Page 112 - DCAP516_COMPUTER_SECURITY
P. 112
Computer Security
Notes
Did u know? The database administrator specifies who should be allowed access to which
data, at the view, relation, field, record, or even element level. The DBMS must enforce
this policy, granting access to all specified data or no access where prohibited. Furthermore,
the number of modes of access can be many. A user or program may have the right to read,
change, delete, or append to a value, add or delete entire fields or records, or reorganize
the entire database.
User Authentication
The DBMS can require rigorous user authentication. For example, a DBMS might insist that a
user pass both specific password and time-of-day checks. This authentication supplements the
authentication performed by the operating system. Typically, the DBMS runs as an application
program on top of the operating system. This system design means that there is no trusted path
from the DBMS to the operating system, so the DBMS must be suspicious of any data it receives,
including user authentication. Thus, the DBMS is forced to do its own authentication.
Availability
A DBMS has aspects of both a program and a system. It is a program that uses other hardware
and software resources, yet to many users it is the only application run. Users often take the
DBMS for granted, employing it as an essential tool with which to perform particular tasks. But
when the system is not available busy serving other users or down to be repaired or upgraded
the users are very aware of a DBMS’s unavailability.
9.2 Reliability and Integrity
Databases amalgamate data from many sources, and users expect a DBMS to provide access to
the data in a reliable way. When software engineers say that software has reliability, they mean
that the software runs for very long periods of time without failing.
Database concerns about reliability and integrity can be viewed from three dimensions:
Database Integrity: concern that the database as a whole is protected against damage, as
from the failure of a disk drive or the corruption of the master database index. These
concerns are addressed by operating system integrity controls and recovery procedures.
Element Integrity: concern that the value of a specific data element is written or changed
only by authorized users. Proper access controls protect a database from corruption by
unauthorized users.
Element Accuracy: concern that only correct values are written into the elements of a
database. Checks on the values of elements can help prevent insertion of improper values.
Also, constraint conditions can detect incorrect values.
9.3 Sensitive Data
Sensitive data are data that should not be made public.
Several factors can make data sensitive.
Inherently Sensitive: The value itself may be so revealing that it is sensitive. Examples are
the locations of defensive missiles or the median income of barbers in a town with only
one barber.
106 LOVELY PROFESSIONAL UNIVERSITY
