An Extensible Framework for Detecting Database Security Flaws
نویسندگان
چکیده
Knowing flaws existing in a database security system is very useful for database protection. Database security flaws come from various sources, not only from network, database management systems, but also from the way an administrator manages a database system. Even then, to the best of our knowledge, existing researches for detecting security flaws mostly focus on the network environment, but database security systems. In this paper, we propose a framework for detecting database security flaws. The proposed framework is extensible and can be adapted to explore security flaws in any database systems. Notably, with this framework we can easily define a new potential database security flaw and an effective method to probe and verify it. The prototype and experimental results with Oracle will confirm our approach’s effectiveness and efficiency.
منابع مشابه
Detecting known host security flaws over a network connection
To test if a host contains any known security flaws over a network connection a Vulnerability Assessment (VA) could be made. This thesis describes different techniques used by VA tools over a network connection to detect known security flaws. To decrease the risk of flaws not being detected, several VA tools could be used. There is no common way of merging information from different VA tools. T...
متن کاملAn Authorization Framework for Database Systems
Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most im...
متن کاملA Formal Approach to Detecting Security Flaws in Object-Oriented Databases
Detecting security aws is important in order to keep the database secure. A security aw in object-oriented databases means that a user can infer the result of an unpermitted method only from permitted methods. Although a database management system enforces access control by an authorization, security aws can occur under the authorization. The main aim of this paper is to show an e cient decisio...
متن کاملManual for Slede Annotation Language
Verifying sensor network security protocol implementations using testing/simulation might leave some flaws undetected. Formal verification techniques have been very successful in detecting faults in security protocol specifications; however, they generally require building a formal description (model) of the protocol. Building accurate models is hard, thus hindering the application of formal ve...
متن کاملAn Extensible Framework for Database Security Assessment and Visualization
By using database security metrics to evaluate how risky the current database environment is and visually displaying the metric results on graphs, database security visualization and assessment method assists the administrators in holding a panoramic view of security over the database system as well as the detailed activity of each DBMS in the system. The present trend shows that it is obviousl...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008