Gurugram Delhi(NCR), Approved by AICTE,Govt.

of India,
Affiliated to Maharishi Dayanand University

BACHELOR OF BUSINESS
ADMINISTRATION

COURSE FILE
DATABASE MANAGEMENT SYSTEM
BBA-405

BY-: Amar Nath Paswan

(ASST. PROFESSOR)
 UNIT-4

Database security

Security refers to protection of data against unauthorized access, alteration

or deletion. Database security refers to the collective measures used to
protect and secure a database or database management software from
illegitimate use and malicious threats and attacks.

Database security covers and enforces security on all aspects and

components of databases. This includes:

 Data stored in database

 Database server
 Database management system (DBMS)
 Other database workflow applications
 Database security is generally planned, implemented and maintained
by adatabase administrator and or other information security
professional.
 Some of the ways database security is analysed and implemented include:
 Restricting unauthorized access and use by implementing strong and
multifactor access and data management controls
 Load/stress testing and capacity testing of a database to ensure it
does notcrash in a distributed denial of service (D DoS) attack or user
overload
 Physical security of the database server and backup equipment from
theftand natural disasters
 Reviewing existing system for any known or unknown vulnerabilities
anddefining and implementing a road map/plan to mitigate them

Importance of database security

Database security is more than just important: it is essential to any company
with any online component. Sufficient database security prevents data bring
lost or compromised, which may have serious ramifications for the company
both in terms of finances and reputation. Database security helps:

 Company’s block attacks, including ransom ware and breached

firewall,which in turn keeps sensitive information safe.
 Prevent malware or viral infections which can corrupt data, bring
down anetwork, and spread to all end point devices.
 Ensure that physical damage to the server doesn’t result in the loss of data.
 Prevent data loss through corruption of files or programming errors.
 Database Security Issues
 Daily Maintenance: Database audit logs require daily review to make
certain that there has been no data misuse. This requires overseeing
database privileges and then consistently updating user access accounts.

 Post-Upgrade Evaluation: When a database is upgraded it is necessary for

the administrator to perform a post-upgrade evaluation to ensure that
security is consistent across all programs. Failure to perform this operation
opens up the database to attack.

 Application Spoofing: Hackers are capable of creating applications that

resemble the existing applications connected to the database. These
unauthorized applications are often difficult to identify and allow hackers
access to the database via the application in disguise.

 Manage User Passwords: Password rules and maintenance needs to be

strictly enforced to avoid opening up the database to unauthorized users.

 Malware infections causing incidents such as unauthorized access, leakage

or disclosure of personal or proprietary data, deletion of or damage to the
data or programs, interruption or denial of authorized access to the
database

 Data corruption and/or loss caused by the entry of invalid data or

commands, mistakes in database

 Design flaws and programming bugs in databases and the associated

programs and systems, creating various data loss/corruption,
performance degradation etc.

Security Threats

A threat is any situation, event or person that will adversely affect the
database security and smooth functioning of the organization.

Types of threats

 Data Tampering
 Data Theft
 Falsifying user’s Identities
 Password related threats
 Unauthorized access to data
Data security requirements
Data is most important part of an organization so we need to secure it from
varioustypes of threats. So the appropriate technologies are used to resolve
these security issues.

1. Confidentiality

 Access Control: Access to data is controlled by means of

privileges,roles and user accounts.
 Authenticated users: Authentication is a way of implementing
decisions of whom to trust. It can be employ passwords, finger
prints etc.
 Secure storage of sensitive data: It is required to prevent
datafrom hackers who could damage the sensitive data
 Privacy of communication: The DBMS should be capable of controlling
the spread of confidential personal information from unauthorized
people such as credit cards etc.

2. Integrity: Integrity contributes to maintaining a secure database by

preventing the data from becoming invalid and giving misleading results. It
consists of following aspects:
 System and object privileges control access to applications tables
andsystem commands so that only authorized users can change the data.
 Integrity constraints are applied to maintain the correctness and
validity ofthe data in the database.
 Database must be protected from viruses so firewalls and anti-
virusesshould be used.
 Ensures that access to the network is controlled and data is not
vulnerableto attacks during transmission across network.

3. Availability: Data should always be made available for the authorized

user bythe secure system without any delays.
 Ease of use: Resources managed by users for working with databases
shouldbe effectively managed so that it is available all the time to valid
users.
 Flexibility: Administrators must have all the relevant tools for
managinguser population.
 Scalability: System performance should not get affected by the
increase innumber of users or processes which require services from
system
Measures of Control
 Access Control − Access control includes security mechanisms in a
database management system to protect against unauthorized access.
A user
 can gain access to the database after clearing the login process
through only valid user accounts. Each user account is password
protected.
 Flow Control − Distributed systems encompass a lot of data flow from
one site to another and also within a site. Flow control prevents data
from being transferred in such a way that it can be accessed by
unauthorized agents. A flow policy lists out the channels through
which information can flow. It also defines security classes for data as
well as transactions.
 Data Encryption − Data encryption refers to coding data when
sensitive data is to be communicated over public channels. Even if an
unauthorized agent gains access of the data, he cannot understand it
since it is in an incomprehensible format
Data Encryption

Data encryption is a technique for providing confidentiality for transmitted

data or text before transmission or storage which makes it more difficult to
extract information content.

Plaintext: original message or data that is fed into the algorithm as input.

Encryption Algorithm: this algorithm performs various substitution and

transformations on the plaintext.

Cipher text: This is scrambled message produced as the output.

Techniques used for encryption

1. Transposition ciphers: it retains the identity of the original

characters ofthe plaintext but change their position.
 2. Substitution ciphers: It retains the relative position of the characters
in theoriginal plain text but hide their identity in the cipher text.

Types of Encryption

1) Private key Encryption

 In this cryptography, the encryption and decryption is done using the

samesecret key.
 The sender encrypts the message with an encryption algorithm using a
copyof the secret key.
 The encrypted message is then send over public communication channels.
 On receiving the encrypted message, the receiver decrypts it with a
corresponding decryption algorithm using the same secret key.

A) Data Encryption Standards (DES)

The DES is an iterative cipher repeatedly applying both transposition and

substitution operations to blocks of data on the basis of the encryption key
which isprovided to the authorized users via a secure mechanism.

2) Public key Encryption

 Public key algorithms are based on mathematical functions rather than

on simple operations on bit patterns.
 Public key cryptography uses two different keys, referred to as public
key and the private key.
 Each user generates the pair of public key and private key. The user
thenputs the public key in an accessible place.
 When a sender wants to sends a message, he encrypts it using the
public keyof the receiver.
 On receiving the encrypted message, the receiver decrypts it using his
private key. Since the private key is not known to anyone but the
receiver, no other person who receives the message can decrypt it.

Public key encryption includes the following:

 Plaintext
 Encryption algorithm
 Public key and private key: Each user has two keys.
 o Public Key: used to encrypt data, but cannot be used to decrypt data.
o Private key: Key known only to individual user, and used to
decryptdata.
 Cipher text
 Decryption Algorithm

A) RSA Public key Encryption Algorithm

 Was developed by Ron Rivest Adi Shamir and Len Adleman in 1977.
 It is based on the hardness of factoring a very large number (100’s of
digits)into its prime components.

Disadvantages of encryption

 Encryption data gives rise to serious technical problems at the level of

physical storage organization.
 As long as a user protects his private key incoming communication is
secureotherwise an intruder can decrypt it.

FIREWALL

A firewall is a software program or hardware device that filters the inbound

and outbound traffic between user network or computer and the internet. It is
a barrier between Local Area Network (LAN) and the Internet. It allows
keeping private resources confidential and minimizes the security risks. It
controls network traffic, in both directions

How Does It Protect

Firewall can help the user in protecting the data and computer by blocking:

 Traffic from known malicious computers.

 Attacks on the computer and attempts to access data.
 Malware coming into user’s computer or network.
Types of firewall

 Packet filtering: These firewall works at the network layer of the OSI
model. It compares each packet with a set of criteria before forwarding
them. The firewall can drop the packet, forward it tom the network or
send itto the originator, depending on the outcome of the comparison of
the packet and the criteria.

 Circuit level gateways: These firewall works at the session layer of the
OSI model. They monitor the TCP handshaking between packets to
determine whether a requested session is legal.
 Application level gateways: These firewall works at the application
level of the OSI model. The packets cannot access services for which
there i9is no proxy. These can also use to log user activities and logins
 Stateful multilayer inspection firewall: This firewall is a combination
of all the previous firewalls. They filter packets at the network layer,
determinewhether session packets are legal and evaluate the contents of
packets at the application layer.
Database Recovery

Recovery is a process of restoring the database to the most recent consistent

statethat existed prior to the occurrence of failure in the transaction.

The typical strategies for database recovery are −

 In case of soft failures that result in inconsistency of database, recovery
strategy includes transaction undo or rollback. However, sometimes,
transaction redo may also be adopted to recover to a consistent state of
the transaction.
 In case of hard failures resulting in extensive damage to database,
recovery strategies encompass restoring a past copy of the database
from archival backup. A more current state of the database is obtained
through redoing operations of committed transactions from transaction
log.
Types of Failure

 System crash
 Disk failure
 Logical errors
 Natural and physical disaster

BASIC RECOVERY CONCEPTS

• Backup mechanism – it makes periodic backup copies of the database.

• Logging concept – that keeps the track of current state of transaction
and thechanges made in the database.
• Check pointing mechanism – that enables update to be made permanent

Recovery Techniques

 A backup mechanism that makes periodic backup copies of the database.

 Logging concept that keeps track of current state of transaction
and thechanges made in the database.
 Check pointing mechanism that enables update to be made permanent.

CHECKPOINTS

In case of system failure, we check the logs to determine which of the

transactionsneed to be redone and those which need to be undone.
When a system issues a checkpoint, the following operations are performed.

 All log information from the buffers in the main memory is

copied tolog on the stable storage.
 All database updates from the buffers are written to the disk.
 A checkpoint record is written to log on the disk so subsequent
databases recovery could be coordinated with the checkpoint.

LOG BASED RECOVERY TYPES

In this method, a Log is kept on stable storage a consist of series of log

records. The log will record the sequence of database operations, and
can be used to replay the database actions after a failure. The recovery
manager uses the log to restore data items to their consistent state.

Types of Log based recovery

 Deferred update: the main aim is to defer or postpone any actual

update to a database until the transaction completes successfully and
reaches its commit point.
 Immediate update: In this technique, when a transaction issues an
update command, the database can be updated immediately without
any need towait for the transaction to reach it commit point.

DISTRIBUTED DATABASES
A distributed database is a single logical database that is spread physically
across computers in multiple locations that are connected by data
communication links. A distributed database is a collection of multiple
interconnected databases, which are spread physically across various
locations that communicate via a computer network.

Features
 Databases in the collection are logically interrelated with each other.
Oftenthey represent a single logical database.
 Data is physically stored across multiple sites. Data in each site
can bemanaged by a DBMS independent of the other sites.
  The processors in the sites are connected via a network. They do not
haveany multiprocessor configuration.
 A distributed database is not a loosely connected file system.
 A distributed database incorporates transaction processing, but it is
notsynonymous with a transaction processing system.
Distributed Database Management System(DDBMS)

The software that manages the distributed database and provides an access
mechanism that makes this distribution transparent to the user is called
DDBMS.

Features

 It is used to create, retrieve, update and delete distributed databases.

 It synchronizes the database periodically and provides access
mechanisms by the virtue of which the distribution becomes
transparent to the users.
 It ensures that the data modified at any site is universally updated.
 It is used in application areas where large volumes of data are
processed andaccessed by numerous users simultaneously.
 It is designed for heterogeneous database platforms.
 It maintains confidentiality and data integrity of the databases.
Distributed Processing: Shares the database’s logical processing among
two ormore physically independent sites that are connected through a
network.

Functions/ Objectives of DDBMS

 Application interface- to interact with the user

 Validation –to analyse the data request.
 Mapping – to determine the data location of local or remote fragments.
 Security- to provide data privacy
 Database administration- for database administrator
 Concurrency control- to manage simultaneous data access.
 Keeping track of data –The basic function of DDBMS is to keep track of
the data distribution, fragmentation and replication by expanding the
DDBMS catalogue.
  Distributed Query Processing –The basic function of DDBMS is
basically its ability to access remote sites and to transmits queries and
data among the various sites via a communication network.
 Replicated Data Management –The basic function of DDBMS is
basically to decide which copy of a replicated data item to access and to
maintain the consistency of copies of replicated data items.
 Distributed Database Recovery –The ability to recover from the
individualsite crashes and from new types of failures such as failure of
communicationlinks.
 Security –The basic function of DDBMS is to execute Distributed
Transaction with proper management of the security of the data and the
authorization/access privilege of users.

DDBMS Components

1. Computer Workstation
2. Network hardware and software
3. Communication media
4. Transaction processor
5. Data manager

Advantages of Distributed Database system

 Improved sharing ability

  Availability
 Reliability
 Improved Performance
 Better response time
 Processor independence
 Modular Development − If the system needs to be expanded to new
locations or new units, in centralized database systems, the action
requires substantial efforts and disruption in the existing functioning.
 More Reliable − In case of database failures, the total system of centralized
databases comes to a halt. However, in distributed systems, when a
component fails, the functioning of the system continues may be at a
reduced performance. Hence DDBMS is more reliable.
 Better Response − If data is distributed in an efficient manner, then user
requests can be met from local data itself, thus providing faster
response. Onthe other hand, in centralized systems, all queries have to
pass through the central computer for processing, which increases the
response time.
 Lower Communication Cost − In distributed database systems, if data is
located locally where it is mostly used, then the communication costs
for data manipulation can be minimized.

Disadvantages of DDBMS:

 Architectural complexity
 Lack of standard
 Data integrity problem
 Security problems
 Cost
 Data design more complex

 Need for complex and expensive software − DDBMS demands complex

and often expensive software to provide data transparency and co-
ordinationacross the several sites.
 Processing overhead − Even simple operations may require a large
number of communications and additional calculations to provide
uniformity in dataacross the sites.
  Data integrity − The need for updating data in multiple sites pose
problemsof data integrity.
 Overheads for improper data distribution − Responsiveness of queries
is largely dependent upon proper data distribution. Improper data
distribution often leads to very slow response to user requests.
Types of DDBMS

1. Homogeneous DDBMS: all use the same DDBMS software and have the
same application on each node (or site). They have a common schema.
In a homogeneous database, all different sites store database identically.
The operating system, database management system and the data
structures used
– all are same at all sites. Hence, they’re easy to manage.

2. Heterogeneous DDBMS: each node may run different DBMS software,

which need not to be based on the same data model. So the system may
be composed of hierarchical, relational, network DBMS’s. Different
computers may use a different operating system, different database
application. They may even use different data models for the database.
Hence, translations are required for different sites to communicate.

Application of DDBMS:

1. Airlines
2. Corporate MIS (management information system)
3. Hotel Chains
4. Manufacturing
5. Military command and control
6. Any organization which has a decentralized organization structure.