Page 111 - DCAP516_COMPUTER_SECURITY
P. 111

Unit 9: Database Security




               Logical Database Integrity: The structure of the database is preserved. With logical integrity  Notes
               of a database, a modification to the value of one field does not affect other fields.

               Element Integrity: The data contained in each element are accurate.
               Auditability: It is possible to track who or what has accessed (or modified) the elements in
               the database.

               Access Control: A user is allowed to access only authorized data, and different users can be
               restricted to different modes of access (such as read or write).
               User Authentication: Every user is positively identified, both for the audit trail and for
               permission to access certain data.
               Availability: Users can access the database in general and all the data for which they are
               authorized.

          Integrity of the Database

          The data must be protected from corruption. Two situations can affect the integrity of a database:

          1.   When the whole database is damaged (as happens, for example, if its storage medium is
               damaged)
          2.   When individual data items are unreadable.

          Integrity of the database as a whole is the responsibility of the DBMS, the operating system, and
          the (human) computing system manager. From the perspective of the operating system and the
          computing system manager, databases and DBMSs are files and programs, respectively.
          Therefore, one way of protecting the database as a whole is to regularly back up all files on the
          system.

          Element Integrity

          The integrity of database elements is their correctness or accuracy. Ultimately, authorized users
          are responsible for entering correct data into databases. However, users and programs make
          mistakes collecting data, computing results, and entering values. Therefore, DBMSs sometimes
          take special action to help catch errors as they are made and to correct errors after they are
          inserted.

          Auditability

          For some applications it may be desirable to generate an audit record of all access (read or write)
          to a database. Such a record can help to maintain the database’s integrity, or at least to discover
          after the fact who had affected which values and when. A second advantage, as we see later, is
          that users can access protected data incrementally; that is, no single access reveals protected data,
          but a set of sequential accesses viewed together reveals the data, much like discovering the clues
          in a detective novel.

          Access Control

          Databases are often separated logically by user access privileges. For example, all users can be
          granted access to general data, but only the personnel department can obtain salary data and
          only the marketing department can obtain sales data. Databases are very useful because they
          centralize the storage and maintenance of data. Limited access is both a responsibility and a
          benefit of this centralization.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   105
   106   107   108   109   110   111   112   113   114   115   116