… Recap

• Query processing and optimization

• Procedures in query processing

• Translating SQL queries into relational algebra

• Why we translate SQL queries into RA expression?
… Recap

• Algorithm for query processing

• Sorting
• Internal sorting for the purpose sorting internal files.
• External sorting for files which are stored on external
disks.
• Merge-sort
• K-way merging
 CHAPTER TWO

DATABASE SECORITY AND AUTHORIZATION

2.1 Introduction to Database Security

by
Nibretu K
Session Plan
• Topic/Title: Database security and authorization
• Session objectives: At the end of this session, students will be able to:
• Define database security and authorization
• Understand about access control mechanisms
• Discretionary Access Control
• Mandatory Access Control
• Role-Based Access Control
• Encryption/Decryption
• Identify issues related to database Security
• Teaching method: Gap Lecture, Question & answer, and Brainstorming.
• Assessment method: Oral Question, class activity
Outline
• Database security and authorization
• Access control mechanisms
• Discretionary Access Control
• Mandatory Access Control
• Role-Based Access Control
• Encryption/Decryption
• Major issues related to database Security
 …
 What is database security?

 In today's society, some information is extremely important

as to have to be protected.

 For example:
 Disclosure or modification of military information could
cause danger to national security.

 A good database security management system has to handle the

possible database threats.
 …
Definition:

 Database security refers to the range of tools, controls

mechanisms, and measures (policy) designed to establish and
preserve database confidentiality, integrity, and availability.

Security measures must be taken at several levels.

 …
 The collective measures used to protect and secure our
database and database systems against any (intentional or
accidental) threats.
 Threat  any intentional or accidental event that may adversely
affect the system.
 Example:
o Unauthorized copy of data,
o Program data alteration,
o Illegal entry by hackers,,,etc
 …
Three main objectives
Secrecy (confidentiality)

Integrity

Availability
 …
Secrecy
 Information should not be disclosed to unauthorized users.

 For example, a student should not be allowed to examine

other students’ grades.
 …
Integrity
 Only authorized users should be allowed to modify data.

 For example, students may be allowed to see their grades,

yet not allowed to modify them.
 …
Availability
 Information/data (or DB) should be available for users who have a
legal right/privilege.

 Data/information should be available whenever needed.

 Authorized users should not be denied access.

 For example, an instructor who wishes to change a grade should

be allowed to do so.
 DB authentication & authorization
 Authentication is the process of checking whether the user is
the one with the privilege for the access level.

 Database users have different access levels and permission

for different data objects.
 So, the system will check whether the user with a specific
username and password is trying to use the resource.

Who are you? Prove it?

 …
Authorization/Privilege

The process that determines the mode in which a particular

(previously authenticated) client is allowed to access a specific
resource controlled by a server.

 What types of privileges / permissions are given for a user to

access objects / resources?
 What are you allowed to do?
 …

 Any database access request will have the following three major
components.
 Requested Operation (Access privilege):
 What kind of operation is requested by a specific query?
 Requested Object (resources or object ) :
 On which resource or data of the database is the operation sought
to be applied?
 Requesting User (Subject):
 Who is the user requesting the operation on the specified object?
 …

Forms of user authorization

 There are different forms of user authorization on the resource of
the database. These includes :
 Read authorization: the user with this privilege is allowed only
to read the content of the data object.
 Insert authorization: the user with this privilege is allowed only
to insert new records or items to the data object.
 …

 Update authorization: users with this privilege are allowed to

modify content of attributes but are not authorized to delete the
records.
 Delete authorization: users with this privilege are only allowed
to delete a record and not anything else.

 Note: Different users, depending on the power of the user, can have
one or the combination of the above forms of authorization on
different data objects.
 Database Security and the DBA

 The database administrator is the central authority for managing

a database system.
 The DBA’s responsibilities include:
 Account creation.
 Granting privileges to users who need to use the system.
 Privilege revocation.
 Classifying users and data in accordance with the policy of the
organization.
2. Access Control

 A security mechanism for restricting access to a system’s

objects or resources from unauthorized use.

 A way to control the data that is addressable to a given user.

 Protects against a wide variety of threats.

 Unauthorized access
 Unapproved modification of data
 Lack of data confidentiality
 …
Basic elements of Access control
 Subject:
 An entity capable of access resources.
 It is often a software process.
 Eg: owner, group, role,,etc
 Object:
 Resources to which access is controlled.
 Eg: files, records, blocks, programs,,,etc.
 Access right:
 Describe ways in which a subject may access an object.
 Eg: read, write, update, delete…etc
 …
 Two types of AC:
 Discretionary AC
 Mandatory AC
 Discretionary Access Control
 Based on the concept of privileges, and mechanisms for giving
users such privileges.

 It can be ensured by using data control languages.

 GRANT and REVOKE commands.

 Recall
 What are the three types of database languages?
 Privilege
 A permission given by a DBA.
 It provides right to execute a particular types of SQL statement.

 It allows a user to access some data object in a certain manner

(e.g., to read or to modify).

 SQL supports discretionary access control through GRANT

and REVOKE commands.
 …
Grant :
 SQL Grant command is specifically used to provide privileges
(permissions, rights, access) to database objects for a user.

 Syntax:
GRANT privilege_name
ON object_name
TO {user_name | public | role_name}
 …
Example 1:
Suppose that the DBA creates four accounts:A1, A2, A3, A4 and wants
only A1 to be able to create relations. Then the DBA must issue the
following GRANT command in SQL.

GRANT CREATE TABLE

TO A1;
 …
Example 2:
 Suppose that A1 creates the two base relations EMPLOYEE and
DEPARTMENT.
 A1 is then owner of these two relations and hence A1 has all the
relation privileges on each of them.
 Suppose that A1 wants to grant A2 the privilege to insert and delete
rows in both of these relations, but A1 does not want A2 to be able to
propagate these privileges to additional accounts:

 GRANT INSERT, DELETE

 ON EMPLOYEE, DEPARTMENT
 TO A2;
 …
 Note: this command also allows users to grant permissions to
other users too, called grant propagation.
Example 3:
 Suppose that A1 wants to allow A3 to retrieve information from
either of the table (Department or Employee) and also to be able
to propagate the SELECT privilege to other accounts.
 A1 can issue the command:

GRANT select
ON EMPLOYEE, DEPARTMENT
TO A3 with grant option;
 …
 A3 can grant the SELECT privilege on the EMPLOYEE relation
to A4 by issuing:
GRANT SELECT
ON EMPLOYEE
TO A4;

 Note: A4 can’t propagate the SELECT privilege because

GRANT OPTION was not given to A4.
 …
Example 4:
 Suppose that A1 decides to revoke the SELECT privilege on
the EMPLOYEE relation from A3; A1 can issue:
REVOKE SELECT
ON EMPLOYEE
FROM A3;

 Note: The DBMS must now automatically revoke the SELECT

privilege on EMPLOYEE from A4, too, because A3 granted
that privilege to A4 and A3 does not have the privilege any
more.
 …
Example 5:
 Suppose that A1 wants to give back to A3 a limited capability
to SELECT from the EMPLOYEE relation and wants to allow
A3 to be able to propagate the privilege.

 The limitation is to retrieve only the E_NAME, E_AGE,

and E_ADDRESS attributes and only for the tuples with
E_DNO = 5.

 A1 then create the view:

CREATE VIEW A3EMPLOYEE AS
SELECT E_NAME, E_AGE, E_ADDRESS
FROM EMPLOYEE
WHERE E_DNO = 5;
 …

 After the view is created, A1 can grant SELECT on the view

A3EMPLOYEE to A3 as follows:

GRANT SELECT
ON A3EMPLOYEE
TO A3 WITH GRANT OPTION;
 …

Example 6:
 Finally, suppose that A1 wants to allow A4 to update only the
E_SALARY attribute of EMPLOYEE;

 A1 can issue:
GRANT UPDATE
ON EMPLOYEE (E_SALARY)
TO A4;
 …

Revoke :
 Revoke user privileges on database objects if any granted.

 Is a complementary command to GRANT, that allows the

withdrawal of granted privileges.

 When a privilege is revoked from a particular user U, then the

privileges granted to all other users by user U will be revoked.
 …
 Syntax:

REVOKE privilege_name
ON object_name
FROM {user_name | public | role_name}

 Example:
 REVOKE SELECT
 ON EMPLOYEE
 FROM A4

 Note:This revoke command will withdraw a SELECT privilege which

was Granted for user A4 on Employee relation.
 Mandatory Access Control

 Applied based on security classes and clearance levels.

 It is based on system wide policies that cannot be changed
by individual users.

 All-or-Nothing method:
A user either has or does not have a certain privilege.
 …
 It classifies data and users based on security classes.
 Typical security classes are:
Top secret (TS)
Secret (S)
Confidential (C) and
Unclassified (U)
 Where TS is the highest level and U the lowest:
TS ≥ S ≥ C ≥ U.
 …
 Each database object is assigned a security class;
 Each user is assigned clearance for a security class, and rules
are imposed on reading and writing of database objects by
users.

 SQL does not include any support for mandatory access

control.
 …

I Thank You !!!

&
Any Question
??