Database security issues and challenges

Database security issues and challenges Seminar report

Abstract

Database security assures the security of databases against threats. It is concerned within information security control that involves the data protection, the database applications or stored functions protection, the database systems protection, the database servers and the associated network links protection. Recently, the security threats in mobile database became popular and need to develop a solution to avoid those threats. Mobile database is a specialized class of distributed systems. Due to hardware constraints and its distributed nature security challenges in mobile development raised. Security should be assured in its operating system, its database and on network. The traditional database security cannot deal malicious attacks by persons with legal entity and is not cost effective to users having different security requirements. The multilayer security model with user, OS, DBMS and transaction level intrusion tolerance integrates redundancy and various technology by adopting integral security strategy and service oriented intrusion tolerance technology. A number of techniques such as encryption and electronic signatures are available to protect data transmission across websites. For data protection enforcement of access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time mechanisms are used. Semantics of data considered to specify active access control policies. The network database system provide an open environment for information storage and management with massive data. Great loss will occur once the data loss, illegal tampering or code loss also happens within the network database. The main database security risks are unauthorized or unintended activity or misuse by authorized database users, database administrators, or network or system managers, or by unauthorized users or hackers inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to the database programs, structures or security configurations. Also malware infections causing incidents such as unauthorized access, leakage or disclosure of personal or proprietary data, deletion of or damage to the data or programs, interruption or denial of authorized access to the database, attacks on other systems and the unanticipated failure of database services may occur in database.The performance overload constraints and capacity issues resulting in the inability of authorized users to use databases as intended. The physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic breakdowns or equipment failures and obsolescence also contribute as risks. The design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities for unauthorized privilege escalation, data loss or corruption, performance degradation may occur in databases.Also the data corruption and loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, criminal damage pose security problems in databases.

Database Security Issues


Issues depends on Security types and database threats.

Security Types includes:
1. Legal and ethical issues regarding the right to access certain information. Some information may be deemed to be private and cannot be accessed by unauthorized persons.
2. Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available for example credit ratings.
3. System related issues such as system levels at which various security functions should be enforced for example whether a security function should be handled at the physical hardware level, operating system level and the DBMS level.
4. The need in some organization to identify multiple security levels and to categorize the data and users based on these classifications for example top secret, secret, confidential, and unclassified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.

Database Threats includes:

1. Loss of integrity - Database integrity refers to the requirement that information be protected from improper modification includes creation, insertion, modification, changing the status of data, and deletion. Integrity lost if authorized changes are made to the data by either intentional or accidental acts. If the loss of system or data integrity is not corrected, continued use of the contaminated system or corrupted data would result in inaccuracy, fraud or erroneous decisions.
2. Loss of availability - Database availability refers to making objects available to a human user or a program to which they have a legitimate right.
3. Loss of confidentiality - Data confidentiality refers to the protection of data from unauthorized disclosure. The impact is of confidential information can range from violation of data privacy act. Unauthorized, unanticipated or unintentional disclosure could result in loss of public confidence, or legal action against the organization.

Database Security Control Measures

There are four main control measures used to provide security of data in databases. They are :
1. Access control - The security mechanism of a DBMS must include provisions for restricting access to the database as a whole. This function is called access control and is handled by creating user accounts and passwords to control the login process by the DBMS.
2. Inference control - Statistical databases are used to provide statistical information or summaries of values based on various criteria. Security for statistical databases must ensure that information about individuals cannot be accessed. It is possible to deduce or infer certain facts concerning individuals from queries that involve only summary statistics on groups, consequently this must not permitted either. This problem called statistical database security and corresponding control measures are called
inference control measures.
3. Flow control - It prevents information from flowing in such a way that it reaches unauthorized users. Channels that are pathways for information to flow implicitly in ways that violate security policy of an organization are called covert channels.
4. Data encryption - It is used to protect sensitive data that is transmitted via some type of communication network. Encryption can be used to provide additional protection for sensitive portions of a database. The data is encoded using some coding algorithm. An unauthorized user who access encoded data will have difficulty deciphering it, but authorized users are given decoding or decryption algorithms to decipher data. Encrypting techniques are very difficult to decode without a key have been developed for military applications.

Challenges of Database Security


Due to vast growth in speed of threats to databases, research efforts need to be devoted in issues like :

1. Data quality
The database community needs techniques and organizational solutions to assess and attest the quality of data. These techniques include simple mechanisms such as quality stamps that are posted on websites. Also requires techniques to provide more effective integrity semantics verification and tools for the assessment of data quality, based on techniques such as record linkage. Application level recovery techniques are also needed for automatically repairing incorrect data. The Extract Transform Load tools widely used to load data in data warehouses are presently grappling with these issues.

2. Intellectual property rights
With the widespread use of the Internet and Intranets, legal and informational aspects of data are becoming major concerns of organizations. To address these concerns, watermarking techniques for relational data have recently been proposed. The main purpose of digital watermarking is to protect content from unauthorized duplication and
distribution by enabling provable ownership of the content. It has traditionally relied upon the availability of a large noise domain within which the object can be altered while retaining its essential properties. However research is needed to assess the robustness of such techniques and to investigate different approaches aimed at preventing intellectual property rights violations.

3. Database Survivability
Database systems need to operate and continue their functions even with reduced capabilities, despite disruptive events such as information warfare attacks. A DBMS make every effort to prevent an attack and detecting one in the event of occurrence should be able to do the following:
a. Confinement - Take immediate action to eliminate the attackers access to the system and to isolate or contain the problem to prevent further spread.
b. Damage assessment - Determine the extent of the problem including failed functions and corrupted data.
c. Reconfiguration - Reconfigure to allow operation to continue in a degraded mode while recovery proceeds.
d. Repair - Repair corrupted or lost data and repair or reinstall failed system functions to reestablish a normal level of operation.
e. Fault treatment - To the extent possible, identify the weakness exploited in the attack and take steps to prevent a recurrence.

The goal of the information warfare attacker is to damage the organization operation and fulfillment of its mission through disruption of its information systems. The target of an attack may be the system itself or its data. While the attacks that bring system down outright are severe and dramatic, they must also be well timed to achieve the attackers goal since attacks will receive immediate and concentrated attention to bring the system back to operational condition, diagnose how the attack took place
and install preventive measures.

Conclusion
There are factors such as security concerns evolution, the disinter mediation of data access, new computing paradigms and applications, such as grid-based computing and on-demand business, introduced both new security requirements and new contexts in which to apply and possibly extend current approaches to achieve data security. Thus information security control measures includes access control, auditing, authentication, encryption, integrity controls, backups and application security. The security designs for specific database systems specify security administration and management functions such as administration and reporting of user access rights, log management and analysis, database replication or synchronization and backups along with various business driven information security controls within the database programs and functions for example data entry validation and audit trails. Also various security related activities such as manual controls are normally incorporated into the procedures, guidelines relating to the design, development, configuration, use, management and maintenance of databases.


We prepared and published this seminar abstract for final year engineering students seminar research. You should do your own research additional to this information before presenting your seminar.
Please include "Reference: Collegelib.com" and link back to this page in your work.
Subscribe via email for more Latest topics
12 Steps to boost your innovative project ideas
This is a highly recommended and debated technical seminar topic for all information technology branches. Challenges on database security is a research areas in IT companies and all big organizations using computer for storing their confidential data