Databases Reference
In-Depth Information
12
Security Re-engineering for Databases:
Concepts and Techniques
Michael Gertz
1
and Madhavi Gandhi
2
1
Department of Computer Science
University of California at Davis, CA
gertz@cs.ucdavis.edu
2
Department of Mathematics and Computer Science
California State University, East Bay, CA
madhavi.gandhi@eastbay.edu
Summary.
Despite major advancements in access control models and security
mechanisms, most of today's databases are still very vulnerable to various secu-
rity threats, as shown by recent incident reports. A reason for this that existing
databases used in e-businesses and government organizations are rarely designed
with much security in mind but rely on security policies and mechansims that are
added over time in an ad-hoc fashion. What is needed in such cases is a coherent
approach for organizations to first evaluate the current secrutiy setup of a database,
i.e., its policies and mechanisms, and then to re-design and improve the mechanisms
in a focused way, that is, to apply an evolutionary rather than a revolutionary ap-
proach to improving database security.
In this topic chapter, we present important principles and techniques of such a
security re-engineering approach. Our focus is on the detection and prevention of
insider misuse, which is still the biggest threat to security. We show how techniques
such as focused auditing, and data and user profiling are integrated into a single
methodological framework for database security evaluation. This framework is sup-
ported by an access path model, which provides information about data and user
behavior, access correlations, and potential vulnerabilities. Based on the informa-
tion obtained in this approach, we illustrate how security can be strengthened using
standard database functionality.
1 Introduction
In most of today's information system infrastructures employed by e-businesses
and government organizations, database management systems (DBMSs) serve
as the back-end for managing and delivering often mission-critical and sensi-
tive data. Although such infrastructures are comprised of many components,
such as networks and application servers, we conjecture that the data man-
aged in databases is often the most valuable asset to an organization. The
