Databases Reference
In-Depth Information
4 Access Path Model
A typical production-type database setup may contain thousands of database
objects, hundreds of users and roles and, consequently, many complex access
privilege structures. Furthermore, several applications may operate on a sin-
gle database and its objects using different accounts and privileges. In order
to apply a security re-engineering approach to such a complex setting, it is
essential to have a good methodology that helps administrators and security
personnel to suitably approach the tasks of data and user profiling, analysis
and correlation of profiles, and re-design of security policies and mechanisms.
In this section, we present the access path model, which helps accomplish-
ing these tasks in a focused manner. In Section 4.1, we outline the specific
problem setting and the objectives the access path model addresses. In Section
4.2, we introduce the components of the access path model. Section 4.3 then
discusses how the model is used to accomplish different security re-engineering
tasks.
4.1 Problem Setting and Objectives
As discussed in the previous sections, if erroneous or anomalous data have
been discovered, one would like to identify the user(s) who operated on these
data. There are several aspects that make it very di
cult to establish such
correlations. First, a complex information system infrastructure can consist
of multiple layers, typically several applications on top of a single database,
with numerous users at both the application and database layer, including
persons, application users, and database users. Most approaches to anomaly
and misuse detection assume that the notion of a user is well-defined, typically
a user directly operating on the data. However, what precisely constitutes a
user in a more complex setting such as outlined above? A person, an applica-
tion account, or a database account (possibly having several database roles)?
What if users and/or applications share accounts? How can accesses to the
data be traced back to users? As accesses to the data occur through several
layers, starting with a person or application, which, in turn, performs opera-
tions on the database, correlating anomalous data and data behavior with a
person is not a trivial task. However, in order to adhere to the principle of
accountability, being able to determine such correlations is a must.
To address these problems, we propose the
access path model
. The objective
of the access path model is to help administrators and security personnel in a
focused re-engineering approach to database systems. This is accomplished by
a methodology to describe, annotate, explore, and correlate so-called access
paths. An
access path
, which will be described more formally below, basically
specifies in which way a person operates on the data managed in a DBMS.
Different components of an access path are annotated with data and user
profiles and allow for an easy comparison of access correlations at the different
layers of access. The access path model provides a comprehensive framework
