PART 10
Additional Database Topics: Security and Distribution
Chapter 24
Database Security
This chapter discusses techniques for securing data-bases against a
variety of threats. It also presents schemes of providing access privileges to
authorized users. Some of the security threats to databases—such as SQL
Injection—will be presented. At the end of the chapter we also summarize how a
commercial RDBMS—specifically, the Oracle system—provides different types of
security. We start in Section 24.1 with an introduction to security issues and
the threats to databases, and we give an overview of the control measures that
are covered in the rest of this chapter. We also comment on the relationship
between data security and privacy as it applies to personal information.
Section 24.2 discusses the mechanisms used to grant and revoke privileges in
relational database systems and in SQL, mechanisms that are often referred to
as discretionary access control. In
Section 24.3, we present an overview of the mechanisms for enforcing multiple
levels of security—a particular concern in database system security that is
known as mandatory access control.
Section 24.3 also introduces the more recently developed strategies of role-based access control, and
label-based and row-based security. Section 24.3 also provides a brief
discussion of XML access control. Section 24.4 discusses a major threat to
databases called SQL Injection, and discusses some of the proposed preventive
measures against it. Section 24.5 briefly discusses the security problem in
statistical databases. Section 24.6 introduces the topic of flow control and
mentions problems associated with covert channels. Section 24.7 provides a
brief summary of encryption and symmetric key and asymmetric (public) key
infrastructure schemes. It also discusses digital certificates. Section 24.8
introduces privacy-preserving techniques, and Section 24.9 presents the current
challenges to database security. In Section 24.10, we discuss Oracle
label-based security. Finally, Section 24.11 summarizes the chapter. Readers
who are interested only in basic database security mechanisms will find it
sufficient to cover the material in Sections 24.1 and 24.2.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.