Database Management System
Entity Relationship Model
Transaction And Concurrency Control
Files and Storage
Explain the access control mechanism in dbms.
Access control is responsible for control of rules determined by security policies for all direct accesses to the system. Traditional control systems work with notions subject, object and operation.
What are different threats to a database?
Patches and updates
Failure to update systems, particularly when a patch is issued, is a serious database security risk. Whenever public notice is given about a new patch, hackers are made aware of a weakness and look for systems that have not yet been updated. Therefore, staying on top of software updates is vital.
This is a very common database security vulnerability attack, which exploits a web software weakness to enable various activities such as account impersonation; manipulating user actions; and accessing the database.
Malware can infect various devices, and lead to legitimate users enabling the theft of data as the malicious code embedded in their device uses their access abilities to penetrate an organization.
One of the top database security threats is the lack of protection for backup storage media. Although regulations often demand measures to ensure the security of such media, various cases of data theft involving backup databases show that these measures are often not taken.
Similarly, in large organizations, a list of databases and a record of any sensitive material that they contain is sometimes not complete. Forgotten databases, or new ones that the security team does not know about, can be a serious database security and integrity threat.
Employing substandard password management and authentication methods can allow identity theft, brute force attacks, and social engineering schemes such as phishing.
Another database security risk can occur when an administrator provides a user with rights beyond what they actually need, or when a user abuses their access rights. In either case, databases can be improperly accessed through unintended consequences of legitimate privileges. Similarly, by exploiting low-level access permissions, a skilled attacker can gain entry to high-level privileges.
What is LaPadula security model?
"The Bell-LaPadula security model deals with the preservation of confidentiality, and only confidentiality. Why? Because the government is all about keeping secrets. Lots of different types of secrets with varying levels of secrecy that require different types of classification labels.
The truth about the existence of space aliens would probably be something that is Top Secret.
Compared to aliens, the statistics on the number of Navy SEALS unofficially fighting with the Peshmerga in Kurdistan would probably be labeled a Secret."
What role does encryption plays in database security?
"Encryption helps with mainly the premise of confidentiality – keeping prying eyes off of confidential data.
Confidentiality – keeping data private
Integrity – the accuracy of your data
Availability – keeping your web server online and data available