Databases Reference
In-Depth Information
the integrity of the data, to outside hackers, criminals, and spies that gain
unauthorized access to the data [19, 49].
Some key observations that drive our security re-engineering approach
can be informally stated as follows. First, traditional host-based and network-
based IDSs are ineffective in dealing with insider misuse at the database level.
This is because users typically have legitimate access to the database and
applications, and misuse patterns are not reflected at the network or system
level but at a much finer level of granularity in the database (e.g., deletions
and modifications of tuples). However, it seems reasonable to combine such
IDSs with a database-based anomaly and misuse detection approach. Second,
excessive database and application privileges assigned to legitimate users can
be exploited by the users as well as intruders that gain access to user accounts,
an aspect often mentioned in the above reports. This aspect obviously relates
to the principle of least privilege [11, 31], that is, no subject should be assigned
more privileges than those that are necessary and sucient to carry out their
tasks.
In the following, we discuss the first steps of a security re-engineering
approach to databases, consisting of the profiling of the data managed in the
database and the users operating on the data. In Section 4, we then discuss
how these steps are embedded in a methodological security re-engineering
framework.
3 Data and User Profiling
The basic technique underlying the detection of intrusions and insider misuse,
and subsequently the re-engineering of security mechanisms, is to monitor
what types of actions users perform on a database system. In the following,
we take a data-centric view on this and detail different profiling approaches. In
Section 3.1, we first elaborate on some standard database auditing techniques
as important prerequisite for profiling. In Sections 3.2 and 3.3, we then discuss
how audit data is used to profile data and users, respectively.
3.1 Auditing
In the context of database systems, auditing is the process of monitoring
and recording selected database event and activities [25, 42]. Auditing is pri-
marily used to provide for accountability, the validation of security policies,
and to capture and review the observed behavior of applications, users and
database objects. Auditing is also often a requirement for organizations that
have to comply with federal laws and regulations such as the Health Insur-
ance Portability and Accountability Act (HIPAA) of 1996, Sarbanes-Oxley
Act of 2002, and the Graham-Leach-Bliley Act (GLBA) of 1999. In the lat-
ter cases, auditing primarily serves the purpose of establishing accountability
