Selecting Software Packages for Secure Database Installations

Security is one of the biggest concerns of database administrators. Most marketed software products announce a variety of features and mechanisms designed to improve security. However, that same variety largely complicates the process of selecting the adequate set of software products (i.e., a software package) for a given installation. In this paper we propose an approach that can be used to fairly compare alternative software packages regarding security capabilities in database environments. We focus specifically on the two main software systems required for a new installation: the Operating System and the Database Management System (DBMS). We carefully explain and discuss our method, which is based on the idea of evaluating the characteristics of software packages against a comprehensive list of security concerns that are universally accepted as vital to any database installation. We created an actual benchmark, and used it to assess seven software packages composed by four different DBMS engines and two different operating systems. Results show that alternative software packages allow fulfilling different security concerns and that the proposed benchmark is quite effective in identifying the main differences regarding the capabilities of the systems evaluated.