DBMS Notes

mobiprep (6).png

Database Management System

mobiprep (6).png

Data Modeling

mobiprep (6).png

Database Architecture

mobiprep (6).png

Relational Model

mobiprep (6).png

Relational Algebra

mobiprep (6).png

Entity Relationship Model

mobiprep (6).png

Functional Dependencies

mobiprep (6).png

Normalization

mobiprep (6).png

Transaction And Concurrency Control

mobiprep (6).png

Deadlock

mobiprep (6).png

Files and Storage

mobiprep (6).png

Indexing

Heading

Q

1

Explain the access control mechanism in dbms.

LRM_EXPORT_207556595493866_20190724_1939

Ans

Access control is responsible for control of rules determined by security policies for all direct accesses to the system. Traditional control systems work with notions subject, object and operation.

LRM_EXPORT_207556595493866_20190724_1939

Q

2

What are different threats to a database?

LRM_EXPORT_207556595493866_20190724_1939

Ans

System Threats

Patches and updates
Failure to update systems, particularly when a patch is issued, is a serious database security risk. Whenever public notice is given about a new patch, hackers are made aware of a weakness and look for systems that have not yet been updated. Therefore, staying on top of software updates is vital.

Injections
This is a very common database security vulnerability attack, which exploits a web software weakness to enable various activities such as account impersonation; manipulating user actions; and accessing the database.
Internal-Database-security-threats

Malware
Malware can infect various devices, and lead to legitimate users enabling the theft of data as the malicious code embedded in their device uses their access abilities to penetrate an organization.

Neglected Databases
One of the top database security threats is the lack of protection for backup storage media. Although regulations often demand measures to ensure the security of such media, various cases of data theft involving backup databases show that these measures are often not taken.

Similarly, in large organizations, a list of databases and a record of any sensitive material that they contain is sometimes not complete. Forgotten databases, or new ones that the security team does not know about, can be a serious database security and integrity threat.

Credential Threats

Employing substandard password management and authentication methods can allow identity theft, brute force attacks, and social engineering schemes such as phishing.

Privilege Threats

Another database security risk can occur when an administrator provides a user with rights beyond what they actually need, or when a user abuses their access rights. In either case, databases can be improperly accessed through unintended consequences of legitimate privileges. Similarly, by exploiting low-level access permissions, a skilled attacker can gain entry to high-level privileges.

LRM_EXPORT_207556595493866_20190724_1939

Q

3

What is LaPadula security model?

LRM_EXPORT_207556595493866_20190724_1939

Ans

"The Bell-LaPadula security model deals with the preservation of confidentiality, and only confidentiality. Why? Because the government is all about keeping secrets. Lots of different types of secrets with varying levels of secrecy that require different types of classification labels.

Example 1
The truth about the existence of space aliens would probably be something that is Top Secret.

Example 2
Compared to aliens, the statistics on the number of Navy SEALS unofficially fighting with the Peshmerga in Kurdistan would probably be labeled a Secret."

LRM_EXPORT_207556595493866_20190724_1939

Q

4

What role does encryption plays in database security?

LRM_EXPORT_207556595493866_20190724_1939

Ans

"Encryption helps with mainly the premise of confidentiality – keeping prying eyes off of confidential data.

Confidentiality – keeping data private
Integrity – the accuracy of your data
Availability – keeping your web server online and data available

LRM_EXPORT_207556595493866_20190724_1939