Author:
Ulf T. Mattsson
Affiliation:
Protegrity, United States
Keyword(s):
Isolation, Intrusion Tolerance, Database Security, Encryption, VISA CISP, GLBA, HIPAA.
Related
Ontology
Subjects/Areas/Topics:
Cryptographic Techniques and Key Management
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Privacy and Security
;
Databases and Data Security
;
e-Commerce Security and Reliability Issues
;
Identity Management
;
Information and Systems Security
;
Intrusion Detection & Prevention
Abstract:
Modern intrusion detection systems are comprised of three basically different ap-proaches, host based, network based, and a third relatively recent addition called pro-cedural based detection. The first two have been extremely popular in the commercial market for a number of years now because they are relatively simple to use, understand and maintain. However, they fall prey to a number of shortcomings such as scaling with increased traffic requirements, use of complex and false positive prone signature databases, and their inability to detect novel intrusive attempts. This intrusion detection system interacts with the access control system to deny further access when detection occurs and represent a practical implementation addressing these and other concerns. This paper presents an overview of our work in creating a practical database intrusion detection system. Based on many years of Database Security Research, the proposed solution detects a wide range of specific and general fo
rms of misuse, provides detailed reports, and has a low false-alarm rate. Traditional commercial implementations of database security mechanisms are very limited in defending successful data attacks. Authorized but malicious transactions can make a database useless by impairing its integrity and availability. The proposed solution offers the ability to detect misuse and subversion through the direct monitoring of database operations inside the database host, providing an important complement to host-based and network-based surveil-lance. Suites of the proposed solution may be deployed throughout a network, and their alarms man-aged, correlated, and acted on by remote or local subscribing security ser-vices, thus helping to address issues of decentralized management.
(More)