DocumentCode :
2948482
Title :
A reference model and system architecture for database firewall
Author :
Cai, Liang ; Yang, Xiaohu
Author_Institution :
Coll. of Comput. Sci. & Technol., Zhejiang Univ., China
Volume :
1
fYear :
2005
fDate :
10-12 Oct. 2005
Firstpage :
504
Abstract :
More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL API stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratorys model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped. It can greatly improve the database security by introducing self-controlled authentication, principal mapping, object mapping, and mandatory access control modules.
Keywords :
authorisation; database management systems; COAST Laboratorys model; SQL API stream; SQL Slammer; SQL Snake attack; application level vulnerability; computation target; content-driven database access; control granularity; database firewall; database security; full syntax control; mandatory access control module; network attacks; network layer; object mapping; principal mapping; reference model; schematic layer; self-controlled authentication; semantic layer; system architecture; Access control; Authentication; Computer architecture; Data security; Databases; Educational institutions; Information security; Laboratories; Protection; Prototypes; Database security; firewall; reference model;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Systems, Man and Cybernetics, 2005 IEEE International Conference on
Print_ISBN :
0-7803-9298-1
Type :
conf
DOI :
10.1109/ICSMC.2005.1571196
Filename :
1571196
Link To Document :
بازگشت