Академический Документы
Профессиональный Документы
Культура Документы
Share
Search for publications, researchers, or questions or Discover by subject area researchers Download full-text
Join for free PDFLogin
8 References
Ashour A N Mostafa
1.16 · The Higher Institute of Science and Technology
Abstract
The history of database research backs to more than thirty years, in which created the concept of the relational database system that has become
the most fundamental change for organizations strategy. Technology evolution has produced more powerful systems that relate to economic
impacts in the recent decade. Organizations must ensure its information and data be secured and confidential. Therefore, they deploy systems or
applications have functions, services, and tools for data maintenance and management packed into the so-called Relational Database
Management System (RDBMS). Such functions contain services plus privileges for authorization to keep legitimate users (authorized) to access
the database. The database must be insecure. RDBMS refers to relational database management systems that are using a relational model that
developed by the researcher Codd at IBM laboratory. Database protection means disallowing illegitimate users to access the database and its
sensitive information whether intentional or accidental. Therefore, most of the firms are taking account of possibility of threats as measures to
their database systems. This paper addresses the relational database threats and security techniques considerations in relation to situations:
threats, countermeasures (computer-based controls) and database security methods.
T
threats as measures to their database
he history of database research systems. This paper addresses the relational
backs to more than thirty years, in database threats and security techniques
which created the concept of the considerations in relation to situations:
relational database system that has become threats, countermeasures (computer-based
the most fundamental change for controls) and database security methods [1,
organizations strategy. Technology 8, 9].
evolution has produced more powerful
systems that relate to economic impacts in Introduction:
the recent decade.
As known, in recent years, hardware
Organizations must ensure its information capability and capacity of volumes, in
and data be secured and confidential. addition, huge uses of World Wide Web
Therefore, they deploy systems or platforms and information systems have led
applications have functions, services, and to adopt the relational database systems as
tools for data maintenance and management infrastructure to the data repository. Huge
packed into the so-called Relational amounts of data and information has become
Database Management System (RDBMS). prime concern of security challenges
Such functions contain services plus because the management of information has
privileges for authorization to keep become decentralized.
legitimate users (authorized) to access the
CIA triangle of security that refers to
database. The database must be insecure.
RDBMS refers to relational database confidentiality, integrity, and availability
management systems that are using a often is the basis of relational database
security concept. These factors must be
relational model that developed by the
researcher Codd at IBM laboratory. existed into application processes to
guarantee the data to be in safe [1].
Database protection means disallowing
illegitimate users to access the database and Theft and fraud have an influence on the
database environment, and hence the whole
its sensitive information whether intentional
or accidental [4]. Therefore, most of the corporation. It is not rather making changes
on the data itself, but it may decrease the
privacy and integrity. Confidentiality refers taking account the encryption process of
to maintain the secrecy of data, usually only sensitive data require high performance of
is critical to the organization. Breaches of the system because it will need decrypting
security resulting in loss of confidentiality of those data. Therefore, the programmer
could lead to loss of privacy and must ensure using optimized security
competitiveness. Failure of integrity means algorithms while coding the application [8,
the data is corrupt and modified.. Many 9].
organizations are seeking the availability,
the so-called 24/7 availability (that is, 24
hours a day, 7 days a week). Loss of
1. What are the Attacks?
availability means the system, or the data, or
both cannot be accessed. Therefore, Rapid evolution of breach methods to the
relational database management system aims SME organizations called to adopt standards
to reduce the losses that are caused by of security measures like CIA. However, it
threats or anticipated events. Threat is a becomes sophisticated due to diversity of
situation or an event that may adversely attacks either direct or indirect.
affect a system, and hence the organization.
The organization should invest time and The unclassified user can have legal access
effort to detect and identify the most serious to the database to use public information,
threats [1, 8, 9]. but he may be able to infer classified
information. There are three levels of attacks
Millions of online operations conduct via to the relational databases: direct, indirect
unreliable Internet connection such as and by tracking. Direct attack is obvious.
electronic commerce and electronic banking. The attacker can easily access to the
Those types of transactions impose a kind of database if it does not have any protection
transferring sensitive assets and information mechanism. Indirect attack is used by
[2]. This is a challenge to the services expecting the desired data from displayed
providers to get user’s trust. Therefore, it data using combinations of queries. The
has a strong protection of data containers tracking attack is executed by suppression of
such a RDBMS. Not all kind of data require the dominant results [3].
being safe and protected, but the most
critical data that relate to users’ information RDBMS threats can be summarized as:
and money transactions. Corporation can
The administrator could be grant the user
specify the nature of information needed to privileges that not required. Abuse of
be encrypted with high level of security such
uses of these privileges may lead to
as ministry of defense [8, 9]. create trapdoors of the application.
This paper shows some of the The user has a legitimate privilege
countermeasures that are computer-control access to the database. He/She may have
based such as authorization, access control, bad intention to abuse the utility.
backup and recovery, encryption. It must
Is there any influencing on the of keys, the location of keys and the
performance? protection of the accessing of the
For the programmer and the developer encrypted keys.
most of the responsibilities through
creating or developing the database 4.1. Solutions of implementing
management system. encryption:
The programmers should be aware from
creating trapdoors that can be formed i. Inside the Relational Database
through setting the policies and procedures. Management System (RDBMS):
Two strategies for encrypting the database It is a simple way using the
and both have advantages and encryption/decryption method by
disadvantages: RDBMS. It is a transparent to the
application. When the data inserts
Encryption the RDBMS.
inside the RDBMS, the data will be
Performing the encryption outside the
encrypted, or decrypted to the
database.
original when display.
A disadvantage of encryption inside
1. Fundamentals of Encryption:
the RDBMS is an extra processing
Algorithm and key size are factors to
load and decreasing in performance.
encrypt data within RDBMS.
Administrator of the application may
ii. Outside the Relational Database
grant legitimate access to authorized
Management System (RDBMS):
users for need.
Using the client/server security
2. Data encryption effect on RDBMS:
protocol (SSL) helps the data to be
Encrypting the data needs high process
encrypted in the application whether
operations. This drives to increase the
in the source or to the destination.
size of RDBMS, then deceasing the
The protection differs from
utility or the performance. Consequently,
application to another.
sensitive data must be encrypted.
The solution is using the Encryption
Server to provide a centralized
3. Data stream into the application:
encryption services for the whole
Data usually flows over Internet and an
database. The drawbacks include
internal network. Therefore, the potential
communication overhead,
of risk is high.
administering more servers and
changing the applications.
4. The key management:
It relates to how to manage the key that
is used into RDBMS in terms of number Conclusion:
This report is to explain different methods of [6] Shaefer, E. F. (1996). A Simplified Data
Encryption Standard Algorithm. Journal of
database security. Database risks are Cryptologia, 20 (1), 77-84.
increasing by the risks of disclosure data.
The programmers of RDBMS have [7] Chang, H. S. (2004). International Data
Encryption Algorithm. Retrieved from
responsibilities to increase and improve the http://scholar.googleusercontent.com/scholar?q=cach
security techniques of the databases without e:WXJPT0eEM7EJ:scholar.google.com/+Internation
al+Data+Encryption+Algorithm&hl=en&as_sdt=0,5
affecting on the performance. In addition,
on 15 February 2013.
the user has responsibilities especially the
ethics of using the sensitive data. We have [8] Almasri, O., & Jani, H. M. Introducing an
Encryption Algorithm based on IDEA.
described the types of Attacks and threat
that the database could face them. Then, it [9] Almasri, O., Jani, H. M., Ibrahim, Z., & Zughoul,
has explained some mechanisms of attack O. (2013). Improving Security Measures of E-
Learning Database. International Organization of
control. It has explained about the Scientific Research-Journal of Computer
countermeasures that are computer-based Engineering (IOSR-JCE), 10(4), 55-62.
and has concentrated on the encryption
method. In the same approach, it has
described the database security techniques
or method. The last part is about the benefits
and drawbacks of using either encryption
inside RDBMS or outer.
References:
Supplementary resources
E-BookDATABASE SYSTEMS1
April 2016
Ashour A N Mostafa
Download
Article
Emil Burtescu
Edward F. Schaefer
View
A Kahate
W Stallings · L Brown
Stallings, W., & Brown, L. (2008). Computer security. Principles and Practice.
H S Chang
Project Project
Igor Wojnicki
Data processing capabilities of Relational Database Management Systems are
limited. In particular, the following two categories of problems are hard to solve:
Traversal of Structurally Complex Data Structures (such as graphs, trees, terms, This paper regards the Jelly View technology, which provides a new, practical
lists etc.) and Search for Admissible Solutions Under Specified Constraints methodology for knowledge decomposition, storage, and retrieval within
(finding specific subsets of a given set, generation of structural solutions ... Relational Database Management Systems (RDBMS). Intensional Knowledge
clauses (rules) are decomposed and stored in the RDBMS founding reusable
[Show full abstract]
components. The results of the rule-based processing are visible as regular
views, accessible through SQL. ... [Show full abstract]
View full-text
View full-text
May 2014 · Bulletin of the Lebedev Physics Institute Eduardo Fernández-Medina · Mario Piattini
S. G. Rassomakhin · V. I. Esin · N. G. Polukhina · V. M.
Most of the relational database management systems (RDBMS) used nowadays
Grachev provide some limited security mechanisms, and facilities offer capabilities to
define roles and establish audit trails. Users of RDBMSs are used to working
The problem of database security is examined. By the example of the database with discretionary access control (DAC) policies. This kind of security is
with universal model, the tools and methods providing security of stored sufficient for a great majority of information systems, however an increasing
corporate data are considered. The security mechanisms implemented due to number of ... [Show full abstract]
the capabilities of the database management systems (DBMSs), used as
database, platforms and special data protection tools implemented in the
schema of the database with ... [Show full abstract]
Read more
Read more
Discover more
Ad
Careers