Principles of Data Security

With the greatly increased use of electronic media for processing and storing data, data security became an important practical issue. This is especially true for the extensively shared and distributed systems which are more and more being accepted in commercial operations. Essen­ tially, the problem is that of protecting data, including all the impli­ cations which this has to the end user as well as the systems or database designer. However, usually the term data security refers to protection by technical, i.e., computer science specific, means; if one wants to in­ clude issues such as physical security, how to select the group of people who should have authority to perform certain operations, etc., the term computer security is more appropriate. The object of this book is to provide technical solutions to (facets of) the problem of achieving data security. The reader who hopes to find clever recipes which allow circumventing protection mechanisms will, however, be sadly disappointed. In fact, we deliberately kept the presentation of the material at a fairly general level. While the short­ term benefit of such an approach may be somewhat smaller, we feel that without a thorough understanding of the fundamental issues and problems in data security there will never be secure systems. True, peo­ ple probably always considered certain security aspects when designing a system. However, an integrated approach is absolutely imperative.