Analysis Of Database Security Techniques Across Dbms

Published Date: 02 Nov 2017

The main aim of the research is to explore the different tools and techniques to handle database security and the data integrity across different DBMS (Database Management Systems).

Objectives

To ensure the user security by user id and password management

To assign roles and privileges to users

To create triggers, auditing, tracing and tracking

To manage data integrity constraints

To create profiles and system resource allocation

To investigate and apply vendor-specific security techniques

Project Philosophy

The scope of the project is to analyse the database security techniques across DBMS like Oracle’s RLS (Row-Level Security), IBM’s DB2 and Microsoft’s SQL Server using which we can secure the central database system and protect the data from unauthorised access. It involves the security concepts, approaches and using different tools and techniques to ensure the database security. Database administrators (DBAs) setup various user accounts, passwords, and privileges.

Research Methodology

The project includes the analytic stage, synthesis stage and the critical appraisal stage. One key technique for analysis is the literature review which is the systematic review of the current knowledge on the dissertation topic. Observation is also used partly for the research as the project involves programming on the techniques for the database security. As a part of resources for the research, secondary data is used. The resources used are various books (print and ebooks), journals, articles, papers published in conferences and other trusted resources on the internet.

Ethical consideration

The level one ethics self-audit in relation to the proposed project has been completed and no reasonable foreseeable risks are identified (see Appendix – A).

Supervision

The MSc project is carried out under the supervision of Mr. Stuart Hutchison.

Time plan with key deliverables

17/01/2013 – Project Registration

31/01/2013 – Project Proposal

25/04/2013 – Project draft submission

16/05/2013 – Final submission of Project

Support Required

Guidance of Mr. Stuart Hutchison

Library resources

Online resources

Academic Skills Centre

Skills Audit

Scale: 1 to 5, 5 being the maximum

Project planning – 4

Time management – 4

Analytical skills – 3

Problem solving – 4

Communication skills – 4

Structuring and presenting papers – 4

Knowledge retrieval – 4

Learning ability – 4

Introduction

Organisations are using the database systems to maintain daily activities and transactions. In such case, the security of the database becomes the most important issue to be addressed. The database is most vulnerable to be misused and damaged by either external threat or internal threats. According to Bertino and Sandhu (2005),

"Security breaches can be typically categorised as unauthorised data observation, incorrect data modification and data unavailability".

The most important concern for any company is to ensure the security of its databases which is indeed a complex issue. The security measures tend to be complex depending on the complexity of the databases. Security measures form an integral part of database even from the initial phase which includes the inception as well as the design phase. Modern techniques used to monitor the security of databases manage the security and protection fortifications at different levels: host, physical, applications, network and data.

The physical and logical integrity of databases will require the focus of efforts for protecting the physical integrity of databases, especially the recordings against destruction. The easiest way to do that is represented by regular backups. The integrity of each element forming the database will assume that the value of each field may be written or changed only by authorized users and only if there are correct values. The access control is being done taking into consideration the restrictions of the database administrator. DBMS will apply the security policy of the database administrator (DBA). This must meet the following requirements:

Server security. Server security involves limiting access to data stored on the server. It is the most important option that has to be taken in consideration and planned carefully.

Connections to the database. Using the ODBC will have to be followed by checking that each connection corresponds to a single user who has access to data.

Access control table. The access control table is the most common form of securing a database. An appropriate use of the table access control involves a close collaboration between the administrator and the base developer.

Restriction tables. Restriction tables will include lists of unsure subjects who could open set off sessions.

Project Overview

An organisation, while implementing database systems, has to mainly consider the data security. The security factors as stated by Jangra et, al. (2010), are:

Authentication

Authorisation

Encryption

Auditing

Directory Access Control

Privilege management

Appendices

Appendix – A: Level One Ethical Review Form

1. Potential physical or psychological harm, discomfort or stress

(a) Is there a significant foreseeable potential for psychological harm or stress? NO

(b) Is there a significant foreseeable potential for physical harm or discomfort? NO

(c) Is there a significant foreseeable risk to the researcher? NO

2. Protection of research subject confidentiality

Are there any issues of confidentiality which are not adequately addressed by the following actions:

(a) Non-attribution of individual responses;

(b) Individuals and organisations to be anonymised in publications and presentations;

(c) Specific agreements have been made with respondents regarding any feedback to collaborators and relating to any publications. NO

3. Data protection and consent

Are there any issues of data handling and consent which are not dealt with by established procedures? This would entail ensuring:

(a) Compliance with the Data Protection Act with reference to safe/secure storage of data and its management on completion of the project.

(b) That respondents have giving consent regarding the collection of personal data by completing a Consent Form.

(c) That there are no special issues arising concerning confidentiality/informed consent. NO

4. Moral issues and Researcher/Institutional Conflicts of Interest

Are there any special moral issues and/or conflicts of interest identified? NO

(a) An example of conflict of interest would be the researcher compromising research objectivity or independence in return for financial or non-financial benefit for him/herself or for a relative or friend.

(b) Particular moral issues or concerns could arise, for example, where the purposes of research are concealed, where respondents are unable to provide informed consent, or where research findings would impinge negatively/differentially upon the interests of participants.

5. Vulnerable participants

Are any of the participants or interviewees in the research vulnerable, e.g. children and young people? NO

6. Bringing the University into disrepute

Is there any aspect of the proposed research which might bring the University into disrepute? NO

Overall assessment

The self audit has been conducted and confirms the absence of ethical risks which can be reasonably foreseen. Hence there is no need for the second level form of ethical review form.