the project for secure systems are:

  • The choice of environment hardware / software;
  • External protection (organizational, physical);
  • Protection Center (login, authentication, audit);
  • The safety provided by the operating system;
  • The reliability of hardware / software;
  • The administrative, human, organizational, economic.

For both databases, those classified / public and commercial, security is based on organizational control and hardware / software. Some attempts in progress consist of applying trusted DBMS and commercial databases. However there are strict controls, inadequate, expensive and not effective against attacks such as Trojan horses and teapdoor applications software. For the basics government, the main solution is to create multilevel DBMS architectures, such as:

  • Integrity Lock (Miter Corporation) available in the product TrueData;
  • Kernelized architecture (SRI) in Secure Oracle;
  • Trusted subject architecture (Model ASD-RTW) made by Sybase, Rubix, Informix, Oracle, Dec.

Models of Database Security

The security models, or more properly a permitting system for databases, are used to express formally protection policies of a given system and verify some security properties that must be met by the system that implements it. The models are divided into two categories:

  • Models discretionary policies for systems with propagation and privileges of ownership (GRANT / REVOKE);
  • Models Mandatori, for systems with highly sensitive data. They are characterized by individuals with clearance, items with labeling (label), procedures for the safe management of Classification and Labeling (use of trusted software).

Database Security Issues In Federated Distributed Databases

The evolution of information systems and databases distributed to global solutions, leading to new information availability, but at the same time creates new security problems. The security problems in the federation of databases, or in systems where several pre-existing databases are aggregated to form a set of data accessible over the network, including new security problems that arise from the fact that:

  • Various data are put into sharing, while others remain with the sites;
  • The access policies can be different for different sites;
  • Users are increasing and can work either locally or remotely, with different profiles.

Are also new patterns of authentication methods to establish policies for access control, distributed architectures that include security aspects.

You may have associations with low, medium and high autonomy. The federated databases have the need to:

  • Large-scale cooperation between databases: this involves issues of autonomy and sharing information;
  • Retention of information systems and databases, legacy: this leads to problems of heterogeneity and interoperability.

Data Distribution and Security

The distribution of the data can be through data partitioning and horizontal or vertical, or through data replication. The benefits of distribution are increased availability and reliability and improved access times to data. Other aspects of distribution, and therefore the safety, are:

  • Multiplicity of local governments;
  • Diversity and security.

Security For The Online Databases

The infrastructure created with the Internet offers the opportunity to make available information of any kind having as basis the standard interface offered by Web browsers. Entering the merits of the specific issue of the publication of the contents of databases via a Web server, there are two possible architectural solutions:

  • Two tier architecture, in which the Web server direct access to data through standard protocols or proprietary protocols for specific applications;
  • Three tier architecture, where an application server acts as an intermediary between the demands of Web servers and the actual polling data access.

Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.


Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.