- 1. By Ibrahim AL-Raee Database Security
2. Outline
- Microsoft Access Database Security
3. Introduction Database Security 4. What Is Database
Security?
- It is a collection of information stored in a computer.
- It is being free from danger.
- It is the mechanisms that protect the databaseagainst
intentional or accidental threats.
5. Three Main Aspects
6. Secrecy
- It is protecting the database fromunauthorizedusers.
- Ensures that users areallowedto do the things they are trying
to do.
-
- The employees should not see the salaries of their
managers.
7. Integrity
- Protecting the database fromauthorizedusers.
- Ensures that what users are trying to do iscorrect .
-
-
- An employee should be able to modify his or her own
information.
8. Availability
- Authorized users should be able to access data for Legal
purposes as necessary
-
- Payment orders regarding taxes should be made on time by the
tax law.
9. Security Problems Database Security 10. What is a Threat?
- Threat :it can be defined as a hostile agent that, either
casually or by using:
- delete the informationmanaged by aDBMS
11. Two Kinds of Threat
-
- Natural or accidental disasters.
-
- Errors or bugs in hardware or software.
-
-
- Those who abuse their privileges and authority.
-
-
- Those improper users (outsider or insiders).
-
-
- who attack the software and/or hardware system, or read or
write data in a database.
12. Database Protection Requirements
- Protection from Improper Access
- Protection from Inference
- Integrity of the Database
- Management and Protection of Sensitive Data
13. Security Controls 14. Type of Security Controls
15. Flow Control
- Flow controls regulate the distribution (flow) of
informationamong accessible objects .
- A flow between object X and object Y occurs when a statement
reads values from X and writes values into Y.
- Copying data from X to Y is the typical example of information
flow.
16. Inference Control
- Inference control aim at protecting data from indirect
detection.
- Information inference occurs when: a set X of data items to be
read by a user can be used to get the set Y of data.
- An inference channel is a channel where users can find an item
X and then use X to get Y as
17. Main Inference Channels
- Occurs when a user derives:
-
- unauthorized data (say Y)
-
- from an authorized source (say X).
- If visible data X is semantically connected to invisible data
Y.
18. Indirect Access Occurs when a user derives unauthorized data
(say Y) from an authorized source (say X). GradeReport OR SELECT
Name FROM GradeReport WHERE ID=120000348 SELECT NameFROM
GradeReport WHERE grade = A B 120000756 Mohammed A 120000636 AhmedA
120000348 Ibrahimgrade ID Name 19. Correlated Data If visible data
X is semantically connected to invisible data Y. Position
(visible)-------------> Salary (invisible). 7000 SR Staff
Mohammed 7000 SR Staff Ahmed10000 SR Manager Ibrahim
SalaryPositionName 20. Access Control
- Access control in information system are responsible
forensuringthatall direct accesses to the system objectsoccur base
on modes and rules fixed by protection policies.
- An access control system includes :
-
- subjects (users, processes).
-
- Who access objects (data, programs).
-
- Through operations (read, write, run).
21. Access Control (cont.) 22. Microsoft Access Database
Security 23. Microsoft Access
- Database management system (DBMS) that functions in the Windows
environment and allows you to create and process data in a
database.
- In Microsoft Access, a complete security system contains
several parts.
- These parts include workgroups, user and group accounts,
ownership and permission assignments.
- A workgroupis a group of users listed in a system database
file, who usually share data in a multi-user environment.
- Ownershipis a security feature that establishes which account
owns a database and its objects.
- Permission assignmentsestablish levels of authority for each
user or group to use database objects.
24. Setting Logon Procedures
- Start Access.Do not open a database
- Choose Tools, Security, User And Group Accounts.
- Verify that the Users tab is selected and that Admin is
selected in the User Name text box.
4.Select the Change Logon Password tab.In the New Password text
box, type password. 25. Setting Logon Procedures(cont.) 5.In the
Verfiy text box, type password. 6.Click OKto accept your new
password.7.Exit Access. 8.Start Access. Try to open MyNewApp.mdb.
9.In the Name text box, type Admin. In the Password text box, type
password. 10.Click OK . Now MyNewApp.mdb opens! 26. Setting a
database password
- Click the Open Database button
-You need to use the Open dialog box.3.Select MyNewApp.mdb.
Click on the arrow next to the Open button. 4.Choose Open Exclusive
27. Setting a database password(cont.) 5.Choose Tools, Security,
Set Database Password 6.In the Password and Verify text boxes, type
dbpassword. . 7.Click OK 8.Close the database. 9.Let's test the
password to see if it works.Open MyNewApp.mdb. 10.Type dbpassword,
and click OK.The database opens. 28. Conclusion 29. Conclusion
- The goal of database security is
toprotectyourcriticalandconfidentialdata fromunauthorized access
.
- Each organization should have adata security policy , which is
a set of high-level guidelines determined by: