Security Re-engineering for Databases: Concepts and Techniques

  • Michael Gertz
  • Madhavi Gandhi

Summary

Despite major advancements in access control models and security mechanisms, most of today’s databases are still very vulnerable to various security threats, as shown by recent incident reports. A reason for this that existing databases used in e-businesses and government organizations are rarely designed with much security in mind but rely on security policies and mechansims that are added over time in an ad-hoc fashion. What is needed in such cases is a coherent approach for organizations to first evaluate the current secrutiy setup of a database, i.e., its policies and mechanisms, and then to re-design and improve the mechanisms in a focused way, that is, to apply an evolutionary rather than a revolutionary approach to improving database security.

In this book chapter, we present important principles and techniques of such a security re-engineering approach. Our focus is on the detection and prevention of insider misuse, which is still the biggest threat to security. We show how techniques such as focused auditing, and data and user profiling are integrated into a single methodological framework for database security evaluation. This framework is supported by an access path model, which provides information about data and user behavior, access correlations, and potential vulnerabilities. Based on the information obtained in this approach, we illustrate how security can be strengthened using standard database functionality.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Conference series on Recent Advances in Intrusion Detection (RAID), http://www.raid-symposium.org/.Google Scholar
  2. 2.
    Oracle audit vault. http://www.oracle.com/technology/products/audit-vault/index.htmlGoogle Scholar
  3. 3.
    Common Criteria for Information Technology Security Evaluation (Version 3.1). Technical report, http://www.commoncriteriaportal.org/public/expert/index.php?menu=2, 2006.Google Scholar
  4. 4.
    Cristina Abad, Jed Taylor, Cigdem Sengul, William Yurcik, Yuanyuan Zhou, and Kenneth E. Rowe. Log correlation for intrusion detection: A proof of concept. In 19th Annual Computer Security Applications Conference (ACSAC 2003), pages 255–265, 2003.Google Scholar
  5. 5.
    Ant Allen. Intrusion Detection Systems (IDS): Perspective. Technical report, Gartner Research Report DPRO-95367, Technical Overview, January 2002.Google Scholar
  6. 6.
    Robert H. Anderson. Research and Development Initiatives Focused on Preventing, Detecting, and Responding to Insider Misuse of Critical Defense Information Systems. Conference Proceedings CF-151-OSD. RAND Corporation, 1999.Google Scholar
  7. 7.
    Kun Bai, Hai Wang, and Peng Liu. Towards database firewalls. In 9th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec05), pages 178–192, 2005.Google Scholar
  8. 8.
    Daniel Barbara, Julia Couto, Sushil Jajodia, and Ningning Wu. An architecture for anomaly detection. In Daniel Barbara and Sushil Jajodia (eds.), Applications of Data Mining in Computer Security, pages 63–76. Kluwer Academic Publishers, 2002.Google Scholar
  9. 9.
    Carlo Batini and Monica Scannapieco (eds.). Data Quality: Concepts, Methodologies and Techniques (Data-Centric Systems and Applications). Springer, 2006.Google Scholar
  10. 10.
    Elisa Bertino, Claudio Bettini, Elena Ferrari, and Pierangela Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Transations on Database Systems, 23(3):231–285, 1998.CrossRefGoogle Scholar
  11. 11.
    Matt Bishop. Computer Security: Art and Science. Addison-Wesley, 2002.Google Scholar
  12. 12.
    Silvana Castano, Maria Grazia Fugini, , Giancarlo Martella, and Pierangela Samarati. Database Security. Addison-Wesley Professional, 1994.Google Scholar
  13. 13.
    Christina Yip Chung, Michael Gertz, and Karl N. Levitt. DEMIDS: A misuse detection system for database systems. In Third Working Conference on Integrity and Internal Control in Information Systems, IFIP TC11 Working Group 11.5, pages 159–178, 1999.Google Scholar
  14. 14.
    Christina Yip Chung, Michael Gertz, and Karl N. Levitt. Misuse detection in database systems through user profiling. In Recent Advances in Intrusion Detection (RAID’99), 1999.Google Scholar
  15. 15.
    Christina Yip Chung, Michael Gertz, and Karl N. Levitt. Discovery of multi-level security policies. In FIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security (DBSec00), pages 173–184, 2000.Google Scholar
  16. 16.
    Michael J. Covington, Wende Long, Srividhya Srinivasan, Anind K. Dey, Mustaque Ahamad, and Gregory D. Abowd. Securing context-aware applications using environment roles. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001), pages 10–20, 2001.Google Scholar
  17. 17.
    Vino Fernando Crescini and Yan Zhang. Policyupdater: a system for dynamic access control. International Journal of Information Security, 5(3):145–165, 2006.CrossRefGoogle Scholar
  18. 18.
    Tamraparni Dasu and Theodore Johnson, editors. Exploratory Data Mining and Data Cleaning. Wiley-Interscience, 2003.Google Scholar
  19. 19.
    DoD. DoD insider threat mitigation, Insider threat integrated process team, Final report of the insider threat integrated process team. Technical report, Washington, DC, 2000.Google Scholar
  20. 20.
    Carl Endorf, Gene Schultz, and Jim Mellander. Intrusion Detection and Prevention. McGraw-Hill Osborne Media, 2003.Google Scholar
  21. 21.
    Tom Fawcett and Foster J. Provost. Combining data mining and machine learning for effective user profiling. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining (KDD96), pages 8–13, 1996.Google Scholar
  22. 22.
    Tom E. Fawcett and Foster Provost. Fraud Deection. In Handbook of data mining and knowledge discovery, pages 726–731. Oxford University Press, Inc., 2002.Google Scholar
  23. 23.
    Amgad Fayad, Sushil Jajodia, and Catherine D. McCollum. Application-level isolation using data inconsistency detection. In 15th Annual Computer Security Applications Conference (ACSAC 1999), page 119, 1999.Google Scholar
  24. 24.
    David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224–274, 2001.Google Scholar
  25. 25.
    Michael Gertz and George Csaba. Monitoring mission critical data for integrity and availability. In IFIP TC11/WG11.5 Fifth Working Conference on Integrity and Internal Control in Information Systems (IICIS02), pages 189–201, 2002.Google Scholar
  26. 26.
    Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn, and Robert Richardson. 2005 CSI/FBI computer crime and security survey. Technical report, Computer Security Institute, 2005.Google Scholar
  27. 27.
    R. J. Hulsebosch, Alfons H. Salden, Mortaza S. Bargh, P. W. G. Ebben, and J. Reitsma. Context sensitive access control. In 10th ACM Symposium on Access Control Models and Technologies (SACMAT05), pages 111–119, 2005.Google Scholar
  28. 28.
    James Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng., 17(1):4–23, 2005.CrossRefGoogle Scholar
  29. 29.
    Ashish Kamra, Evimaria Terzi, and Elisa Bertino. Detecting anomalous access patterns in relational databases. To appear in The VLDB Journal, 2007.Google Scholar
  30. 30.
    David Knox. Effective Oracle Database 10g Security by Design. McGraw Hill Professional, 2004.Google Scholar
  31. 31.
    Carl E. Landwehr. Computer security. International Journal of Information Security, 1(1):3–13, 2001.Google Scholar
  32. 32.
    Terran Lane and Carla E. Brodley. Temporal sequence learning and data reduction for anomaly detection. In ACM Conference on Computer and Communications Security, pages 150–158, 1998.Google Scholar
  33. 33.
    Terran Lane and Carla E. Brodley. Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security, 2(3):295–331, 1999.CrossRefGoogle Scholar
  34. 34.
    Wenke Lee and Salvatore J. Stolfo. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3(4):227–261, 2000.CrossRefGoogle Scholar
  35. 35.
    Ninghui Li and Mahesh V. Tripunitara. Security analysis in role-based access control. ACM Transactions on Information and System Security, 9(4):391–420, 2006.CrossRefGoogle Scholar
  36. 36.
    Yingjiu Li, Ningning Wu, Xiaoyang Sean Wang, and Sushil Jajodia. Enhancing profiles for anomaly detection using time granularities. Journal of Computer Security, 10(1/2):137–158, 2002.Google Scholar
  37. 37.
    Peng Liu. Architectures for intrusion tolerant database systems. In 18th Annual Computer Security Applications Conference (ACSAC 2002), pages 311–320, 2002.Google Scholar
  38. 38.
    John McHugh. Intrusion and intrusion detection. International Journal of Information Security, 1(1):14–35, 2001.MATHGoogle Scholar
  39. 39.
    Jim Melton and Alan R. Simon. SQL: 1999 - Understanding Relational Language Components (The Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann, 2001.Google Scholar
  40. 40.
    Shubha U. Nabar, Bhaskara Marthi, Krishnaram Kenthapadi, Nina Mishra, and Rajeev Motwani. Towards robustness in query auditing. In Proceedings of the 32nd International Conference on Very Large Data Bases (VLDB06), pages 151–162, 2006.Google Scholar
  41. 41.
    Arup Nanda and Donald K. Burleson. Oracle Privacy Security Auditing. Rampant Techpress, 2003.Google Scholar
  42. 42.
    Ron Ben Natan. Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase. Elsevier Digital Press, 2005.Google Scholar
  43. 43.
    Peter G. Neumann. The challenges of insider misuse, Papers prepared for the workshop on preventing, detecting, and responding to malicious insider misuse, 16-18 August 1999, at RAND, Santa Monica, CA. Technical report, SRI Computer Science Lab, 1999.Google Scholar
  44. 44.
    Peng Ning and Sushil Jajodia. Intrusion detection systems basics. In Hossein Bidgoli (ed.), Handbook of Information Security, volume 3, pages 685–700. Wiley, 2006.Google Scholar
  45. 45.
    Sejong Oh, Ravi S. Sandhu, and Xinwen Zhang. An effective role administration model using organization structure. ACM Transactions on Information and System Security, 9(2):113–137, 2006.Google Scholar
  46. 46.
    Yong-Chul Oh and Shamkant B. Navathe. Seer: Security enhanced entity-relationship model for modeling and integrating secure database environments. In 14th International Conference on Object-Oriented and Entity-Relationship Modelling (ER95), pages 170–180, 1995.Google Scholar
  47. 47.
    Kyriacos Pavlou and Richard T. Snodgrass. Forensic analysis of database tampering. In Proceedings of the 2006 ACM SIGMOD international conference on management of data, pages 109–120, 2006.Google Scholar
  48. 48.
    Richard Power. 2002 CSI/FBI computer crime and security survey. Computer Security Issues & Trends, 8(1), 2002.Google Scholar
  49. 49.
    Marcus K. Rogers. Internal security threats. In Hossein Bidgoli (ed.), Handbook of Information Security, volume 3, pages 3–17. Wiley, 2006.Google Scholar
  50. 50.
    Arnon Rosenthal and Marianne Winslett. Security of shared data in large systems: State of the art and research directions. Tutorial at ACM SIGMOD International Conference on Management of Data, pages 962–964, 2004.Google Scholar
  51. 51.
    Pierangela Samarati and Sabrina De Capitani di Vimercati. Access control: Policies, models, and mechanisms. Tutorial Lectures in Foundations of Security Analysis and Design Springer, LNCS 2171, pages 137–196, 2000.Google Scholar
  52. 52.
    Jürgen Schlegelmilch and Ulrike Steffens. Role mining with ORCA. In 10th ACM Symposium on Access Control Models and Technologies (SACMAT05), pages 168–176, 2005.Google Scholar
  53. 53.
    Alexandr Seleznyov and Oleksiy Mazhelis. Learning temporal patterns for anomaly intrusion detection. In Proceedings of the 2002 ACM symposium on Applied computing, pages 209–213, 2002.Google Scholar
  54. 54.
    Robert Selby Sielken. Application intrusion detection. Master thesis, Department of Computer Science, University of Virginia, May 1999.Google Scholar
  55. 55.
    Richard T. Snodgrass, Shilong (Stanley) Yao, and Christian S. Collberg. Tamper detection in audit logs. In Proceedings of the 30th International Conference on Very Large Data Bases, pages 504–515, 2004.Google Scholar
  56. 56.
    Adrian Spalka and Jan Lehnhardt. A comprehensive approach to anomaly detection in relational databases. In 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec05), pages 207–221, 2005.Google Scholar
  57. 57.
    Pang-Ning Tan, Michael Steinbach, and Vipin Kumar, editors. Introduction to Data Mining. Addison-Wesley, 2006.Google Scholar
  58. 58.
    Jaideep Vaidya, Vijayalakshmi Atluri, and Qi Guo. The role mining problem: finding a minimal descriptive set of roles. In 12th ACM Symposium on Access Control Models and Technologies (SACMAT07), pages 175–184, 2007.Google Scholar
  59. 59.
    Hai Wang and Peng Liu. Modeling and evaluating the survivability of an intrusion tolerant database system. In 11th European Symposium on Research in Computer Security (ESORICS06), pages 207–224, 2006.Google Scholar
  60. 60.
    Dit-Yan Yeung and Yuxin Ding. User profiling for intrusion detection using dynamic and static behavioral models. In Advances in Knowledge Discovery and Data Mining, 6th Pacific-Asia Conference, PAKDD 2002, pages 494–505, 2002.Google Scholar

Copyright information

© Springer Science+Business Media, LLC. 2008

Authors and Affiliations

  • Michael Gertz
    • 1
  • Madhavi Gandhi
    • 2
  1. 1.Department of Computer ScienceUniversity of California at DavisDavis
  2. 2.Department of Mathematics and Computer ScienceCalifornia State UniversityEast Bay

Personalised recommendations