Security Re-engineering for Databases: Concepts and Techniques

  • Michael Gertz
  • Madhavi Gandhi

Summary

Despite major advancements in access control models and security mechanisms, most of today’s databases are still very vulnerable to various security threats, as shown by recent incident reports. A reason for this that existing databases used in e-businesses and government organizations are rarely designed with much security in mind but rely on security policies and mechansims that are added over time in an ad-hoc fashion. What is needed in such cases is a coherent approach for organizations to first evaluate the current secrutiy setup of a database, i.e., its policies and mechanisms, and then to re-design and improve the mechanisms in a focused way, that is, to apply an evolutionary rather than a revolutionary approach to improving database security.

In this book chapter, we present important principles and techniques of such a security re-engineering approach. Our focus is on the detection and prevention of insider misuse, which is still the biggest threat to security. We show how techniques such as focused auditing, and data and user profiling are integrated into a single methodological framework for database security evaluation. This framework is supported by an access path model, which provides information about data and user behavior, access correlations, and potential vulnerabilities. Based on the information obtained in this approach, we illustrate how security can be strengthened using standard database functionality.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer Science+Business Media, LLC. 2008

Authors and Affiliations

  • Michael Gertz
    • 1
  • Madhavi Gandhi
    • 2
  1. 1.Department of Computer ScienceUniversity of California at DavisDavis
  2. 2.Department of Mathematics and Computer ScienceCalifornia State UniversityEast Bay

Personalised recommendations