Database Security

Michael Gertz, University of California, Davis

Arnon Rosenthal, The MITRE Corporation

Introduction

Database Security Models and Mechanisms

Overview

Discretionary Access Control

Role-Based Access Control

Mandatory Access Control

Database Security Mechanisms

Database Security Design

Protecting the RDBMS

Designing Security Policies

Security Policy Implementation

Database Security Evaluation and Reconfiguration

Database Security Evaluation

Security Reconfiguration Through User and Data Profiling

Conclusions and Future Directions

Acknowledgments

Glossary

Cross References

References

INTRODUCTION

In the past three decades, database systems have evolved from specialized applications to fundamental components of today's computing infrastructures. Many organizations in industry, government, and research sectors rely on database systems to manage, share, and disseminate various forms of data in an effective and reliable manner. In fact, the most valuable assets of many organizations are their data, and the loss of hardware or software is often easier to overcome than the loss of data that have been collected and maintained over many years. As our society becomes increasingly dependent on information, the protection of data against various security threats becomes an important mission for database designers, developers, and administrators. Threats to database security typically concern the integrity, secrecy, and availability of data. They are characterized as follows:

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial