Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

DBWS > DB & WebApp Security > Flashcards

DB & WebApp Security Flashcards

1
Q

Main Concepts

A

Secrecy

Integrity

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Secrecy

A

Users should not be able to see things that they are not supposed to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Integrity

A

Users should not be able to modify things they are not supposed to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability

A

Users should be able to see and modify things they are allowed to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Encryption

A

A way of scrambling data so that only authorized parties can understand the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Symmetric Encryption

A

Encryption Key = Decryption Key –>All authorized users know decryption key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

• Public-Key Encryption

A

o User’s encryption key: public

o User’s decryption key: secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SSL

A

Secure Sockets Layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Digital Signature

A

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. It’s the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Two Main Security Mechanisms at DBMS Level

A

Discretionary access control: creator of a table automatically gets all privileges on it

Mandatory access control: Each DB object is assigned a security class

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

GRANT

A 
•	GRANT privileges On object TO users [WITH GRANT OPTION]:
o	SELECT
o	INSERT
o	DELETE
o	REFERENCES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bell-LaPadula Model

A

Objects
• tables, views, tuples, …
Subjects
• users, user programs, …
Security classes: TS > S> C > U
• Top secret (TS), secret (S), confidential (C), unclassified (U)
Each object and subject is assigned a class
• Simple Security Property:
Subject S can read object O only if class(S) >= class(O))
• *-Property:
Subject S can write object O only if class(S) <= class(O)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bell-LaPadula Model: Intuition

A 
Idea: ensure that
• information can only be read
from higher to lower security levels
• Information can only be written
from lower to higher security level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Common Internet Attack

A
  • Spear-phishing : acquire information by masquerading as a trustworthy entity
  • Man in the middle: eavesdropping. Victims believe they talk directly to each other
  • Watering-hole: Observe sites which group often uses and infect these and infect users as a consequence.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SQL Injection

A

’; DROP TABLE Users; –

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

3P Security Management

A

Process, People, Probing your defenses

DBWS (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions