Database Security and Privacy – Research Paper Outline
Illinois Institute of Technology
October 2, 2018
Department of Information technology and Management
Contact: mbha[email protected]
Data security is one of the major concerns in the current scenario with the world going digital and all information, public to confidential, being stored, maintained and communicated online. While this is a convenient way of handling all types of information there are several threats which need to be managed to protect the information. This paper focusses on the importance of data security and the steps taken for managing security and privacy of data stored in database systems.
Keywords: data security, data privacy, discretionary security policy, mandatory security policy, access controls, encryption
A common threat to the data stored in the databases is unauthorized access. Malicious users try to get their hands on either the stored information, the database traffic or the database privacy settings. Such illegal activity on the Internet, a private or public network is known as Cybercrime. (Jorge, 2015). Lunt et al (1990) suggested that this calls for a security policy that would govern the disclosure, modification or destruction of information residing in a database. Organizations may implement a security policy which is inline with its business objectives or opt for a generic one. In any case the security policy would impose access restrictions on the stored data. In an organization, unprotected databases are easy targets to cyber-criminals. Security administrators need to take certain steps to protect the databases. Applying access control policies, i.e. Discretionary and Mandatory, is the first step. (Jorge, 2015) Discretionary security policy is based on user’s identity; level of access and the object being accessed on the other hand Mandatory policy imposes access restrictions to highly classified information to authorized users only. (Lunt et al, 1990). These policies make sure that data privacy is maintained.
Privacy and Security Mechanisms
An organization’s database is accessed by different types of users and each of them have different access rights to the database. The security methods of a database must include actions to restrict access which can be done by applying access control to the database as a whole. Access control is an important security mechanism. Under this, user accounts and passwords are created and maintained. Only after authentication of user with their respective user ID and password can the user access the data. Mandatory security mechanism help protect privacy of data by allowing only the authorized personnel to access classified information. With access controls in place each person is allowed to view the information intended for them. (Lunt et al, 1990).
Although different access controls applied to the database prevent unauthorized data access through the process of authentication and authorization, an adversary may still surpass all these barriers and gain full access to the data. The data however, can still remain clean if it is encrypted before saving in the database. Encryption is another security mechanism which when applied does not allow the adversary to misuse the data even after having full access to it. Database encryption also allows secure transmission of sensitive data. Different encryption algorithms like Symmetric, Asymmetric and Hash can be used to encrypt or scramble the data. The encrypted or scrambled data can be decrypted or unscrambled only by keys which are exchanged between authorized users. (Singh et al, 2015).
A lot of research is being conducted on developing improved algorithms for encryption and each have their own advantages and disadvantages.
As technology advances, more work is done online. This implies that more information, including public and confidential, is available on the network. So, the security of the data which is being maintained in the database is important. The critical issues in security and privacy of database are authentication, identification and enforcing appropriate access controls. (Zubi, 2009). While security processes like access controls and encryption are crucial in guarding data from all attacks they have their own limitations. Researchers are continuously working on developing new improved security schemes to combat new data threats.
Jorge, D. C. Basic Principles of Database Security.
Lunt, T. F., & Fernandez, E. B. (1990). Database security. ACM SIGMOD Record, 19(4), 90-97.
Singh, P., & Kaur, K. (2015, February). Database security using encryption. In Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), 2015 International Conference on (pp. 353-358). IEEE.
Zubi, Z. S. (2009, April). On distributed database security aspects. In Multimedia Computing and Systems, 2009. ICMCS’09. International Conference on (pp. 231-235). IEEE.