Design and implementation of multi-layer policies for database security

The security of database depends on a set of systems, roles, procedures, and processes that protect the entire database from unintended activities. Unintended activities can be categorized as authentic ated misuse, malicious attacks or inadvertent mistakes made by authorized users. If any intruder succeeds in attacking the system network, the database security will be the last line of defense in protecting confidentiality, availability, and integrity. This paper presents inte ractive multi-layer policies for securing relational database that lies on the server side, monitor authorized users who may misuse their privileges on the client side, and monitor database administrators who may use their multiple privileges to penetrate the security system. These multi-layer policies can be combined together to create a defense system that puts the intruder under pressure at all security levels in order to protect integrity and confidentiality of database.

[1]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[2]  Ying Zheng,et al.  Study on the access control model , 2011, Proceedings of 2011 Cross Strait Quad-Regional Radio Science and Wireless Technology Conference.

[3]  Lianzhong Liu,et al.  A new lightweight database encryption scheme transparent to applications , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[4]  Kamaljit Kaur,et al.  Numeric To Numeric Encryption of Databases: Using 3Kdec Algorithm , 2009, 2009 IEEE International Advance Computing Conference.

[5]  Elisa Bertino,et al.  Design and Implementation of an Intrusion Response System for Relational Databases , 2011, IEEE Transactions on Knowledge and Data Engineering.

[6]  Yuyan Jiang,et al.  Database Encryption and Confirmation Mechanism Research , 2010, ICMT 2010.

[8]  Jinbiao Hou Research on Database Security of E-Commerce Based on Hybrid Encryption , 2009 .

[9]  Hiroyuki Kitagawa,et al.  A Novel Framework for Database Security Based on Mixed Cryptography , 2009, 2009 Fourth International Conference on Internet and Web Applications and Services.

[10]  Nhan Le Thanh,et al.  RBAC+: Dynamic Access Control for RBAC-Administered Web-Based Databases , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[11]  Xing-hui Wu,et al.  Research of the Database Encryption Technique Based on Hybrid Cryptography , 2010, 2010 International Symposium on Computational Intelligence and Design.

[12]  Ueli Maurer The role of cryptography in database security , 2004, SIGMOD '04.

[13]  S. Swamynathan,et al.  Purpose Based Access Control for Privacy Protection in Object Relational Database Systems , 2010, 2010 International Conference on Data Storage and Data Engineering.

[14]  You-Jin Song,et al.  A Bucket ID Transformation Scheme for Efficient Database Encryption , 2008, 2008 International Conference on Information Networking.

[15]  Svetlana G. Antoshchuk,et al.  Automated design method of hierarchical access control in database , 2009, 2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[16]  Zahid Anwar,et al.  TRDBAC: Temporal reflective database access control , 2010, 2010 6th International Conference on Emerging Technologies (ICET).

[17]  Nhan Le Thanh,et al.  Enforcing Access Control to Web Databases , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[18]  Zhou Yuping,et al.  Research and realization of multi-level encryption method for database , 2010, 2010 2nd International Conference on Advanced Computer Control.

[19]  Elisa Bertino,et al.  Mechanisms for database intrusion detection and response , 2008, IDAR '08.