An Authorization Framework for Database Systems

Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most important them is the database. A database in addition to being a repository of data, acts as a common information bus between system components. For this reason, any attack on the database may disrupt the operation of other components of the system. In fact, database security is shared throughout the whole information system. The attack may carried out in various ways, such as data theft, damaging data, and privacy breach. According to the sensitivity of the stored data, database attack could lead to significant human and financial losses even at the national level. Among the different types of threats, since legitimate operator plays a key role in an information system, his/her threat is one of the most dangerous threats to the security and integrity of a database system. This type of cyber-attack occurs when an insider operator abuses his/her legal permissions in order to access unauthorized data. In this paper, a new performance-based authorization framework has been presented which is able to reduce the potential of insider threat in the database system. The proposed method insure that only authenticated operator performs authorized activities on the database objects. In the proposed framework, the access permission of the operator to a database table is determined using his/her performance and the level of sensitivity of the table. The value of the operator performance is updated periodically or when an abuse is detected, in order to protect access to the contents of a database as well as preserve the consistency, integrity, and overall quality of the data. Simulation results, using real dataset from a hospital information system, indicate that the proposed framework has effective performance for mitigating insider threats.