GGrantIndex
← Search

Security Analysis and Re-engineering of Databases

$240,000FY2003CSENSF

University Of California-Davis, Davis CA

Investigators

Abstract

Many of today's mission critical databases have not been designed with a particular focus on security aspects such as integrity, confidentiality, and availability. Even if security mechanisms have been used during the initial design, these mechanisms are often outdated due to new requirements and applications, and do not reflect current security polices, thus leaving ways for insider misuse and intrusion. The proposed research is concerned with analyzing various security aspects of mission critical (relational)databases that are embedded in complex information system infrastructures. We propose four complementary avenues of research: (1) models and techniques to profile the behavior of mission critical data stored in databases, (2) algorithms to correlate (anomalous) data behavior to application/user behavior, (3) techniques to determine and model user profiles and roles from behavioral descriptions, and (4) the integration of techniques, algorithms, and mechanisms into a security re-engineering workbench for (relational) databases. Two major themes build the core of the proposed approaches. First, the analysis of database vulnerabilities and violations of security paradigms is data-driven, i.e., first the behavior of the data is analyzed and modeled before it is correlated to users and applications. Second, we introduce the concept of access path model to uniformly model and correlate data flow and access behavior among relations, users, and applications. This model allows security personnel to fully inspect database security aspects in complex settings in a focused, aspect (policy) driven fashion.

View original record on NSF Award Search →
Security Analysis and Re-engineering of Databases · GrantIndex