Recent Post

Countermeasures: Computer-Based Controls in DBMS

Concerned with physical controls to administrative and includes:
 - Authorization
 - Access controls
 - Views
 - Backup and recovery
 - Integrity
 - Encryption
 - RAID technology

→ The granting of a right or privilege that enables a subject to have legitimate access to a system or a system's object.

→ A mechanism that determines whether a user is who he or she claims to be

Access Control
→ Based on the granting and revoking of privileges

→ A privilege allows a user to create or access (that is read, write, or modify) some database object (such as a relation, view, and index) or to run certain DBMS utilities.

Approaches used by DBMS
→ Discretionary Access Control (DAC)
     Mandatory Access Control (MAC)

Discretionary Access Control (DAC)
  •  Provided by most DBMSs
  •  SQL standard supports through GRANT/REVOKE
  •  Certain weaknesses

Mandatory Access Control (MAC)
  •  System-wide policies that cannot be changed by individual users
  •  Each database object is assigned a security class and each user is assigned a clearance for security class, and rules are imposed on reading and writing of database object by users
  • The SQL standard does not include support for MAC 
  • Popular Bell-LaPudula model based on MAC 

  • A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation
  • A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user, at the time of request
  • Powerful and flexible security mechanism by hiding parts of the data from certain users
  • Access to views, not to base relations

Backup and Recovery
→ The process of periodically taking a copy of the database and log file (and possibly programs) on to offline storage media

→ The process of keeping and maintaining a log file (or journal) of all changes made to the database to enables recovery to be undertaken effectively in the event of a failure

→ Prevents data from becoming invalid, and hence giving misleading or incorrect results

  • The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key
  • Symmetric encryption
  • Asymmetric encryption 
RAID (Redundant Array of independent Disks) Technology
  • Hardware that the DBMS is running on must be fault-tolerant, meaning that the DBMS should continue to operate even if one of the hardware components fail
  • The main hardware components that should be fault-tolerant include disk drives, disk controllers, CPU, power supplies, and cooling fans
  • Disk drives are the most vulnerable components with the shortest times between failure of any of the hardware components 
  • One solution is to provide a large disk array comprising an arrangement of several independent disks that are organized to improve reliability (through mirror and error-correction scheme) and at the same time increase performance (through data stripping)

No comments