Databases Reference
In-Depth Information
ble) all the data that is of poor quality and to set up mechanisms that help
prevent data of poor quality in the future. For this, mechanisms as simple
as integrity constraints that restrict the admissible values of attributes can
be very effective. More complex properties of the data, e.g., admissible rela-
tionships between attribute values of one or more relations can be realized
as well, mostly using database triggers. The discovery of integrity constraints
and their enforcement using standard database functionality thus plays an
important role in the security re-engineering of databases, because they can
effectively detect and prevent potential misuse patterns, no matter whether
these patterns stem from accidental or intentional misuse.
Temporal Profiles and Access Properties
Snapshot profiles describe properties of some relations' data at a single point
in time, that is, for a given database instance. In order to further evaluate the
security of the database and to develop respective enforcing security mecha-
nisms, however, it is important to get a good understanding of how the data
behave and evolve over time. For this, we distinguish two objectives:
1. determining the behavior of the data over time, and
2. determining the behavior of accesses to the data over time.
The first objective can be realized by periodically taking snapshot profiles
and analyzing sequences of snapshot profiles for certain trends. Key to such
an approach is the appropriate choice of time-granularities, that is, instants in
time when to perform the snapshot profiling, an aspect that heavily depends
on the particular application setting of the database. Assume for a relation
R
, snapshot profiles
DataP rof
(
R, t
1
)
,...DataProf
(
R, t
k
) have been
determined at times
t
1
,...,t
k
. The goal of the analysis of these profiles then
is to discover trends in the behavior of the data. These trends, managed in
temporal profiles with a measure/value pair structure similar to snapshot
profiles, can include coarse grained properties such the increase or decrease
ratio of the number of tuples in
R
between consecutive timestamps
t
i
and
t
i
+1
as well as more fine-grained properties such as the significant variations
in the frequency and/or distribution of attribute values. The outcome of this
analysis is again evaluated and verified with respect to the expected behavior
of the data. The purpose of this type of trend analysis is less to derive further
security mechanisms but to gain confidence in individual snapshot profiles and
the properties of relations and data at respective points in time. Again, these
profiling tasks can go hand in hand with the process of managing statistics
for relations for query optimization purposes (here now, such statistics are
maintained over time, again in auxiliary relations).
The task much closer related to misuse and anomaly detection is the man-
agement and profiling of accesses to the relations over time. In the most simple
case, once some anomalous data or data behavior have been discovered, one
might naturally ask “what user is responsible for this behavior of the data?”.
∈R
