An Appraisal to Assess the Security of Database Configurations

Author

Neto, Afonso Araujo ; Vieira, Marco ; Madeira, Henrique

Author_Institution

Dept. of Inf. Eng., Univ. of Coimbra, Coimbra, Portugal

fYear

2009

fDate

18-23 June 2009

Firstpage

73

Lastpage

80

Abstract

Database management systems (DBMS) have a long tradition in high security and several mechanisms needed to protect data have been proposed/consolidated in the database arena. However, the effectiveness of those mechanisms is very dependent on the actual configuration chosen by the database administrator. Tuning a large database is quite complex and achieving high security is a very difficult task that requires a lot of expertise and continuous and proactive work. In this paper we present an assessment tool aimed at evaluating the security of DBMS configurations. The proposed tool is simple and effective, and can be used by administrators with very little security knowledge. We evaluate the tool by performing the assessment of four different real database installations based on four well-known and widely used DBMS engines.

Keywords

database management systems; security of data; DBMS configuration; assessment tool; data protection; database administrator; database configuration; database management system; knowledge security; Appraisal; Computer hacking; Computer security; Data engineering; Data security; Database systems; Feedback; Informatics; Information security; Protection; DBMS; database security; security assessment; system configuration;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependability, 2009. DEPEND '09. Second International Conference on

Conference_Location

Athens, Glyfada

Print_ISBN

978-0-7695-3666-8

Type

conf

DOI

10.1109/DEPEND.2009.17

Filename

5211087