1. DDBMS Security - Bakul Gada

2. Overview Introduction to Database Security Security Issues in centralized databases Security issues in Distributed Databases

3. Introduction • Data security • Protect data against unauthorized access. • Two aspects • Data protection. • Authorization Control.

4. Aspects of Data security • Data Protection • Can be achieved using data encryption techniques. • Authorization Control • It ensures that only authorized users perform, operations that they are allowed to perform on the database. Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

5. Authorization Control • It includes two main issues • Access control • Unauthorized Access to data should not be allowed. • Integrity • Only authorized users should be allowed to modify data in the database.

6. Centralized Authorization Control • Allowing a user to do a particular operation on the subsets of database. • In RDBMS these subsets can be defined using Views. • Views allow limited access to database

7. Methods of Authorization Control • Discretionary Access Control • Based on privileges or access rights • Mandatory Access control • Based on policies that can’t be changed by individual users Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

8. Discretionary Access Control • This can be implemented at two levels • Account Level • Set privileges for each account on different relations • Relation Level • Set privileges to access each individual relation or view Reference: Database Management Systems - R.Ramakrishnan / J Gehrke (2nd ed.)

9. GRANT and REVOKE commands • SQL supports discretionary access control through grant and revoke commands. • Syntax for GRANT and REVOKE commands • GRANT < operation type(s)> ON <object> TO <user(s)> • REVOKE < operation type(s)> ON <object> TO <user(s)> Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

10. Mandatory Access Control • Users classified based on security classes • Top Secret (TS) • Secret (S) • Confidential (C) • Unclassified (U)

11. Bell –LaPadula Model • Most Popular Model for multilevel security. • Two restrictions are enforced on data access based on subject/object classification. • A subject S is not allowed to read an object O unless class(S)  class(O) • A subject S is not allowed to write an object O unless class(S)  class(O) Reference: Bell D.E and LaPadula L.J., "Secure Computer Systems: Unified Exposition and Multics Interpretation", THE MITRE Corporation, July 1975.

12. Authorization Control in Distributed Environment. • More Complex. • Remote User Authentication • Management of distributed authorization rules • Handling of Views and User Groups Reference: Principles of Distributed Database Systems – M. Tamer Ozsu & Patrick Valduriez

13. Solution • Information for authenticating users is replicated at all sites. • All sites of the DDBMS identify & authenticate themselves similarly to the way users do.

14. Integrity • How to guarantee database consistency ? • A database is said to be consistent if it satisfies the set of integrity constraints. • Concurrency control techniques • Locking Technique • Timestamp Ordering • Multiversion Concurrency Control • Validation Concurrency Control Ref: Fundamentals of Database Systems - Elmasri & Navathe (3rd ed)

15. Integrity in Distributed Databases • Concurrency Control techniques need to be employed in Distributed databases. • Two general classes • Pessimistic Concurrency Control • Optimistic Concurrency Control

16. Summary Security issues in Distributed Databases are more complex as compared to Centralized Databases. But they can be taken care of through careful study. • Future Right now, RDBMS is a better choice for distributed applications. OODBMSs are much more difficult to implement in a distributed environment. Steps are being taken to do the same.