SECURING THE ENTERPRISE DATABASE

V Radha, Ved P Gulati, N Hemanth Kumar

2005

Abstract

Security is gaining importance once computers became indispensable in every organization. As the new concepts like E-Governance in Government and E-Commerce in business circles etc are heading towards reality, security issues penetrated even into the legal framework of every country. Database security acts as the last line of defence to withstand insider attacks and attacks from outside even if all the security controls like perimeter, OS controls have been compromised. Data protection laws such as HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley Act of 1999, Data protection Act, Sarbanes Oxleys Act are demanding for the privacy and integrity of the data to an extent that the critical information should be seen only by the authorized users which means the integrity of the database must be properly accommodated. Hence, we aim at providing an interface service in between enterprise applications and enterprise database that ensures the integrity of the data. This service acts as a security wrapper around any enterprise database.

References

  1. Arup Nanda & Donald, K.B. (2004), Oracle Privacy Security Auditing, Rampant TechPress.
  2. Apache Jakarta Tomcat Server. Retrieved August 8, 2004, from http://jakarta.apache.org/tomcat/index.html
  3. Chang, N.Z. & Honglan, Z. (2004), An Integrated Approach for Database Security and Fault Tolerance, in Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 7804).
  4. Data Protection Act. (n.d.). Retrieved August 8, 2004, from http://www.dataprivacy.ie/6ai.htm.
  5. DbEncrypt Product Details, (n.d.). Retrieved August 8, 2004, from http://www.appsecinc.com/products
  6. Dave, D & Susan, D. (2004), Review: DB Confidential. Retrieved August 8, 2004, from http://nwc.securitypipeline.com/showArticle.jhtml?arti cleID=18901525
  7. Hacigumis, H & Iyer, B & Mehrotra, S. (2002a, March), Providing database as a service, in Proceedings of the 18th International Conference on Data Engineering (ICDE'02).
  8. Hacigumis, H & Iyer, B & Mehrotra, S. (2002b), Encrypted Database Integrity in Database Service Provider Model, in International Workshop on Certification and Security in E-Services.
  9. Jef Poskanger, ACME Crypto Library. Retrieved August 8, 2004, from http://www.acme.com/java/software/PackageAcme.Crypto.html
  10. Java Documentation. Retrieved August 8, 2004, from http://java.sun.com/j2se/
  11. Gramm-Leach-Bliley Act. (n.d.) Retrieved August 25, 2004,from http://www.ftc.gob/privacy/glbact/glbsub1.html
  12. Mykleuton, E & Narasimha, M & Tsudik, G. (2003a), Providing Authentication and Integrity in Outsourced Databases using Merkley Hash Trees, UCI_SCONCE Technical Report, from http://sconce.ics.uci.edu/das/MerkleODB.pdf
  13. Mykleuton, E & Narasimha, M & Tsudik, G. (2003b), Authentication and Integrity in Outsourced Databases, University of California, Irvine.
  14. Richard, G. (1984), The Integrity-Lock Approach to Secure Database Management, The Mitre Corporation, Bedford, MA.
  15. Sarbanes Oxley Section 404, A Toolkit for Management and Auditors. (n.d.). Retrieved August 8, 2004, from www.pwc.com/ca/eng/about/svcs/sox_404_v2.pdf.
  16. Secure Hash Standard, NIST. (n.d.). Retrieved August 8, 2004, from http://csrc.nist.gov/cryptval/shs.html
  17. Secure hash Standard (1995), FIPS Publications 180-1. Retrieved August 8, 2004, from http://www.itl.nist.gov/fipspubs/fip180-1.htm
  18. White Papers from Application Security Inc. (n.d.). Retrieved August 8, 2004, from appsecinc.com/whitepapers/
  19. White Papers from nCipher. (n.d.). Retrieved August 8, 2004, from http://active.ncipher.com/index.php
  20. XP_Crypt Product Details. (n.d.). Retrieved August 8, 2004, from http://www.act
Download


Paper Citation


in Harvard Style

Radha V., P Gulati V. and Hemanth Kumar N. (2005). SECURING THE ENTERPRISE DATABASE . In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 972-8865-19-8, pages 76-83. DOI: 10.5220/0002530600760083


in Bibtex Style

@conference{iceis05,
author={V Radha and Ved P Gulati and N Hemanth Kumar},
title={SECURING THE ENTERPRISE DATABASE},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2005},
pages={76-83},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002530600760083},
isbn={972-8865-19-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - SECURING THE ENTERPRISE DATABASE
SN - 972-8865-19-8
AU - Radha V.
AU - P Gulati V.
AU - Hemanth Kumar N.
PY - 2005
SP - 76
EP - 83
DO - 10.5220/0002530600760083