Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

fmohsen - College of Engineering and Applied Science

advertisement 
Database Security with focus on
Hyperion Database
CS691
Supervisor:
Dr.Chow
Fadi Mohsen
Talk Outline
•
•
•
•
•
•
Changes on database security.
Database security critical points.
Database security approaches.
Hyperion Database.
HD Security issues.
Conclusion.
7/29/2009
F.Mohsen
2
Changes on database security
• The security of databases has been changed because of the
invention of web.
• Before web, databases were easy to protect using the basic
access technique.
• The attacks increased, also the type of attacks changed. For
example, SQL injection is the most famous attack targeting
the web-based database systems,.
• the complexity of securing web-based database system came
from the huge no of users accessing the web-application
7/29/2009
F.Mohsen
3
Database security critical points
• The browser does not directly connect to the
database, but instead transfer a request to a
web server .
• So, the database can’t identify who is
accessing it.
• What we have Vs What we apply.
• Gap between DB developers and security
guys.
7/29/2009
F.Mohsen
4
Database security approaches
• Fine-grained Access Control to Web Databases
• MANDATORY SECURITY IN OBJECT-ORIENTED
DATABASE SYSTEMS
• Role-Based Databases Security, Object
Oriented & Separation of Duty
7/29/2009
F.Mohsen
5
Hyperion Database
Hyperion Enterprise is a database that
contains data that can be used to develop
and print reports.
Instead of two dimensional, Hyperion DB
Uses three dimensional.
Four steps to create database:
-Create the Cube (like create database on
standard database).
-Outline, which is create the dimensions.
-Load the data.
-- Apply security
7/29/2009
F.Mohsen
6
Hyperion DB Security Components
HDBS
Authentication
Security
API
7/29/2009
Native
Directory
Authorization
User
directories
F.Mohsen
Role-based
7
Authentication Scenarios
First scenario, user signs in
directly to the Hyperion
products.
Direct authentication connects
Hyperion products to available
user directories to verify the user
name and password (credentials)
entered on the Login screen.
7/29/2009
F.Mohsen
8
Authentication Scenarios Cont.
Second Scenario, Signing in
from external systems.
7/29/2009
F.Mohsen
9
Provisioning (Role-Based
Authorization)
Hyperion application security determines user access to products using the concept of
roles.
A role is a set of permissions that determines user access to product functions.
User directories store information about the users who can access Hyperion products. Both
the Authentication and the authorization processes utilize user information.
Groups are containers for users or other groups. You can create and manage Native
Directory groups from User Management Console.
7/29/2009
F.Mohsen
10
Conclusion
Security faces two challenges:
-Is not being applied : every system has it’s own security capabilities,
but people continue un a ware or dismiss them.
-Performance : applying security has a negative impact on the performance
for example, I did a conversation with a Hyperion database administrator
he told me that when the moved the security from individual application to
central security ( SSO) the performance affected. He gave me an example,
which is applying security to a Hyperion database used to take 5 minutes, but
after that 30 minutes.
7/29/2009
F.Mohsen
11
References
[1] Fine-grained Access Control to Web Databases, Alex Roichman Ehud Gudes Department of
Computer Science, Department
of Computer Science, The Open University, Raanana, Israel
The Open University, Raanana, Israel, and Alexaro1@012.net.il Department of Computer Science,
Ben-Gurion University, Beer-Sheva, Israel
Ehud@cs.bgu.ac.il
[2] MANDATORY SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS
M.B.Thuraisingham The MITRE Corporation, Bedford, MA, 01730
[3] Database Security, Teresa F. Lunt 1 Computer Science Laboratory
SRI International Menlo Park, California 94025, Eduardo B. Fernandez
Dept. of Computer Engineering Florida Atlantic University Boca Raton, Florida 33431
[4] Role-Based Databases Security, Object Oriented & Separation of Duty, Matunda Nyanchama & Sylvia
Osborn * email : {matunda, sylvia}~csd, uwo. Ca October 11, 1993
[5] Hyperion Security Administration Guide, Hyperion Release 9.3.1,
http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/hyp_security_guide.pdf
[6] An Introduction to Hyperion Database, Controller's Department 3607
inistrative Services Building, http://www.controller.iastate.edu/controller/hypdoc.pdf
7/29/2009
F.Mohsen
12
Related documents
City of Los Angeles Bureau of Sanitation
City of Los Angeles Bureau of Sanitation
Hyperion EPM Overview & Case Study
Hyperion EPM Overview & Case Study
index_life_0904_596
index_life_0904_596
Downloading and Setting Preferences for Hyperion 11
Downloading and Setting Preferences for Hyperion 11
Introduction to: Hyperion Strategic Finance
Introduction to: Hyperion Strategic Finance
Hyperion Planning FAQ - Office Of Budget, Planning, and Analysis
Hyperion Planning FAQ - Office Of Budget, Planning, and Analysis
PPTX, 3.20Mb - UK Oracle User Group
PPTX, 3.20Mb - UK Oracle User Group
Human Resource Management Steps in developing HRM strategy
Human Resource Management Steps in developing HRM strategy
Native Bibliography
Native Bibliography
September 14
September 14
Enterprise to Hyperion Financial Management
Enterprise to Hyperion Financial Management
Presentation Title Can be Up To Four Lines In Length
Presentation Title Can be Up To Four Lines In Length
Download
advertisement