Detecting, Monitoring and Preventing Database Security Breaches in a Housing-Based Outsourcing Model

  • Tran Khanh Dang
  • Tran Thi Que Nguyet
  • Truong Quynh Chi
Conference paper

Abstract

In a housing-based outsourcing model, the database server is the client’s property and the outsourcing service provider only provides physical security of machines and data, and monitors (and if necessary restores) the operating condition of the server. Soft security-related aspects (e.g., DBMS security breaches) are the client’s responsibility. This is a non-trivial task for most of the clients.In this paper, we propose an extensible architecture for detecting, monitoring and preventing database security breaches in a housing-based outsourcing model. The architecture can help in dealing with both outsider and insider threats. It is well suited for the detection of both predefined and potential security breaches. Our solution to the database security breach detection is based on the well-known pentesting- and version checking-based techniques in network and operation systems security. The architecture features visual monitoring and secure auditing w.r.t. all database user activities in real time. Moreover, it also supports automatic prevention techniques if security risks are established w.r.t. the found security breaches.

Keywords

Client Side Structure Query Language Audit Data Security Breach Database Activity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ashish, K., Evimaria, K., Elisa, B.: Detecting Anomalous Access Patterns in Relational Databases. VLDB Journal, 17(5), 1063–1077 (2008)CrossRefGoogle Scholar
  2. 2.
    The Bundesamt für Sicherheit in der Informationstechnik: Study: A Penetration Testing Model, URL: (2003)Google Scholar
  3. 3.
    Dang, T.K., Nguyen, T.S.: Providing Query Assurance for Outsourced Tree-Indexed Data. HPSC2006, Hanoi, Vietnam, pp. 207–224 (2008)Google Scholar
  4. 4.
    Dang, T.K.: Ensuring Correctness, Completeness and Freshness for Outsourced Tree-Indexed Data. IRMJ, Idea Group, 21(1), 59–76 (2008)MathSciNetGoogle Scholar
  5. 5.
    Dang, T.K., Truong, Q.C., Cu-Nguyen, P.H., Tran, T.Q.N.: An Extensible Framework for Detecting Database Security Flaws. ACOMP2008, Vietnam, pp. 68–77 (2008)Google Scholar
  6. 6.
    Dang, T.K., Tran, T.Q.N., Truong, Q.C.: Security Issues in Housing Service Outsourcing Model with Database Systems. ASIS LAB, ASIS-TR-0017/2009, URL: (2009)Google Scholar
  7. 7.
    Geer, D., Harthorne, J.: Penetration testing: a duet. Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, USA, pp. 185–198 (2002)Google Scholar
  8. 8.
    Handscombe, K.: Continuous Auditing From A Practical Perspective. Information Systems Control Journal, 2 (2007)Google Scholar
  9. 9.
    Huynh, V.Q.P, Dang, T.K: eM2: An Efficient Member Migration Algorithm for Ensuring k-Anonymity and Mitigating Information Loss. VLDB Workshop on Secure Data Management, LNCS, Springer Verlag, Singapore, pp. 26–40 (2010)Google Scholar
  10. 10.
    Natan, R.B.: Implementing Database Security and Auditing. Elsevier Digital Press (2005)Google Scholar
  11. 11.
    Qiang, L.: Defense In-Depth to Achieve Unbreakable Database Security. ICITA2004, China, pp. 386–390 (2004)Google Scholar
  12. 12.
    Raffael, M.: Applied Security Visualization. Addison-Wesley (2008)Google Scholar
  13. 13.
    Rich, M.: Understanding and Selecting a Database Activity Monitoring Solution. URL: (2008)Google Scholar
  14. 14.
    Surajit, C., Arnd, C., Koenig, V.N.: SQLCM: A Continuous Monitoring Framework for Relational Database Engines. ICDE2004, USA, pp. 473–485 (2004)Google Scholar
  15. 15.
    Tran, T.Q.N., Dang, T.K.: Towards Side-Effects-free Database Penetration Testing. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 1(1), 72–85 (2010)Google Scholar
  16. 16.
    Varun, C., Arindam B., Vipin K.: Anomaly Detection: A Survey. ACM Computing Surveys (CSUR), 41(3), article 15 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tran Khanh Dang
    • 1
  • Tran Thi Que Nguyet
    • 1
  • Truong Quynh Chi
    • 1
  1. 1.Faculty of Computer Science & EngineeringHCMUTHo Chi Minh CityVietnam

Personalised recommendations