Defense Techniques And Mechanisms | Database Management System

Defense Techniques And Mechanisms | Database Management System

There are many types of defense and protection mechanism that can be applied to a DBMS system for security, some of them are:

  1. Human Factors
  2. Physical Security
  3. Administrative Controls and Policies
  4. OS and DBMS Security Mechanisms

Human Factors

Since the ultimate users of a DBMS system are humans, so they are the first threat to security. Human factors include such methods that can prevent any security breach by the user: by

  • Legal Legislations. It is unethical for a person to obtain something by cheating, and it is illegal to enter the premises of an organization without permission and use the computer facility containing the database. Many countries have legal laws that make it a Crime to obtain unauthorized access into the computing System of an organization.
  • Clearance Procedures: An organization usually performs certain type of clearance procedure, may be through police verification or detective agencies, for personnel who are going work with the database.
  • Authorization : The DBA is responsible for granting proper database access authorization to the user improper assignment of authorization to a wrong category of users can result in possible Security threat.

Physical Security

Physical Security techniques include the use of physical locks and maintenance of entry (log registers to access computers. There can be many types of physical Security measures:

Disposal of Obsolete Material: Disposal of old storage devices must be done in a proper manner. Any Sensitive data resident on Storage devices to be disposed of must be destroyed.

Controlled Access : Access to the computing facility and storage medium must be restricted to authorized persons only. There must be adequate physical protection, as in the case of any valuable asset.

Material Security: Security of the Storage devices (CD, DVD, magnetic tapes, RAID disk, etc.) within the organization and where being transmitted from one place to another must be ensured. Access to the Computing facility must be guarded, since an unauthorized person can make copies of files.

Terminal Protection: Authorized terminals from which database access is allowed have to be physically Secure; otherwise unauthorized person may be able to steal information from the database using these terminals.

Safety of Sensitive Data : User identification and passwords should be kept safe and confidential, otherwise unauthorized users can steal the id and password of a privileged user and can harm the database.

Administrative Controls and Policies

There are many steps to securing systems and data. One of the first step is to develop a security policy and a security plan. A Security policy identifies the rules to follow to maintain Security in a system and usually is included within a Security plan. A security plan is a description of how these rules will be implemented. Both security policy and plan need to be re-examined on a periodic basis to ensure the currency and compatibility of the system security implementation. Administrative controls are the security and access control policies that determine what information will be accessible to what class of users. These policies are of many types:

Open v/s Closed System: In an open System, a user is allowed to access everything unless access is explicitly denied. In a closed System, user is not allowed to access anything unless access is explicitly granted.

Content-independent Access Control: In this access is allowed to those data object whose names are known to the user. A data object can be a relation name and some of the associated attributes in the case of a relational database. In the case of a network database, it could be a set with the owner and member record types, with some of the associated data fields. Thus, access is independent of the contents of the data object. Consider the following “STUDENT” relation:

All the faculty in an institute may have content independent access to the data object STUDENT (Student name, Course, Hostel). The Accountant of the institute, however, has content independent access to the entire data object STUDENT (Student name, Course, Hostel, Fees).

Content Dependent Access Control: in this policy there can be a finer granularity of access control. For example, The HOD of a department can have content-independent access to STUDENT (Student name, Course, Hostel) and content -dependent access to STUDENT (Student name, Course, Hostel, Fees) such that where he or she is the HOD.

DBMS and OS Security Mechanism

Besides above stated measures the database depends on some of the protection features of the Operating System for Security. Some of the features are:

  1. The operating System must ensure that the files belonging to the database are not used directly without authorization. This authorization can consist the use of passwords for accessing the file. The operating System must also ensure that illegal users using communication facilities are not allowed access to the System. Users must be required to use identification and passwords which must be sufficiently long and must be changed frequently to refrain intruders and hackers.
  2. The protection of data and programs, both in primary and secondary memories. This is usually done by the OS to avoid direct access to the data in primary memory or to online files.