A Trust-Based Benchmark for DBMS Configurations

Database management systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database system. Effectively, understanding the impact of different configuration alternatives in terms of security is one of the most difficult problems faced by database administrators nowadays (DBA). In this paper we propose a benchmark that allows DBAs to assess and compare database configurations. The benchmark provides a trust-based security metric, named minimum untrustworthiness, that expresses the minimum level of distrust the DBA should have in a given configuration regarding its ability to prevent attacks. The practical application of the benchmark in four real large database installations shows that it is quite easy to use and is, in fact, a powerful tool for DBAs to make informed security decisions, by taking into account the specifics needs of the environment being managed.