Interactive multi-layer policies for securing relational databases

The security of database depends on a set of systems, roles, procedures, and processes that protect the entire database from unintended activities. These unintended activities can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized users. If any intruder succeeds in attacking the system network, the database security will be the last line of defense in protecting confidentiality, availability, and integrity. This paper presents interactive multi-layer policies for securing relational database that lies on the server side, monitor authorized users who may misuse their privileges on the client side, and monitor database administrators who may use their multiple privileges to penetrate the security system. These multi-layer policies can be combined together to create a defense system that puts the intruder under pressure at all security levels in order to protect the integrity and confidentiality of database.

[1]  Lianzhong Liu,et al.  A new lightweight database encryption scheme transparent to applications , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[2]  Xing-hui Wu,et al.  Research of the Database Encryption Technique Based on Hybrid Cryptography , 2010, 2010 International Symposium on Computational Intelligence and Design.

[3]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[4]  Nhan Le Thanh,et al.  Enforcing Access Control to Web Databases , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[5]  Kamaljit Kaur,et al.  Numeric To Numeric Encryption of Databases: Using 3Kdec Algorithm , 2009, 2009 IEEE International Advance Computing Conference.

[6]  Elisa Bertino,et al.  Design and Implementation of an Intrusion Response System for Relational Databases , 2011, IEEE Transactions on Knowledge and Data Engineering.

[7]  Yuyan Jiang,et al.  Database Encryption and Confirmation Mechanism Research , 2010, ICMT 2010.

[8]  Zhou Yuping,et al.  Research and realization of multi-level encryption method for database , 2010, 2010 2nd International Conference on Advanced Computer Control.

[9]  Elisa Bertino,et al.  Mechanisms for database intrusion detection and response , 2008, IDAR '08.

[10]  You-Jin Song,et al.  A Bucket ID Transformation Scheme for Efficient Database Encryption , 2008, 2008 International Conference on Information Networking.

[11]  Jinbiao Hou Research on Database Security of E-Commerce Based on Hybrid Encryption , 2009 .

[12]  Hiroyuki Kitagawa,et al.  A Novel Framework for Database Security Based on Mixed Cryptography , 2009, 2009 Fourth International Conference on Internet and Web Applications and Services.

[13]  Zahid Anwar,et al.  TRDBAC: Temporal reflective database access control , 2010, 2010 6th International Conference on Emerging Technologies (ICET).

[14]  Svetlana G. Antoshchuk,et al.  Automated design method of hierarchical access control in database , 2009, 2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[16]  Ueli Maurer The role of cryptography in database security , 2004, SIGMOD '04.

[17]  Ying Zheng,et al.  Study on the access control model , 2011, Proceedings of 2011 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference.

[18]  S. Swamynathan,et al.  Purpose Based Access Control for Privacy Protection in Object Relational Database Systems , 2010, 2010 International Conference on Data Storage and Data Engineering.