Control methods of Database Security
Database Security means keeping sensitive information safe and prevent the loss of data. Security of data base is controlled by Database Administrator (DBA).
The following are the main control measures are used to provide security of data in databases:
1. Authentication 2. Access control 3. Inference control 4. Flow control 5. Database Security applying Statistical Method 6. Encryption
These are explained as following below.
- Authentication :
Authentication is the process of confirmation that whether the user log in only according to the rights provided to him to perform the activities of data base. A particular user can login only up to his privilege but he can’t access the other sensitive data. The privilege of accessing sensitive data is restricted by using Authentication.
By using these authentication tools for biometrics such as retina and figure prints can prevent the data base from unauthorized/malicious users.
- Access Control :
The security mechanism of DBMS must include some provisions for restricting access to the data base by unauthorized users. Access control is done by creating user accounts and to control login process by the DBMS. So, that database access of sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons.
The database system must also keep the track of all operations performed by certain user throughout the entire login time.
- Inference Control :
This method is known as the countermeasures to statistical database security problem. It is used to prevent the user from completing any inference channel. This method protect sensitive information from indirect disclosure.
Inferences are of two types, identity disclosure or attribute disclosure.
- Flow Control :
- Database Security applying Statistical Method :
Statistical database security focuses on the protection of confidential individual values stored in and used for statistical purposes and used to retrieve the summaries of values based on categories. They do not permit to retrieve the individual information.
This allows to access the database to get statistical information about the number of employees in the company but not to access the detailed confidential/personal information about the specific individual employee.
- Encryption :
This method is mainly used to protect sensitive data (such as credit card numbers, OTP numbers) and other sensitive numbers. The data is encoded using some encoding algorithms.
An unauthorized user who tries to access this encoded data will face difficulty in decoding it, but authorized users are given decoding keys to decode data.