CS356 Midterm 2Study Topics (1)

Access Control

A method used to regulate who can view or use resources in a computing environment.

MAC

Mandatory Access Control; a policy in which access rights are assigned based on regulations determined by a central authority.

DAC

Discretionary Access Control; access rights are assigned based on the discretion of the owner of a resource.

RBAC

Role-Based Access Control; access rights are based on roles assigned to users.

ABAC

Attribute-Based Access Control; access rights are based on attributes of users, resources, and the environment.

SQL Injection

A code injection technique that exploits a security vulnerability in an application by inserting malicious SQL statements.

Denial of Service (DoS)

An attack intended to shut down a machine or service, making it inaccessible to intended users.

SYN/SYN-ACK

The initial packets in a TCP handshake used to establish a connection; attack exploits the connection table.

Malware

Malicious software designed to harm, exploit, or otherwise compromise computer systems.

Worms

A type of malware that replicates itself to spread to other computers, often using a network.

Trojan Horse

A type of malware that disguises itself as legitimate software to gain access to systems.

RootKit

A collection of tools used by an attacker to hide the presence of certain processes, files, or system data.

Phishing

A technique used to trick users into providing sensitive information by pretending to be a trustworthy entity.

Encryption

The process of converting information or data into a code to prevent unauthorized access.

Incident Response Plan

A set of procedures for addressing and managing the aftermath of a security breach or cyber attack.

Data Base Security

Measures taken to protect a database from unauthorized access and data corruption.

Canonical Form

A database design standard where data is structured to eliminate redundancy.

Social Engineering

Manipulating individuals to divulge confidential information by exploiting human psychology.

ABAC Attributes

Attributes used in Attribute-Based Access Control to determine access rights, including user attributes, resource attributes, and environmental contexts.

ABAC Rules

Policies that define conditions for granting or denying access based on the attributes of users and resources.

Relational Database Unique ID

A unique identifier assigned to each row in a relational database table to ensure that each record can be uniquely accessed.

Relational Database Keys

Attributes or sets of attributes that are used to uniquely identify a record in a table; includes primary and foreign keys.

Relational Database Indexes

Data structures that improve the speed of data retrieval operations on a database table by enabling rapid searches.

Relational Database Canonical Form

A design standard that minimizes data duplication and errors by structuring data appropriately, using keys to reference other tables.

JOIN Operations

Database operations that combine rows from two or more tables based on related columns, often facilitated by keys.

CREATE TABLE

An SQL command used to create a new table in a database.

DROP TABLE

An SQL command used to delete a table and all its data in a database.

INSERT

An SQL command used to add new rows of data to a table.

UPDATE

An SQL command used to modify existing data in a table.

DELETE

An SQL command used to remove existing rows from a table.

SELECT

An SQL command used to query and retrieve data from one or more tables.

WHERE Clause

An SQL clause used to specify a condition while fetching data from a table, allowing for filtering of records.

SORT BY

An SQL clause used to sort the result set of a query based on one or more columns, either in ascending or descending order.

INNER JOIN

A type of JOIN operation that returns records with matching values in both tables involved.

LEFT JOIN

A type of JOIN operation that returns all records from the left table and the matched records from the right table.

RIGHT JOIN

A type of JOIN operation that returns all records from the right table and the matched records from the left table.

FULL OUTER JOIN

A type of JOIN operation that returns all records when there is a match in either left or right table records.

CROSS JOIN

A type of JOIN that returns the Cartesian product of two tables, combining every row from the first table with every row from the second.

SQL Clauses

Components of SQL statements that define specific conditions or actions, such as SELECT, WHERE, and ORDER BY.

Encrypted Databases

Databases that use encryption techniques to secure data stored within, protecting it from unauthorized access.

Need for Encryption in Cloud DB Engines

Encryption is necessary in cloud database engines to ensure that sensitive information is protected against breaches and unauthorized access.

Encrypted Queries

Queries that are processed in an encrypted form to protect data while in transit; however, complexities arise when using certain operators like < or > with encrypted data.

Limitations of Encrypted Queries

Encrypted queries can face challenges with conditionals due to the nature of encryption, which may not support comparison operations directly.

Homomorphic Encryption

A type of encryption that allows computations to be performed on encrypted data without needing to decrypt it first, providing a solution for query limitations.