security issues in database
play

Security Issues in Database Dr.Nermin Hamza Ewais Assistance - PowerPoint PPT Presentation

Security Issues in Database Dr.Nermin Hamza Ewais Assistance Professor IT department Faculty of Computing and information Technology King Abd El-Aziz University Abstract Many organizations today are implementing cloud-based solutions to


  1. Security Issues in Database Dr.Nermin Hamza Ewais Assistance Professor IT department Faculty of Computing and information Technology King Abd El-Aziz University

  2. Abstract  Many organizations today are implementing cloud-based solutions to reduce cost and improve the efficient . Due to its high demand, cloud providers are now offering a new service besides the traditional services (IaaS, PaaS and Saas) known as Database as a service or DBaaS which is essentially an on-demand database accessible to the consumers from the cloud over the Internet  The new trend is to make the database outsourced, which gained benefits such as increase data availability, reduce, the cost.  We presented a model based on outsourcing database. The model architecture performs most of the data processing through the SMP (Secure Middle Part), for reducing computation and communication overhead by partially encrypting the data and information and increasing data confidentiality through using deferent encryption techniques. 2 Dr. Nermin Hamza Ewais 18/04/2017

  3. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 3 Dr. Nermin Hamza Ewais 18/04/2017

  4. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 4 Dr. Nermin Hamza Ewais 18/04/2017

  5. 1- Cloud and Cloud Database 5 Dr. Nermin Hamza Ewais 18/04/2017

  6. Cloud  The Term Cloud refers to Network or Internet .  In Other words , we can say that the cloud is some thing which can present in remote location.  Cloud computing is a general term for the delivery of hosted services over the internet.( could be software or Hardware) 6 Dr. Nermin Hamza Ewais 18/04/2017

  7. Cloud : Service Categories  Infrastructure as a service (IaaS)  Platform as a service (PaaS)  Software as a service (SaaS). 7 Dr. Nermin Hamza Ewais 18/04/2017

  8. Cloud : Service Categories  Infrastructure as a service (IaaS)  Is category of cloud computing services. With IaaS, you rent IT infrastructure — servers and virtual machines (VMs), storage, networks, operating systems — from a cloud provider on a pay-as- you-go basis..  Characteristics of IaaS  Distribution of resources as a service  Utility pricing model and variable costs,  Allows multiple users to work on a single set of hardware 8 Dr. Nermin Hamza Ewais 18/04/2017

  9. Cloud : Service Categories  Platform as a service (PaaS)  a cloud provider delivers hardware and software tools -- usually those needed for application development -- to its users as a service  PaaS Characteristics  Develop, test and deploy software and applications  Built-in scalability for load balancing and failover  Web-based tools for the creation, modification and flawless deployment of User Interfaces 9 Dr. Nermin Hamza Ewais 18/04/2017

  10. Cloud : Service Categories  Software as a service (SaaS).  SaaS is the basic and most important form of cloud services that represents the largest portion of the cloud market. It uses the web to distribute applications that are hosted and run by third- party vendors.  As a client, you can run SaaS applications directly via a web browser without having to download or install anything.  Characteristics of SaaS  Access to commercial software on the web  Centralized software management  Managed software upgrades and integration of different software parts with help of APIs 10 Dr. Nermin Hamza Ewais 18/04/2017

  11. Cloud : Service Categories 11 Dr. Nermin Hamza Ewais 18/04/2017

  12. Cloud : Service Categories 12 Dr. Nermin Hamza Ewais 18/04/2017

  13. What about Cloud Database 13 Dr. Nermin Hamza Ewais 18/04/2017

  14. Database as Service  Database as a Service (DBaaS) is a new service model Based on SaaS, DBaaS moves database management system (DBMS) from a traditional client-server architecture to a third party architecture – where data management is not handled by the data owner.  The traditional Client-Server : where the data owner is responsible for managing DBMS and responding to user ’ s queries 14 Dr. Nermin Hamza Ewais 18/04/2017

  15. Database as Service  DBaaS eliminates the need for installing, maintaining and storing data on the local database servers (hard drives or disks).  DBaaS supports structured, unstructured or semi- structured data  Data owners outsource their data to data service providers such as Google , Amazon , and Microsoft etc. who manage large data sets . 15 Dr. Nermin Hamza Ewais 18/04/2017

  16. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 5. Analysis 16 Dr. Nermin Hamza Ewais 18/04/2017

  17. 2- Database Security 17 Dr. Nermin Hamza Ewais 18/04/2017

  18. Database Security Services The database security services are: 1. Database Identification and Authentication 2. Database Access control 3. Database Confidentiality 4. Database Integrity 5. Database Availability 6. Database Physical security. 18 Dr. Nermin Hamza Ewais 18/04/2017

  19. Database Identification and Authentication  This service ensures that the users and programs are correctly identified and verified.  This service depends on the operating systems or database application or both.  The famous mechanisms are DB authentication with passwords, operating system authentication, Kerberos etc … 19 Dr. Nermin Hamza Ewais 18/04/2017

  20. 20 Dr. Nermin Hamza Ewais 18/04/2017

  21. Database Access control  Access control service is also called Authorization security service.  It ensures that the correctly subject, such as users programs, can only perform operations on the allowed database object, such as tables and views.  Discretionary Access Control (DAC)  Mandatory Access Control (MAC)  Role-Based Access Control (RBAC) 21 Dr. Nermin Hamza Ewais 18/04/2017

  22. Database Access control  Discretionary Access Control (DAC)  Subject access object according to a list of permissions granted to the subjects.  In DAC one user could create any object and grant or revoke some permissions as reading, writing … etc. to another user.  Example :  User may transfer object ownership to another user(s).  User may determine the access type of other users.  After several attempts, authorization failures restrict user access. 22 Dr. Nermin Hamza Ewais 18/04/2017

  23. Database Access control  Mandatory Access Control (MAC)  Policies regulate access to data by subjects on the basis of the predefined classifications of the subjects and objects in the system  In mandatory access control (MAC), the system (and not the users) specifies which subjects can access specific data objects.  For example, if a user has a security clearance of secret, and he requests a data object with a security classification of top secret, then the user will be denied access because his clearance is lower than the classification of the object. 23 Dr. Nermin Hamza Ewais 18/04/2017

  24. Database Access control  Role-Based Access Control (RBAC)  Permissions are assigned according to the Role and are centrally administered according to the organization structure  A fundamental difference between DAC and RBAC is that users in RBAC cannot pass access permissions on to other users DAC. 24 Dr. Nermin Hamza Ewais 18/04/2017

  25. Database Confidentiality  This service will prevent the improper discovery of information to unauthorized users. This service can be achieved by two methods , which are  encryption and employee confidentiality training 25 Dr. Nermin Hamza Ewais 18/04/2017

  26. Database Integrity  Database integrity ensures that both the creation and changing of information are done according to a set of predefined rules and constrains  Many mechanisms  Checksum mechanism,  this one is done to ensure the integrity of the stored data by calculate the check sum of this stored data and then store the result.  When the data is accessed the checksum is recalculated to verify the data. 26 Dr. Nermin Hamza Ewais 18/04/2017

  27. Database Availability  Database Availability services make sure that data is accessible to the right person when it is needed.  Availability implies the system fault tolerance and redundancy in the data.  The main mechanisms used to reach database availability is hardware redundancy, database backup, recover log 27 Dr. Nermin Hamza Ewais 18/04/2017

  28. Database Physical security  This service is often disregarded.  physical security asset is the first step in database security.  Several methods can be done in order to achieve physical security as:  walls can be built, security doors, alarms, locks, spring- loaded floors and so on. 28 Dr. Nermin Hamza Ewais 18/04/2017

  29. Take a break 29 Dr. Nermin Hamza Ewais 18/04/2017

  30. Agenda 1. Cloud and Cloud Database 2. Database Security 3. The Database security model 1. Overview of the System 2. Components 3. Query Processing 4. Key Management 30 Dr. Nermin Hamza Ewais 18/04/2017

  31. 3- The Database Security Model 31 Dr. Nermin Hamza Ewais 18/04/2017

Recommend


More recommend