Aspects Of Database Security Information Technology Essay
Many native methods of providing Database security have also been discussed along with a survey of database threats issues and its remedies. Mechanisms are discussed that propose strengthening the database security.
It seems desirable to get an understanding of the complete set of security problems faced and their problems up-to-date to devise better methodologies for database security issues.
The research study regarding Database Security is organized as follows: Section 1 highlights the native methods of Database Security which have been employed. Section 2 describes the threats faced by databases and Section 3 discusses varies proposed remedies to the Database security issues.
Improper safeguarding of data might compromise database confidentiality, its availability and integrity. In order to prevent this, it is very important to form a comprehensive ‘database security’ concept [term paper link].
Importance of Data
The security of data has always been an issue, but with the increase of applications relying more on databases to store that information, the threats to the security have increased manifold. Security of data is a crucial issue today then ever and the importance of it is clearly understood as well. The three main objectives of Database security include Confidentiality, Integrity and Availability [1]. The databases have to be secured in any case since they contain bulk amount of data both confidential and public. The loss of integrity of data can not only have disastrous affect for a specific user, but the reputation of the whole organization comes at stake. Methods to perturb original data and are required in which data is converted to some anonymous form, in cases where the privacy of data itself is of utmost importance. Anonymization in that case is carried out in such a way that the original data integrity and its relationships are maintained while the data is perturbed for analysis.
Threats to Database
Databases today face a growing risk of threats and vulnerabilities.
Security breaches are typically categorized as unauthorized data observation, incorrect data modification, and data unavailability. Unauthorized data observation results in the disclosure of information to users not entitled to gain access to such information [2]. In case of unauthorized data observation, the data is seen by users for whom that data in not intended. For incorrect data modifications, once the data in the databases is modified, its integrity is lost and then the proper usage of data cannot be carried out. The true information is not available when it is needed.
Countermeasures to Threats
Some countermeasures that can be employed are outlined below:
– Access Controls (can be Discretionary or Mandatory)
– Authorization (granting legitimate access rights)
– Authentication (determining whether a user is who they claim to be)Â
– Backup
– Journaling (maintaining a log file – enables easy recovery of changes)
– Encryption (encoding data using an encryption algorithm)
– RAID (Redundant Array of Independent Disks – protects against data loss due to disk failure)Â
– Polyinstantiation (data objects that appear to have different values to users with different access rights / clearance)Â
– Views (virtual relations which can limit the data viewable by certain users) [3].
Security Solutions for Databases
To protect data from losing its confidentiality, integrity and availability, different mechanisms have been proposed and are currently in use by the Relational Database Management Systems. The protection mechanisms used to provide security to databases include Firewalls – which act as the first line of defense. Intrusion Detection Systems are another form of security which detects intrusions in the database. Achieving high security for databases is a continuous and tough job. Data in the databases has to be secure so that no loss, leakage or unwanted access to it is made. The database security model is structured using the Access Control policy, authorization policy, inference policy, accountability policy, audit policy, and consistency policy [5]. The Access Control Policy for security of databases is focused with some research on the other mechanisms of security as well including Authentication, Inference avoidance, different levels of access control and the protection of data itself.
4.1 Access Control Policy:
The access control system is the database components that checks all database requests and grants or denies a user’s re-quest based on his or her privileges. (Here we assume that the user has been authenticated.) [6]
Discretionary Access Control in RDBMS
Mandatory Access Control in RDBMS
Discretionary Mechanism in OODBMS
Discretionary Mechanism in OODBMS
One of the main mechanisms to secure databases is the access control mechanism. In this regard the assurance that access is granted to authorize users has to be made to avoid compromising the security of the database. Some of the access control methods that are used are discussed, but the list is not exhaustive.
Existing solutions for database security, which are defined for Relational Database Management Systems, are not appropriate for Object Oriented Database Management Systems. This is because OODBMSs are different in terms of the security models they follow. They are richer than the ordinary relational data models. This mainly refers to the authorization principles they follow. So either the relational data models have to be extended to incorporate the object oriented concepts as well or new data models have to be created for the object oriented data models. Object models provide a superset of the functionalities of relational database management system [5].
Discretionary Access Control
In this case, the creator of an object becomes its owner and he has the full right over that object. The owner here then defines the rights to access the information.
Mandatory Access Control
Objects in this case are assigned labels, on the basis of which they have the right to access the information in a database. The security labels assigned could be top secret, secret, classified, unclassified. In this case, the system itself mandates the users their rights to access or modify data.
Discretionary Access Control in OODBMS
In case of object oriented database architecture, objects are stored in the database as compared to the relational database architecture in which strings, values or integers are stored instead. The objects have attributes as well as methods which are invoked to query data from the database.
Mandatory Access Control in OODBMS
In case of mandatory access control, the data in the databases are discussed in which are used the methods
Inference Issue Avoidance
In cases where legitimate data is accessed by the user through queries, it is a risk that he infers further information which is not concerned to him. In such cases the security of user data is compromised.
Data Privacy Protection
The user data becomes identifiable when paired with some existing information. Some mechanism has to be adopted that prevents leakage of confidential information from data that is publicly available. In this regards the process of data-anonymization is used which de-identifies the information for privacy preservation.
Even with the technique of Anonymization, the inference problem still remains in the data mining field. Even though a database is sanitized by removing private information, the use of data mining techniques may allow one to recover the removed information. Several approaches have been proposed, some of which are specialized for specific data mining techniques, such as tools for association rule mining or classification systems, whereas others are independent from the specific data mining technique. In general, all approaches are based on modifying or perturbing the data in some way [2].
Security in Distributed Databases
Some of the most, important security requirements for database management systems are: Multi-Level Access Control: Confidentiality, Reliability, Integrity, and Recovery [8]. Data mining systems are being extended to function in a distributed environment. These systems are called distributed data mining systems. Security problems may be exacerbated in distributed data mining systems [8].
Conclusion
Order Now