Chapter 6

database security and authorization

• Introduction
• 1. introduction to database security issue
• 2discretionary access control based on
granting and revoking privileges
• 3 mandatory access control and role –based
access control for multilevel security
 introduction to database security issue
• Database is the collection of related data.
• DB Security: used to protect from external and internal threats to
preserve DB.
Types of database security
• Legal and ethical issues (the right to access certain information)
• Policy issues (what kinds of info should not be made publically available)
• System-related issues (the system levels at which various security
functions should be enforced)
• The need to identify multiple security levels

• Database Authorization
• It’s a process where database manager gets information about users.
 Threats to database
• Loss of integrity the requirement that information
be protected from improper modification.
• Loss of availability refers to making objects available
to a human user or a program to which they have a
legitimate right.
• Loss of confidentiality refers to the protection of data
from unauthorized disclosure.
To protect databases against these types of threats, it is
common to implement four kinds of control measures:
 Threat of DB Cont…
• ■ Access control :The security mechanism of a DBMS must
include provisions for restricting access to the database system
as a whole. This function, called access control, is handled by
creating user accounts and passwords to control the login
process by the DBMS.
• ■ Inference control :The corresponding control measures are
called inference control measures
• ■ Flow control : which prevents information from flowing in such
a way that it reaches unauthorized users.
• ■ Data encryption: which is used to protect sensitive data(such
as credit card numbers) that is transmitted via some type of
communications network. The data is encoded using some
coding algorithm.
 Types of database security mechanisms

• Discretionary security mechanism:These are used

to grant privileges to users, including the capability
to access specific data files, records, or fields in a
specified mode (such as read, insert, delete, or
update).
• Mandatory security mechanism: These are used to
enforce multilevel security by classifying the data
and users into various security classes (or levels) and
then implementing the appropriate security policy
of the organization.
 Database Security and the DBA
• The DBA’s responsibilities include granting
privileges to users who need to use the system
and classifying users and data in accordance
with the policy of the organization. DBA-
privileged commands include commands for
granting and revoking privileges to individual
accounts, users, or user groups and for
performing the following types of actions:
 DB security and the DBA cont…
• 1. Account creation. This action creates a new account and
password for a user or a group of users to enable access to the
DBMS.
• 2. Privilege granting. This action permits the DBA to grant certain
privileges to certain accounts.
• 3. Privilege revocation. This action permits the DBA to revoke
(cancel) certain privileges that were previously given to certain
accounts.
• 4. Security level assignment. This action consists of assigning
user accounts to the appropriate security clearance level. The
DBA is responsible for the overall security of the database
system.
 Cont…
• Action 1 in the preceding list is used to control
access to the DBMS as a whole, whereas
actions 2 and 3 are used to control
discretionary database authorization, and
action 4 is used to control mandatory
authorization.
 Access Control, User Accounts, and
Database Audits
• Whenever a person or a group of persons needs to
access a database system, the individual or group must
first apply for a user account. The DBA will then create a
new account number and password for the user if there
is a legitimate need to access the database. The user
must log in to the DBMS by entering the account number
and password whenever database access is needed.
• The DBMS checks that the account number and
password are valid; if they are, the user is permitted to
use the DBMS and to access the database.
 Discretionary Access Control
• This mechanism is based on granting and revoking
of privileges.
There are two levels for assigning privileges:
• The account level: the DBA specifies the particular
privileges that each account holds independently of
the relations in the database (CREATE TABLE,
CREATE VIEW, DROP, and ALTER). The relation/table
level: the DBA can control the privilege to access
each individual relation or view in the database.
 Discretionary Access Control cont…
• To control the granting and revoking of relation
privileges, each relation R in a database is assigned an
owner account.
• In SQL the following types of privileges can be granted
on each individual relation R:
• SELECT privilege: Gives the account retrieval privilege
• Modify privilege: Gives the account the capability to
modify tuples of R.
• References privilege: Gives the account the capability
to reference relation R.
 Discretionary Access Control cont…
• The mechanism of VIEWS is an important
discretionary authorization mechanism.
• Whenever the owner A of a relation R grants a
privilege on R to another account B, the privilege can
be given to B with or without the GRANT OPTION.
• The GRANT OPTION enables the propagation of
privileges (e.g., user B can propagate the privilege to
other accounts without the knowledge of the user A)
 Example of discretionary
• Suppose that the DBA creates four accounts
(A1, A2, A3, and A4), and issues GRANT
CREATETAB TO A1;
• Now A1 can create tables. Let A1 creates the
two base relations EMPLOYEE and
DEPARTMENT.
•
Example Cont…
 Example cont…
• Next, A1 can issue
• GRANT INSERT, DELETE, ON EMPLOYEE, DEPARTMENT TO A2;
• Now A2 can perform insert/delete operation on these two
tables, but cannot propagate these privileges.
• Next, suppose that A1 issues GRANT SELECT ON EMPLOYEE,
DEPARTMENT TO A3 WITH GRANT OPTION;
• Now A3 can issue GRANT SELECT ON EMPLOYEE TO A4; Now
suppose that A1 decides to revoke the SELECT privilege on the
EMPLOYEE relation from A3,
• REVOKE SELECT ON EMPLOYEE FROM A3;
• The DBMS now automatically revokes the SELECT privilege on
EMPLOYEE from A4, too.
 Mandatory Access Control
• This mechanism provides multilevel security which is
desirable in government, military, and intelligence
applications.
• In many applications, an additional security policy is
needed that classifies data and users based on security
classes. This approach, known as mandatory access
control (MAC), would typically be combined with the
discretionary access control mechanisms.
• It is important to note that most commercial DBMSs
currently provide mechanisms only for discretionary
access control.
 Mandatory Access Control Cont…
• It is possible to store a single tuple in the
relation at a higher classification level and
produce the corresponding tuples at a lower
classification level through a process known as
filtering.