12. Database Security Flashcards

(8 cards)

1
Q

Database Security:

A

Protecting the database against unauthorised access and modifications. CIA triad: Confidentiality (preventing disclosure), Integrity (preventing improper modification), Availability (access to those who need it).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control:

A

Controlling who can access the database and what operations they can perform.
◦ Authentication: Verifying the identity of a user (e.g., username/password).
◦ Authorisation: Granting specific privileges or permissions to authenticated users. Access control is the DBA’s responsibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Mandatory Access Control (MAC):

A

System-enforced control based on security classification levels. Each object has a classification level, and each subject (user/process) has a clearance level. Extremely rigid.

Bell-LaPadula Model:
▪ Simple Security Property (“no read up”): Subject S can read Object O only if clearance(S) ≥ classification(O).
* (Star) Security Property (“no write down”): Subject S can write to Object O only if clearance(S) ≤ classification(O).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Discretionary Access Control (DAC):

A

Provided by most SQL DBMSs, based on granting/revoking privileges. Highly flexible. Users/roles have specific rights on database objects (tables, views, etc.) and system-level operations. Default should be deny. Uses an access matrix model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DAC in SQL:

A

◦ GRANT: Gives privileges on an object to a user or role. WITH GRANT OPTION allows the recipient to grant the privilege to others.
◦ REVOKE: Takes away privileges.
◦ Privileges: Specific rights like SELECT, INSERT, UPDATE, DELETE on tables/views; EXECUTE on functions/procedures; CONNECT on databases. Can apply to specific columns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Roles:

A

A way to group privileges. Privileges are granted to the role, and the role is granted to users or other roles. Users can activate/deactivate roles. PostgreSQL treats roles and users similarly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Using Views:

A

Views can restrict access by creating a subset (horizontal and/or vertical) of a table. Granting access only to the view, not the base table, limits what users can see/do. WITH CHECK OPTION on a view can enforce policies during updates. Useful in systems without direct column/row-level access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Statistical Database Security:

A

Preventing inference of individual data values from statistical query results (averages, counts, sums) on databases containing sensitive information. Can be difficult to prevent, especially with highly specific queries or cross-referencing data sets. Measures include prohibiting queries that are too selective or refer repeatedly to the same rows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly