Comparative Study of Data Security in Some Database Management Systems

Topics: Database management system, Access control, SQL Pages: 42 (12325 words) Published: August 11, 2013
Comparative study of DATA SECURITY IN some database MANAGEMENT SYSTEMS

by

JiaLiang Mao

A Minor Thesis

Submitted in partial fulfillment of the requirements for the degree of

Master of Science in Computer Science

Supervisor:
Dr. Dat Dac Hoang

Victoria University – Sydney City Centre
(October, 2012)
RCM6104,RCM6105

Abstract
Recently, database management systems (DBMSs) have become a main component of various kinds of dynamic web and applications. In these DBMSs, there might be stored some significant, sensitive and classified data. The developments of theory and technology in databases have become urgent needs for achieving database system security. Currently there are many DBMSs for users to choose. Therefore it becomes an important issue for people to decide how to choose a suitable database system. This thesis researches some mainstream database systems to compare their security performances, structures, security strategies.

Statement of Originality
I certify that this thesis contains no material which has been accepted for the award of any other degree or diploma in any institute, college or university, and that, to the best of my knowledge and belief, it contains no material previously published or written by another person, except where due references is made in the text of the thesis.

-----------------------------
JiaLiang Mao

October, 2012
Table of Contents

Abstractiii
Statement of Originalityiv
Table of Contentsv
List of Figuresviii
List of Tablesix
Chapter 1 Introduction1
1.1 Aim and Objectives1
1.2 Thesis Organization2
Chapter 2 Background3
2.1 Comparison of a Variety of DBMSs4
2.1.1 Microsoft SQL Server 2008 R24
2.1.2 MySQL4
2.1.3 Oracle 11g5
2.2 Control Access6
2.2.1 Traditional Database System Access Control7
2.2.2 Role-Based Access Control8
2.2.3 Usage Control Access8
2.3 Encryption9
2.3.1 Symmetric Key Encryption9
2.3.2 Asymmetric Key Encryption9
2.3.3 Column-level Encryption10
2.3.4 Transparent Data Encryption (TDE)10
2.3.5 Extensible Key Management (EKM)10
2.4 Data Integrity11
2.4.1 Threats to Data Integrity11
2.5 Authentication12
2.5.1 User Authentication12
2.5.2 Password Authentication12
2.5.3 Operating System Authentication13
2.5.4 Mixed Authentication13
2.6 Auditing14
2.7 Backup and Recovery14
2.7.1 Logical Backup14
2.7.2 Raw Backup15
2.7.3 Cold Backup15
2.7.4 Hot Backup15
2.8 Chapter summary16
Chapter 317
3.1 Access Control18
3.1.1 MS SQL 2008 server:18
3.1.2 MySQL:18
3.1.3 Oracle:19
3.2 Encryption20
3.2.1 MS SQL 2008 server:20
3.2.2 MySQL:21
3.2.3 Oracle:22
3.3 Authentication24
3.3.1 MS SQL 2008 server:24
3.3.2 MySQL:26
3.3.3 Oracle:26
3.4 Backup and Recovery27
3.4.1 MS SQL 2008 server27
3.4.2 MySQL27
3.4.3 Oracle28
3.5 Chapter summary31
Chapter 432
4.1 Tools Implementation33
4.1.1 SQL Server Management Studio (SSMS)33
4.1.2 SQL*Plus34
4.1.3 MySQL Workbench34
4.2 Data Encryption implementation with three applications36
4.2.1 Case Study 1: Implementing Transparent Data Encryption by use of SSMS36
4.2.2 Case Study 2: Implementing Transparent Data Encryption by use of SQL*Plus40
4.2.3 Case Study 3: Implementing Data Encryption by use of MySQL Workbench47
4.3 Performance test51
4.3.1 Test One52
4.3.2 Test Two56
4.4 Chapter Summary58
Chapter 559
5.1 Comparison Criteria59
5.1.1 Software Requirement60
5.1.2 Platform Requirement60
5.1.3 IT Skill Requirement60
5.1.4 Environment Requirement60
5.1.5 Cost Issue60
5.1.6 SQL Language61
5.1.7 Implementing Difficulty61
5.1.8 Interface61
5.2 Comparison Analysis61
5.2.1 SQL Server Management Studio61
5.2.2 SQL*Plus62
5.2.3 MySQL Workbench63
5.3 Summary of Comparison63
5.4 Recommendations64
5.5 Chapter Summary65
Chapter 666
List of References68

List of Figures
Figure 31 Key...

References: Anwar Pasha Abdul Gafoor Deshmukh, R. Q. (2011). "Transparent Data Encryption- Solution for Security of Database Contents." (IJACSA) International Jounal of Advanced Computer Science and Applications Vol. 2, No.3.
B.Navathe, R. E. a. S. (2003). Fundamentals of database systems, Pearson Education, Inc: 735.
B.Navathe, R. E. a. S. (2003). Fundamentals of database systems, Pearson Education, Inc: 744.
Baron Schwartz, P. Z., Vadim Tkachenko,Jeremy D.Zawodny, Arjen Lentz & Derek J.Balling (June 2008). High Performance MySQL. Taipei, O 'REILLY.
Craig, M. a. (2002). Database administration: the complete guide to practices and procedures, Addison-Wesley: 703.
Database, O. (2011). "Online Documentation 11g Release 2 (11.2)." from http://www.oracle.com/pls/db112/portal.portal_db?selected=11.
David Litchfield, C. A., John Heasman, Bill Grindlay (2005). The Dtabase Hacker 's Handbook Defending Database Servers, While Publishing, Inc.
G.Taylor, A. (2010). SQL For Dummies, Wiley Publishing,Inc.
Lan Abramson, M. A., Michael J.Corey, Michelle Malcher (2009). Oracle database 11g A beginner 's guide. New York, Mc Graw Hill.
MSDN. (2010). "Use SQL Server Management Studio." from http://msdn.microsoft.com/en-us/library/ms174173.aspx.
MySQL. (2010). "DownLoad MySQL Installer." from http://www.mysql.com/downloads/installer/.
MySQL. (2010). "MySQL Workbench 5.2." from http://www.mysql.com/products/workbench/.
Robert Sheldon, G. M. (2005). Beginning MySQL, Wiley Publishing, INC.
Samarati, R. S. S. a. P. (september 1994) "Access Control:Princiles and Practice." IEEE Communications Magazine, 4o.
Samarati, R. S. S. a. P. (september 1994). "Access Control:Princiles and Practice." IEEE Communications Magazine: 44.
T.Silverstein, R. R. a. P. B. a. C. G. a. A. (2010). Microsoft SQL Server 2008 R2, Paul Boger.
T.Silverstein, R. R. a. P. B. a. C. G. a. A. (2011). Microsoft SQL Server 2008 R2. K. Gettman, Paul Boger: 336.
T.Silverstein, R. R. a. P. B. a. C. G. a. A. (2011). Microsoft SQL Server 2008 R2, Paul Boger.
Wessler, C. Z. a. C. R. a. M. (2009). Oracle 11g for Dummies, Wilcy Publishing,Inc.
Zoratti, I. (2006). "MySQL Security Best Practice."
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Cloud database management system Essay
  • Essay on Database Management System and Data
  • Database Management Systems Essay
  • DATABASE AND DATABASE MANAGEMENT SYSTEM Essay
  • Essay on Database Management System of a Bank
  • An Overview of Database Management Systems Essay
  • Database Management System Essay
  • comparative management Essay

Become a StudyMode Member

Sign Up - It's Free