A reference model for database security proxy

How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST's firewall reference model by adding a transmission unit modification function and an attribute value mapping function, describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.

[1]  John P. McDermott Replication Does Survive Information Warfare Attacks , 1997, DBSec.

[2]  Richard D. Graubart,et al.  Design Overview for Retrofitting Integrity-Lock Architecture onto a Commercial DBMS , 1985, 1985 IEEE Symposium on Security and Privacy.

[3]  Eugene H. Spafford,et al.  A reference model for firewall technology , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[4]  Angelos D. Keromytis,et al.  Implementing a distributed firewall , 2000, CCS.

[5]  Sushil Jajodia,et al.  Surviving information warfare attacks on databases , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[6]  Dorothy E. Denning,et al.  Commutative Filters for Reducing Inference Threats in Multilevel Database Systems , 1985, 1985 IEEE Symposium on Security and Privacy.