See all › Download citation Recruit

Share
Search for publications, researchers, or questions or Discover by subject area researchers Download full-text
Join for free PDFLogin
8 References

Security Of Database Management Systems Ad

Article (PDF Available) · January 2016 with 366 Reads

Cite this publication

Ashour A N Mostafa
1.16 · The Higher Institute of Science and Technology

Abstract

The history of database research backs to more than thirty years, in which created the concept of the relational database system that has become
the most fundamental change for organizations strategy. Technology evolution has produced more powerful systems that relate to economic
impacts in the recent decade. Organizations must ensure its information and data be secured and confidential. Therefore, they deploy systems or
applications have functions, services, and tools for data maintenance and management packed into the so-called Relational Database
Management System (RDBMS). Such functions contain services plus privileges for authorization to keep legitimate users (authorized) to access
the database. The database must be insecure. RDBMS refers to relational database management systems that are using a relational model that
developed by the researcher Codd at IBM laboratory. Database protection means disallowing illegitimate users to access the database and its
sensitive information whether intentional or accidental. Therefore, most of the firms are taking account of possibility of threats as measures to
their database systems. This paper addresses the relational database threats and security techniques considerations in relation to situations:
threats, countermeasures (computer-based controls) and database security methods.

Discover the world's research

15+ million members

118+ million publications
700k+ research projects

Join for free

Content uploaded by Ashour A N Mostafa Author content Download full-text PDF

Security of Relational Database Management System: Threats and

Security Techniques
ASHOUR A N MOSTAFA / ID: 153915643

Infrastructure University Kuala Lumpur, Malaysia

Faculty of Creative Media and Innovative Technology

Abstract: firms are taking account of possibility of

T
threats as measures to their database
he history of database research systems. This paper addresses the relational
backs to more than thirty years, in database threats and security techniques
which created the concept of the considerations in relation to situations:
relational database system that has become threats, countermeasures (computer-based
the most fundamental change for controls) and database security methods [1,
organizations strategy. Technology 8, 9].
evolution has produced more powerful
systems that relate to economic impacts in Introduction:
the recent decade.
As known, in recent years, hardware
Organizations must ensure its information capability and capacity of volumes, in
and data be secured and confidential. addition, huge uses of World Wide Web
Therefore, they deploy systems or platforms and information systems have led
applications have functions, services, and to adopt the relational database systems as
tools for data maintenance and management infrastructure to the data repository. Huge
packed into the so-called Relational amounts of data and information has become
Database Management System (RDBMS). prime concern of security challenges
Such functions contain services plus because the management of information has
privileges for authorization to keep become decentralized.
legitimate users (authorized) to access the
CIA triangle of security that refers to
database. The database must be insecure.
RDBMS refers to relational database confidentiality, integrity, and availability
management systems that are using a often is the basis of relational database
security concept. These factors must be
relational model that developed by the
researcher Codd at IBM laboratory. existed into application processes to
guarantee the data to be in safe [1].
Database protection means disallowing
illegitimate users to access the database and Theft and fraud have an influence on the
database environment, and hence the whole
its sensitive information whether intentional
or accidental [4]. Therefore, most of the corporation. It is not rather making changes
on the data itself, but it may decrease the

privacy and integrity. Confidentiality refers
to maintain the secrecy of data, usually only
is critical to the organization. Breaches of
security resulting in loss of confidentiality
could lead to loss of privacy and
competitiveness. Failure of integrity means
the data is corrupt and modified.. Many
organizations are seeking the availability,
the so-called 24/7 availability (that is, 24
hours a day, 7 days a week). Loss of
availability means the system, or the data, or
both cannot be accessed. Therefore,
relational database management system aims
to reduce the losses that are caused by
threats or anticipated events. Threat is a
situation or an event that may adversely
affect a system, and hence the organization.
The organization should invest time and
effort to detect and identify the most serious
threats [1, 8, 9].
Millions of online operations conduct via
unreliable Internet connection such as
electronic commerce and electronic banking.
Those types of transactions impose a kind of
transferring sensitive assets and information
[2]. This is a challenge to the services
providers to get user’s trust. Therefore, it
has a strong protection of data containers
such a RDBMS. Not all kind of data require
being safe and protected, but the most
critical data that relate to users’ information
and money transactions. Corporation can
specify the nature of information needed to
be encrypted with high level of security such
as ministry of defense [8, 9].
This paper shows some of the
countermeasures that are computer-control
based such as authorization, access control,
backup and recovery, encryption. It must
taking account the encryption process of
sensitive data require high performance of
the system because it will need decrypting
of those data. Therefore, the programmer
must ensure using optimized security
algorithms while coding the application [8,
9].
1. What are the Attacks?
Rapid evolution of breach methods to the
SME organizations called to adopt standards
of security measures like CIA. However, it
becomes sophisticated due to diversity of
attacks either direct or indirect.
The unclassified user can have legal access
to the database to use public information,
but he may be able to infer classified
information. There are three levels of attacks
to the relational databases: direct, indirect
and by tracking. Direct attack is obvious.
The attacker can easily access to the
database if it does not have any protection
mechanism. Indirect attack is used by
expecting the desired data from displayed
data using combinations of queries. The
tracking attack is executed by suppression of
the dominant results [3].
RDBMS threats can be summarized as:
 The administrator could be grant the user
privileges that not required. Abuse of
uses of these privileges may lead to
create trapdoors of the application.
 The user has a legitimate privilege
access to the database. He/She may have
bad intention to abuse the utility.

 One of the threats is vulnerability of the program) to have legitimate access to a

software or the operating system. This
helps the intruder to breach sensitive
information as backdoors.
1.1. Mechanisms of Attack Control
[3]:
 Rejection without any response when the
requests for accessing the database to
display the results of sensitive data.
 Disability of the intruder to guess the
real information or values because the
system will display the results close to
the real ones.
 When the sensitive data will be detected,
the system should limit the results to
prevent the attacker to reveal the data.
 Combination of the results will make the
attacker to be confused about knowing
the sensitive data.
system or systems’ objects. It involves the
authentication of subject requesting access
to objects. The administrator usually create
accounts with specific privileges according
to the security level of the user.
Access Controls into a relational database
can allow/disallow the user to access the
system. RDBMS keeps track the privileges
process.
Views are consequence of flexible
operations were being conducted on the
main relation. It is a mechanism of dynamic
processes of security, in which it shows
parts and hide other parts according to the
users’ privileges.
Process of Backup As known, the backup
means capturing a copy of log files of
instance processes plus a copy of the
relational database periodically and storing
either on external storage or cloud to restore
later.

Integrity is a process to maintain a secure

2. Countermeasures (Computer- RDBMS by preventing data from becoming
based Control): invalid, and hence misleading or incorrect
results.
This type ranges from physical controls to
administrative procedures. It can be
categorized into various forms of control as
[1]: 3. Techniques of RDBMS Security:

 Authorization. Encryption is encoding process of sensitive

 Access controls data to become unreadable. Most of
 Views. relational database management systems
 Process of Backup. support this purpose to secure its data [4].
 Integrity. The encryption concept has four main
Authorization is granting process of a right factors that are defined as [5]:
or privilege to a subject (a user or a

 An encryption key to encrypt the data Web-based database security: the

(plaintext).
 An encryption algorithm with the
encryption key transforms the plaintext
to cipher text.
 A decryption key to decrypt the cipher
text.
 A decryption algorithm with the
decryption key transforms the cipher text
back into the plaintext.
Two forms of encryption techniques that
called symmetric and asymmetric. The
symmetric one depends on the safe channel
while exchanging the key, in addition, the
key of encryption is similar to the key of
decryption that is being utilized, for
instance, IDEA (international data
encryption algorithm) [6, 7]. Symmetric
algorithm is much faster than the
asymmetric algorithm that uses two different
keys (private and public keys) such as RSA
(the name is derived from Ron Rivest, Adi
Shamir, and Leonard Adleman). Generally,
they are often used together, in which public
key (asymmetric) encrypts a randomly
generated encryption key, and the random
key encrypts the actual message (using a
symmetric algorithm). The database scheme
of encryption should enhance sharing of data
within the database without losing data
privacy [2, 6-9].
To improve the performance, the data
should be divided into sensitive data and
insensitive data. The insensitive data can be
retrieved rapidly, and the sensitive data is
encrypted/ decrypted using Encryption
algorithms.
transmitted data from a server to a client
must be in a secured way. The client should
be authenticated such as Host Identity
Protocol (HIP). It sets up a trusted
relationship between hosts on the Internet by
passing to the web server. The HIP and Web
server help in authentication process [2].
Log file is an important file to monitor the
processes and operations occurred online. It
periodically tracks the status of operations to
indicate the modification may occur when
the system fails. It also integrates with the
audit module to track the log file of the users
to guarantee the web database security [1].
Negative Database: this process depends on
adding false data to the original to make the
malicious users to be confused, and only
valid to legal users. It has four modules:
database cache, database encryption
algorithm, virtual database, and negative
database conversion. The first three
generates the data for the conversion to
generate false data [2].
4. How to develop a relational
database encryption strategy?
It is a mechanism of increasing the strength
of the data protection. Many factors to get
strong encryption into RDBMS:
 The encryption should be implemented
on the database or the application.
 The accessing to the encryption key.
 The amount of data that should be
encrypted.

 Is there any influencing on the of keys, the location of keys and the
performance? protection of the accessing of the
 For the programmer and the developer encrypted keys.
most of the responsibilities through
creating or developing the database 4.1. Solutions of implementing
management system. encryption:
The programmers should be aware from
creating trapdoors that can be formed i. Inside the Relational Database
through setting the policies and procedures. Management System (RDBMS):

Two strategies for encrypting the database It is a simple way using the
and both have advantages and encryption/decryption method by
disadvantages: RDBMS. It is a transparent to the
application. When the data inserts
 Encryption the RDBMS.
inside the RDBMS, the data will be
 Performing the encryption outside the
encrypted, or decrypted to the
database.
original when display.
A disadvantage of encryption inside
1. Fundamentals of Encryption:
the RDBMS is an extra processing
Algorithm and key size are factors to
load and decreasing in performance.
encrypt data within RDBMS.
Administrator of the application may
ii. Outside the Relational Database
grant legitimate access to authorized
Management System (RDBMS):
users for need.
Using the client/server security
2. Data encryption effect on RDBMS:
protocol (SSL) helps the data to be
Encrypting the data needs high process
encrypted in the application whether
operations. This drives to increase the
in the source or to the destination.
size of RDBMS, then deceasing the
The protection differs from
utility or the performance. Consequently,
application to another.
sensitive data must be encrypted.
The solution is using the Encryption
Server to provide a centralized
3. Data stream into the application:
encryption services for the whole
Data usually flows over Internet and an
database. The drawbacks include
internal network. Therefore, the potential
communication overhead,
of risk is high.
administering more servers and
changing the applications.
4. The key management:
It relates to how to manage the key that
is used into RDBMS in terms of number Conclusion:

This report is to explain different methods of [6] Shaefer, E. F. (1996). A Simplified Data
Encryption Standard Algorithm. Journal of
database security. Database risks are Cryptologia, 20 (1), 77-84.
increasing by the risks of disclosure data.
The programmers of RDBMS have [7] Chang, H. S. (2004). International Data
Encryption Algorithm. Retrieved from
responsibilities to increase and improve the http://scholar.googleusercontent.com/scholar?q=cach
security techniques of the databases without e:WXJPT0eEM7EJ:scholar.google.com/+Internation
al+Data+Encryption+Algorithm&hl=en&as_sdt=0,5
affecting on the performance. In addition,
on 15 February 2013.
the user has responsibilities especially the
ethics of using the sensitive data. We have [8] Almasri, O., & Jani, H. M. Introducing an
Encryption Algorithm based on IDEA.
described the types of Attacks and threat
that the database could face them. Then, it [9] Almasri, O., Jani, H. M., Ibrahim, Z., & Zughoul,
has explained some mechanisms of attack O. (2013). Improving Security Measures of E-
Learning Database. International Organization of
control. It has explained about the Scientific Research-Journal of Computer
countermeasures that are computer-based Engineering (IOSR-JCE), 10(4), 55-62.
and has concentrated on the encryption
method. In the same approach, it has
described the database security techniques
or method. The last part is about the benefits
and drawbacks of using either encryption
inside RDBMS or outer.

References:

[1] T.Connolly, C. Begg. “Database Systems

A Practical Approach to Design, Implementation, and
Management”, 4th ed., Ed. England: Person
Education Limited, 2005, pp. 542-547, 550-551.

[2] Burtescu, E. (2009). Database Security-Attacks

and Control Methods. Journal of Applied
Quantitative Methods, 4(4), 449-454.

[3] Kayarkar, H. (2012). Classification of Various

Security Techniques in Databases and their
Comparative Analysis. arXiv preprint
arXiv:1206.4124.

[4] Kahate, A. (2013). Cryptography and network

security. Tata McGraw-Hill Education.

[5] Stallings, W., & Brown, L. (2008). Computer

security. Principles and Practice.

Supplementary resources

E-BookDATABASE SYSTEMS1
April 2016
Ashour A N Mostafa

Download

Citations (0) References (8)

Improving Security Measures of E-Learning Database

Article Apr 2013

Zaidah Ibrahim · Hajar Mat · Omar Zughoul · Osama Almasri

View Show abstract

Introducing an Encryption Algorithm based on IDEA

Article Sep 2013

Hajar Mat · Osama Almasri

View Show abstract

DATABASE SECURITY - ATTACKS AND CONTROL METHODS

Article

Emil Burtescu

View Show abstract

A simplified data encryption standard algorithm

Article Jan 1996 · CRYPTOLOGIA

Edward F. Schaefer

View Show abstract

Database systems. A practical approach to design, implementation and management

Chapter Full-text available Jan 2010

Carolyn Begg · Thomas Connolly

View

Cryptography and network security. Tata McGraw-Hill Education

Jan 2013

A Kahate

Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.

Computer security. Principles and Practice

Jan 2008

W Stallings · L Brown

Stallings, W., & Brown, L. (2008). Computer security. Principles and Practice.

International Data Encryption Algorithm

Feb 2004

H S Chang

Chang, H. S. (2004). International Data Encryption Algorithm. Retrieved from http://scholar.googleusercontent.com/scholar?q=cach

e:WXJPT0eEM7EJ:scholar.google.com/+Internation al+Data+Encryption+Algorithm&hl=en&as_sdt=0,5 on 15 February 2013.

Recommendations Discover more publications, questions and projects in Database

Management Systems

Project Project

Factors Affecting Acceptance of Mobile Factors Affecting Acceptance of Mobile

Banking in Developing Countries Banking in Libya
Ashour A N Mostafa Ashour A N Mostafa

View project View project

Project Conference Paper

Factors Affecting Acceptance of E- Cryptography and relational database

commerce by SMEs in Libya management systems
Ashour A N Mostafa February 2001

Jingmin He · Min Wang

Nowadays, e-commerce has gained a substantial attention from SMEs (Small
and Medium Enterprises) as it affords competitive advantages and strategic
Security is becoming one of the most urgent challenges in database research
benefits to the business. Despite the numerous be ... [more]
and industry, and the challenge is intensifying due to the enormous popularity of
e-business. The authors study database security from a cryptographic point of
view. They show how to integrate modern cryptography technology into a
relational database management system to solve some major security problems.
Our study shows ... [Show full abstract]

View project Read more

Conference Paper Full-text available Article Full-text available

Jelly view - A technology for arbitrarily Jelly Views : Extending Relational

advanced queries within RDBMS Database Systems Toward Deductive
January 2005 Database Systems
Antoni Ligęza · Igor Wojnicki January 2004

Data processing capabilities of Relational Database Management Systems are
limited. In particular, the following two categories of problems are hard to solve:
Traversal of Structurally Complex Data Structures (such as graphs, trees, terms,
lists etc.) and Search for Admissible Solutions Under Specified Constraints
(finding specific subsets of a given set, generation of structural solutions ...
[Show full abstract]
View full-text
Igor Wojnicki
This paper regards the Jelly View technology, which provides a new, practical
methodology for knowledge decomposition, storage, and retrieval within
Relational Database Management Systems (RDBMS). Intensional Knowledge
clauses (rules) are decomposed and stored in the RDBMS founding reusable
components. The results of the rule-based processing are visible as regular
views, accessible through SQL. ... [Show full abstract]
View full-text

Article Conference Paper

Data Security Mechanisms Implemented in Secure databases: state of the art

the Database with Universal Model February 2000

May 2014 · Bulletin of the Lebedev Physics Institute
S. G. Rassomakhin · V. I. Esin · N. G. Polukhina · V. M.
Grachev
The problem of database security is examined. By the example of the database
with universal model, the tools and methods providing security of stored
corporate data are considered. The security mechanisms implemented due to
the capabilities of the database management systems (DBMSs), used as
database, platforms and special data protection tools implemented in the
schema of the database with ... [Show full abstract]
Read more
Eduardo Fernández-Medina · Mario Piattini
Most of the relational database management systems (RDBMS) used nowadays
provide some limited security mechanisms, and facilities offer capabilities to
define roles and establish audit trails. Users of RDBMSs are used to working
with discretionary access control (DAC) policies. This kind of security is
sufficient for a great majority of information systems, however an increasing
number of ... [Show full abstract]
Read more

Discover more

Last Updated: 24 Jan 2019

Ad

About Support Business solutions

News Help center Recruiting

Company FAQ Advertising

Careers

© ResearchGate 2019. All rights reserved. Imprint · Terms · Privacy