Towards a security benchmark for database management systems

One of the main problems faced by organizations is the protection of their data against unauthorized access or corruption due to malicious actions. Database management systems (DBMS) constitute the kernel of the information systems used today to support the daily operations of most organizations and represent the ultimate layer in preventing unauthorized access to data stored in information systems. Nevertheless, in spite of the key role played by the DBMS in the overall data security, no practical way has been proposed so far to characterize the security in such systems or to compare alternative solutions concerning security features. This paper proposes an approach to characterize the security mechanisms in database systems and database applications, according to a set of security classes. The proposed approach is generic and can be applied to both DBMS (relevant for system integrators) and real database installations (relevant for database administrators and end-users).