DATABASE SECURITY: USING ENCRYPTION TECHNIQUE AND DESIGN IN DATABASE
Mareena Sahoo Janvi Tanwani Prachi Soni mareena.sahoo2013@vit.ac.in janvi.tanwani2013@vit.ac.in prachi.soni2013@vit.ac.in
ABSTRACT: Database security is one of the most essential challenges in today’s world that the people are going through. In the research of traditional database, security is supposed to be authentic. The aim is to achieve security from the outside intruders and probably also against the user trying to access the personal information apart from their authorization. In this paper we discuss the problem of attaining security in an ambience where the database is not fully dependable,
…show more content…
Now a days every organization has automated their systems of information by handling the database with personal or any type of secret information. So, with these type of crucial and sensitive data, security and privacy issues becomes necessary.
Now the question arises that what is database security and how it can be achieved? Protecting the private and personal data saved in any archive is known as database security. It deals with securing the database from intruders and illegal actions. The organisation that has good amount of data also demands for good security. This can be done by following the properties of security for database. The major properties of database security are: 1) confidentiality 2) integrity and 3)availability. Fig1. depicts the major properties for database security. Fig. 1 Properties of DB Security
As we know, confidentiality gives rise to the concept of data hiding. It shares a part of data to the outside world and the rest of the things remain hidden. Integrity refers that the data should not be corrupted or contaminated at any cost. Availability means that within the time period we should be able to get the
…show more content…
Access control tells which user may get access to the system and later which set of data can be accessed by the user for reading or writing purpose. Flow control balances the circulation of values of sets of data that can be accessed by the users. Inference control looks after the statistical information in the databases blocking the querier from taking the abstract information by posing correctly designed array of statistical problems and relating the results. Cryptographic flow control deals with data encryption which prevents unauthorized users to access the data. If any user wants to access the data then he have to decrypt it by using a key.
Another method has been opted for securing and protecting the databases. It has been observed that to make the databases secure different rules at organization level can be implemented. Data or information is always a big and important asset for any organization whose security cannot be negotiated. In different information security layers area unit outlined shown in figure 2 below. These layers are: information administrator, computer user, security officer, developers and worker. For every layer some
What are the exact features of a distributed database? a) Is always connected to the internet b) Always requires more than three machines c) Users see the data in one global schema. d) Have to require the physical location of the data when an update is done
More precisely, an access structure is expressed by an access tree ${\cal T}$ where every non-leaf node $x$ has assigned a threshold gate and every leaf $x$ is assigned a party $P_i \in \{P_1, P_2,...,P_n\}$ . A threshold gate is described by its children $n_x$ and a threshold value $t_x$, where $0iteup{di2007over} is a technique that makes use of a two-layer encryption to enforce selective encryption without requesting the data owner to re-encrypt the data every time there is a change in the AC policy. In the over-encryption technique, two layers of encryption are imposed on data: the inner layer is applied by the data owner to provide initial protection, and the outer layer is done by the server to reflect access control policy changes. Intuitively, this technique allows data owners outsource, besides their data, authorization and revocation tasks on their data to a semi-trusted server without revealing the underlying data to the
In developing a database, one of the first things one must know is how the database(DB) will be used within the organization. Seconda,y what type of data will be required to develop the database and how it will enhance productivity and reliability to the organization. All the information is gathered in the first phase of the database life cycle, which is planning. In the planning phase, you are gathering information on the need, cost and feasibility of the database within the organization. Also within this phase you would look to see if there are databases within the organization that can meet the requirements.
This infrastructure is also not ideal in that every system uses the same username and password. In a production infrastructure each system should have unique and secure
1. List and explain the top 5 factors that are required, at a bare minimum, to make an application secure. Security architecture, authentication, session management, access control, and input validation are the top five factors that make an application secure. Security architecture: OWASP verification requirements in security architecture verify all the application components and libraries that are present in the application are identified. A high level architecture of an application must be designed.
4. Improved security-0 since there is no support for XP anymore, continuing to use will show that you are vulnerable to threats. How to update Windows XP to Windows 10 To install the Windows 10 Home or Professional on your machine running Windows XP, you can choose between a digital download and a physical disc. Currently, it is not clear whether the downloaded version can be run directly from with the Windows XP.
Having security basically means that the data is safe from unauthorised or unexpected access, modification or deletion of files. Due to the vast majority of files being stored on a form of electronic device in the modern world, it is the job of the company, in this case Tesda, to ensure that access is limited to certain individuals and that they pose no threat to the company. Although there are many ways of accessing this information illegally, Tesda should concentrate on protecting against the most common types like viruses and system failure etc. Ensuring that there is a backup server is essential as this information is what keeps the business running and losing it will have a massive impact on them. Within Tesda, it will be the role of the management to assess who should and shouldn’t be granted access to particular bits of information and whether or not they will have it as read only or being able to edit the document.
Again, the data owner has the ultimate responsibility for managing the access controls, but does not need to have his/her hand on the controls daily. Instead, the data owner can have an appointed data security officer to handle the day-to-day access and maintenance of data control (Khatri & Brown, 2010, p. 167). This position will determine the levels at which each employee in the company can access the data for particular reasons. This includes limiting executives to various levels, with the understanding that their access should be for retrieval purposes, not for manipulation
The information or data that needs to be stored could relate to personal employee information that would need to be password protected so only the relevant people can gain access. Only if date if stored in a procedural manner can it be easily retrieved. This can also help if an external body needs to gain access to records for example auditors. Describe the features of different types of systems used for storage and retrieval of information. There are many different ways in which you can store and retrieve information; the main purpose of storing any information is for easy retrieval in the future when it is
For operational purposes, the company collects and stores confidential information about their customers, employees, suppliers, and vendors. For purposes of their rewards program, the company collects sensitive and confidential consumer information. Although security measures and information technology systems have been put in place to ensure secure transmission and storage of confidential information, security breaches, computer viruses, or even human error can occur. Any of these events could cause data to be lost or stolen, as well as disclosed and used with malicious intent. Such occurrence could lead to litigation, fines, increased security costs, and damage to
In the present era everyone needs fast processing and less space required to store results in computation process as well as security of information. There are many encryption algorithms in which some of these take more computation time, some of these take less, but all has their own advantages and disadvantages. Mainly encryption are classified into two based on key used are: asymmetric key encryption and symmetric key encryption. Asymmetric key Encryption is also called public key cryptography. In this, two different keys are used, one is for encryption called public key and decryption is performed by another key termed as a private key.
1-What is the difference between a threat agent and a threat? A threat is a constant danger to an asset, whereas a threat agent is what facilitates an attack. 2-What is the difference between vulnerability and exposure? Exposure is a condition of being exposed and it exists when a vulnerability is known to an attacker while Vulnerability is a weakness or fault in a system or protection mechanism that opens it to attack or damage.
the more options there and can be used to violate privacy. Most people consider they have little, if any, control over their personal data. Better encryption and the minimizing of data requirements aids in this goal. PIMS systems are a new technological developing that promises to aid the privacy dilemma. The PIMS system consists of a user’s server, running the services selected by the user, storing and processing the user’s data locally instead of on an online server.
There are many criminal charged cases of kidnapping a year, so how do these bride kidnappings differ from such a heart-wrenching event. There are already laws in Kyrgyzstan that quite clearly state the fact that bride kidnappings or the kidnappings of women into marriage is illegal, but that does little to nothing from helping the women or stopping the men (Chung). If there are already laws that make the kidnappings illegal, why does it still happen? There are almost no cases ever brought to trial about the kidnappings. No matter what happens that could potentially count as breaking the law, doesn’t get brought to trial because of the little law enforcement.
In a relational database management system the data access is privileged which means that the database administrator has the authority of giving access of data to some particular users which makes the data secure. 3. Easy to use: This type of database uses tables which is better and easy to create and use. Disadvantages of RDBMS: 1. Slow: