Database Security Quiz

Questions and Answers

What are the three main areas affected by common database threats?

• Integrity, Flexibility, Privacy
• Scalability, Availability, Cost
• Performance, Accessibility, Security
• Integrity, Availability, Confidentiality (correct)

Loss of confidentiality occurs when secret information is accessed by unauthorized users.

True (A)

What is the role of a Database Administrator (DBA) in database security?

To grant privileges and ensure overall system security.

The main objective of database security is to protect sensitive data from __________ access.

unauthorized

Which type of access control allows users to manage their own access rights?

Discretionary Access Control (DAC) (D)

Policy management in database security involves setting rules on which data should be available to users.

False (B)

Name one strategy to protect databases from unauthorized access.

Access control.

Match the following threats with their definitions:

Loss of Integrity = Unauthorized changes to data Loss of Availability = Users cannot access data when needed Loss of Confidentiality = Sensitive information is exposed to unauthorized users

Which strategy focuses on managing who can access and modify database information?

Access Control (C)

Inference Control helps prevent unauthorized discovery of private data even when some data is publicly available.

True (A)

What is the primary objective of Flow Control?

To prevent sensitive data from being accessed or leaked to unauthorized users.

Data _____ encodes information to protect it during storage and transmission.

encryption

Match the following strategies with their definitions:

Access Control = Ensures only authorized users can access data Inference Control = Prevents extraction of private info from public data Flow Control = Prevents unauthorized access or leakage of data Data Encryption = Encodes data for secure storage and transmission

Which of the following is an example of Inference Control?

Masking salary data published by departments (D)

Covert channels are intended measures to leak information without anyone noticing.

False (B)

Give an example of Access Control in a university database.

Professors can access and modify grades, while students can only view them.

What is one of the key responsibilities of a Database Administrator (DBA)?

Granting privileges to users (A)

What is the primary purpose of data encryption?

To protect sensitive information from unauthorized access (A)

Mandatory Security Mechanisms (MSM) are flexible and can be adjusted by administrators.

False (B)

A DBA account has the same capabilities as regular database users.

False (B)

What is the role of a database administrator (DBA)?

To manage and control access rights to the database.

What must users do to access the database?

Apply for an account.

Data is encoded using an __________ to make it unreadable.

encryption algorithm

The DBA is responsible for classifying data and users based on their __________.

sensitivity

Match the following security methods with their characteristics:

Discretionary Security Mechanisms = Controlled by administrators, flexible access rights Mandatory Security Mechanisms = Strict rules based on data sensitivity Database Administration = Managing user permissions and security Data Encryption = Transforming data into a secure format

Match the following DBA account capabilities with their descriptions:

Account Creation = Controls access to the DBMS system Privilege Granting = Gives specified roles and resource access Privilege Revocation = Removes access when necessary Security Level Assignment = Determines access to confidential data

Which of the following is an example of a discretionary security mechanism?

A professor modifying course grades (C)

What is essential for ensuring that only authorized personnel can access the database?

User accounts and login procedures (A)

Revoke access is a function of the DBA that is rarely used.

False (B)

Data flow control is unnecessary for data transmission security.

False (B)

What does the DBMS do to verify a user's access?

Verifies the account ID and password.

Why is data encryption important during online purchases?

It protects credit card information from being accessed by unauthorized users.

What is the primary purpose of system logs?

To record every action performed by users (A)

A database audit is primarily focused on improving database performance.

False (B)

What command is used to grant privileges on a database object?

GRANT

An audit trail is also referred to as a _____ in a database log.

database audit

Match the following commands with their functions:

GRANT = Provide permissions to users REVOKE = Take back permissions from users SELECT = Retrieve data from a database DELETE = Remove data from a database

What might prompt the need for a database audit?

Suspected tampering with the database (C)

The WITH GRANT OPTION allows users to give their granted privileges to others.

True (A)

List two actions that can be granted using the GRANT command.

SELECT, INSERT

What does the GRANT command allow a user to do?

Assign privileges to a database object (B)

The REVOKE command can only take away privileges entirely, not just the ability to grant them to others.

False (B)

What must be specified when using the REVOKE command?

privileges, object, users

In mandatory access control, a user with __________ clearance cannot access secret data.

confidential

Which of the following is NOT an advantage of Discretionary Access Control (DAC)?

It provides rigid security measures (A)

Mandatory Access Control (MAC) offers more flexibility than Discretionary Access Control (DAC).

False (B)

What is the highest security class in the mandatory access control system?

Top Secret

Flashcards

Database Security Systems

Prevents unauthorized access to database information.

Objective of Database Security

Ensures data confidentiality, integrity, and availability.

Loss of Integrity

Unauthorized changes to data by people who shouldn't have access.

Loss of Availability

Preventing authorized users from accessing data when they need it.

Loss of Confidentiality

Revealing private or sensitive information to people who shouldn't see it.

Access Control

A process that regulates who can access what information in a database.

Inference Control

Control mechanisms designed to prevent unauthorized disclosure of sensitive information.

Flow Control

Mechanisms that control the flow of information within a database.

Database Security

Protecting your database against threats like unauthorized access, data leakage, or manipulation.

Data Encryption

Encoding data to protect it during storage and transmission, making it unreadable to unauthorized users.

Covert Channels

Unexpected channels through which sensitive information can leak unnoticed.

Who is the DBA?

The Database Administrator (DBA) is the person responsible for managing and controlling a database system.

What does the DBA do with privileges?

The DBA assigns specific permissions to users based on their roles and responsibilities.

How does the DBA classify data and users?

The DBA categorizes data and users into groups based on their sensitivity level and clearance.

What makes the DBA account special?

The DBA account has special capabilities beyond regular user accounts, including creating accounts, granting and revoking access, and managing security levels.

How does the DBA control access to the database?

The DBA ensures that only authorized users can access the database by creating unique account IDs and passwords.

How does the DBA protect the database?

The DBA manages database security by controlling access, monitoring user accounts, and auditing database activities.

What is discretionary authorization?

Discretionary authorization refers to the process of granting and revoking access to specific resources based on user roles.

What is mandatory authorization?

Mandatory authorization is a system that restricts access to information based on pre-defined security levels, regardless of individual user permissions.

What is Data Encryption?

A security method that transforms sensitive data into an unreadable format, requiring a key for decryption.

Decryption

The process of converting encoded data back into its original form using the decryption key.

Discretionary Security Mechanisms (DSM)

Security mechanisms controlled by administrators, allowing them to assign specific access rights (read, insert, delete, update) to different users.

Mandatory Security Mechanisms (MSM)

Security mechanisms controlled by predefined rules based on data sensitivity and user clearance levels.

What is Database Security?

Preventing unauthorized access to and misuse of sensitive data stored in databases.

What is a database log?

A detailed record of all actions performed on a database, including user logins, data updates, deletions, and queries.

What is a database audit?

A review of database logs over a specific time period to verify all database activities.

What is discretionary access control?

A process that allows database administrators to grant and revoke specific permissions or privileges to users or groups on database objects.

What is the GRANT command?

A command used to grant specific privileges to users on database objects, allowing them to perform certain actions.

What is the REVOKE command?

A command used to revoke previously granted privileges from users on database objects.

What is an audit trail?

A security measure that tracks all database actions, providing a record of who did what and when. This record is often used for auditing purposes.

Why are system logs important for security?

A system log is important for security because it helps track all database activity for auditing and troubleshooting purposes.

When are database audits used?

Database audits are performed when tampering with the database is suspected.

GRANT Command

A SQL command that grants specific privileges to a user, allowing them to perform operations like SELECT, INSERT, and UPDATE on a database object. It can also be used to grant the user the ability to delegate these privileges to others.

REVOKE Command

A SQL command that revokes previously granted privileges from a user, preventing them from performing operations on a database object.

WITH GRANT OPTION

An optional clause in the GRANT and REVOKE commands that enables a user to delegate the granted privileges to other users.

Mandatory Access Control (MAC)

A security model where data and users are categorized based on their sensitivity levels. Access is granted only to those with appropriate security clearances.

Discretionary Access Control (DAC)

A security model where the owner of a database object has the authority to determine who can access it and what privileges they have.

Flexibility (DAC Advantage)

The ability to customize access controls according to specific needs and requirements.

Security Sensitivity in MAC

Data and users are classified based on their security sensitivity.

User Access Control in MAC

A user can only access data if their security level is appropriate.

Study Notes

Database Security

• Database security involves legal, ethical, policy, and technical dimensions
• Legal and ethical considerations ensure only authorized users access sensitive information
• Policy management establishes rules for confidential data
• Technical aspects involve setting up security at different system levels (hardware, OS, DBMS) to prevent unauthorized access and breaches

Common Threats

• Loss of Integrity: Unauthorized or incorrect modifications to data
• Loss of Availability: Legitimate users cannot access required data due to blocking
• Loss of Confidentiality: Sensitive information is accessed by unauthorized individuals

Strategies to protect Databases

• Access Control: Only authorized users can access data
• Inference Control: Prevents users from discovering secret information from available data
• Flow Control: Manages data paths to prevent unauthorized access
• Data Encryption: Protects data during storage and transmission, so only authorized users can read it

Access Control

• Objective: Ensure only authorized users access the database
• How it works in databases: Setting up rules and permissions to restrict unauthorized access.
• Methods: Using user IDs and passwords to manage permissions
• Example: University database allows professors to modify grades, while students can only view them.

Inference Control

• Definition: Prevents extraction of private information from publicly available data
• Importance: Prevents unauthorized discovery of private data
• Example: Salary data is published without naming individuals.
• Inference Control: Mask or aggregate data to prevent guessing individual salaries.

Flow Control

• Definition: Measures to prevent unauthorized data access.
• Covert Channels: Unexpected ways information leaks
• Importance: Preventing sensitive data leakage outside authorized pathways
• Example: Employee uses a shared printer to view restricted documents

Data Encryption

• Definition: Method to protect sensitive data (e.g., credit card numbers)
• How it works: Data is transformed into a secure format that can only be accessed with a special key (encryption and decryption).
• Importance: Protects sensitive information during transmission, preventing unauthorized access and theft
• Example: Online purchases encrypt credit card information during transmission.

Types of Database Security Mechanisms

• Discretionary Security Mechanisms (DSM): Flexible, controlled by administrators. Allows assignment of specific access rights to users
• Example: Professor can modify course grades, but a student can only view them.
• Mandatory Security Mechanisms (MSM): Strict, controlled by predefined rules. Enforces rules based on data sensitivity and user clearance levels
• Example: Classified information requires matching security clearance for access.

Database Security and the DBA

• Definition of DBA: Central authority for managing a database system
• Key Responsibilities
  • Granting privileges: Assigning permissions to users based on roles
  • Classifying data and users: Organizing data and users based on sensitivity and clearance levels.
• DBA is responsible for overall database security.

Access Control, User Accounts, and Database Audits

• DBA manages security using Access Control, User Accounts, and Database Audits
• User Account Creation: Unique account ID and password for each user
• Login Process: Users log in with their credentials, DBMS verifies
• Database Audits: Track database activities (e.g., login, updates, deletions); aids in security and error diagnosis/recovery
• Database log, audit trail

Discretionary Access Control

• Discretionary access control is based on the granting and revoking of privileges
• Grant Command (e.g., GRANT privileges ON object TO users [WITH GRANT OPTION])
• Revoke Command (e.g., REVOKE [GRANT OPTION FOR] privileges ON object FROM users)

Mandatory Access Control

• A stricter security measure
• Data and users are classified based on security sensitivity
• Users can only access data with matching security levels
• Top Secret (TS), Secret (S), Confidential (C), Unclassified (U). TS > S ≥ C ≥ U

Comparing Discretionary and Mandatory Access Control

• Discretionary Access Control (DAC):
  • Advantages: Flexible, customizable, easily adapt to different applications
  • Disadvantages: Security risks due to potential vulnerabilities to attacks
• Mandatory Access Control (MAC):
  • Advantages: High degree of security, prevents unauthorized data flow
  • Disadvantages: Can be rigid, may not be suitable for dynamic environments

Description

Test your knowledge on key concepts of database security. This quiz covers various strategies to protect sensitive data, the role of a Database Administrator, and access control mechanisms. Enhance your understanding of how to safeguard databases from common threats.