Define database security
The mechanisms that protect the database against intentional or accidental threats
What are threats a DB faces
- Unauthorised users
- Authorised users
- Programmers
- DBA
Define confidentiality in databases
Confidentiality: The protection of data from unauthorised disclosure
Define integrity in databases
Integrity: The requirement that information is protected from improper modification
Define availability in databases
Availability: the data is there when we need it
Define authorisation
the granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object (table, view, trigger)
Define authentication
checking you are who you say you are
What are the two types of access control techniques
Discretional access control
Mandatory access control
Explain discretional access control
the owner of the object specifies which subjects can access the object
Explain mandatory access control
the system specifies which subjects can access the object
What is a database object assigned in MAC
a security class
What is each subject assigned in MAC
a clearance for a security class
What components does the Bell-LaPadula model contain
Class(O): the classification of an object O (relation, tuple, column, view, operation)
Class(S): the clearance of a subject S (user, account, program)
What are the rules of Bell-LaPadula
“no read-up” a subject can read an object only if class(S) >= class(O)
“no write-down” a subject can write to an object only if class(S) <= class(O). This is to stop high-level users from leaking secrets into low-level files
what is integrity in Databases
when contrasts are applied data to make sure it can’t be misleading, invalid or incorrect results
Define encryption
encoding data so that it is unreadable if without the decryption key
What areas should we target for encryption
disk
database
network traffic
What is an audit in DB
keep track of all operations from each user through each login session
the audit train (or system log) itself must be secure
What is Redundant array of independent disks
A data storage technique that combines multiple physical disk drive components into one logical unit
What does RAID do
increase reliability - parity (or error checking)
increase performance - striping
improve availability - mirroring
What is data striping
the data is segmented into equal size partitions which are transparently distribute across multiple disks
What is data mirroring
a data storage technique where data is duplicated across multiple physical disk drives
What is the benefit of data striping
improves over I/o performance
What is parity scheme
each byte may have a parity bit associated with it that records where the number of 1s is odd or even (added to the end of data)
