Security Re-engineering for Databases: Concepts and Techniques
- Michael GertzAffiliated withDepartment of Computer Science, University of California at Davis
- , Madhavi GandhiAffiliated withDepartment of Mathematics and Computer Science, California State University
Despite major advancements in access control models and security mechanisms, most of today’s databases are still very vulnerable to various security threats, as shown by recent incident reports. A reason for this that existing databases used in e-businesses and government organizations are rarely designed with much security in mind but rely on security policies and mechansims that are added over time in an ad-hoc fashion. What is needed in such cases is a coherent approach for organizations to first evaluate the current secrutiy setup of a database, i.e., its policies and mechanisms, and then to re-design and improve the mechanisms in a focused way, that is, to apply an evolutionary rather than a revolutionary approach to improving database security.
In this book chapter, we present important principles and techniques of such a security re-engineering approach. Our focus is on the detection and prevention of insider misuse, which is still the biggest threat to security. We show how techniques such as focused auditing, and data and user profiling are integrated into a single methodological framework for database security evaluation. This framework is supported by an access path model, which provides information about data and user behavior, access correlations, and potential vulnerabilities. Based on the information obtained in this approach, we illustrate how security can be strengthened using standard database functionality.
- Security Re-engineering for Databases: Concepts and Techniques
- Book Title
- Handbook of Database Security
- Book Subtitle
- Applications and Trends
- pp 267-296
- Print ISBN
- Online ISBN
- Springer US
- Copyright Holder
- Springer Science+Business Media, LLC.
- Additional Links
- Industry Sectors
- eBook Packages
- Editor Affiliations
- 1. Dept. of Computer Science, University of California at Davis
- 2. George Mason University Center for Secure Information Systems Research I
- Author Affiliations
- 3. Department of Computer Science, University of California at Davis, Davis, CA
- 4. Department of Mathematics and Computer Science, California State University, East Bay, CA
To view the rest of this content please follow the download PDF link above.