Databases Reference
In-Depth Information
Other related work that proposes specific techniques to detect and prevent
tampering with the integrity and confidentiality of the data managed in a
DBMS include the work by Liu and colleagues [37, 59] in which they describe
the concepts and a prototype for an intrusion tolerant database. An interesting
idea to further protect a database has been proposed by Bai et al. [7], where
they describe the concept of a database firewall that helps continuing some
database services even if the database is under attack. The work by Snodgrass
et al. [47, 55] focuses specifically on the tampering with database audit logs in
the context of forensic analysis, an important aspect relevant to our approach,
because data and profiling techniques heavily rely on correctly recorded audit
data.
Although most of the above work focus on intrusion and anomaly detection
approaches in database system, none of them considers a coherent approach in
which user profiles and access patterns discovered from audit data and queries
are used to re-design security mechanisms in a coherent and methodological
fashion. An interesting and important future research direction thus would be
the investigation on how some of the techniques proposed in these approaches
can be used to further enrich a security re-design technique for databases and
to derive security enforcing mechanisms that go beyond those proposed in this
chapter.
7 Conclusions and Future Directions
As with any complex software system, poor configuration practices cause vul-
nerabilities that can be exploited by intruders and insiders. This is equally
true for DBMSs where the main focus of standard configuration practices is
on the ecient and fault-tolerant operation of the database serving data to
applications. Security policies and mechanisms are often only implemented or
revised in an ad-hoc fashion when responding to changing application and user
requirements, leading to an incoherent and potentially inconsistent database
security maintenance and design approach.
Strengthening the security of a database is a non-trivial task, given that
many of today's databases used in e-businesses and government organizations
are extremely complex in terms of the amount of data served to a variety of
applications in a networked information system infrastructure. In this chapter,
we presented some fundamental concepts and techniques that help adminis-
trators and security personnel to gradually evaluate and improve the security
of a database. For the evaluation of security policies, we have shown how
data, user, and access profiles obtained from audit trails can effectively be ex-
plored and analyzed using the access path model. In this model, diverse access
correlations between components at the application and database layer can
be investigated and compared to current security requirements and expected
practices.
