Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the serv...Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.展开更多
How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, dat...How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST' s firewall reference model by adding a transmission unit modification function and an attribute value mapping function,describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.展开更多
As an information-rich collective, there are always some people who choose to take risks for some ulterior purpose and others are committed to finding ways to deal with database security threats. The purpose of databa...As an information-rich collective, there are always some people who choose to take risks for some ulterior purpose and others are committed to finding ways to deal with database security threats. The purpose of database security research is to prevent the database from being illegally used or destroyed. This paper introduces the main literature in the field of database security research in recent years. First of all, we classify these papers, the classification criteria </span><span style="font-size:12px;font-family:Verdana;">are</span><span style="font-size:12px;font-family:Verdana;"> the influencing factors of database security. Compared with the traditional and machine learning (ML) methods, some explanations of concepts are interspersed to make these methods easier to understand. Secondly, we find that the related research has achieved some gratifying results, but there are also some shortcomings, such as weak generalization, deviation from reality. Then, possible future work in this research is proposed. Finally, we summarize the main contribution.展开更多
With widespread use of relational database in various real-life applications,maintaining integrity and providing copyright protection is gaining keen interest of the researchers.For this purpose,watermarking has been ...With widespread use of relational database in various real-life applications,maintaining integrity and providing copyright protection is gaining keen interest of the researchers.For this purpose,watermarking has been used for quite a long time.Watermarking requires the role of trusted third party and a mechanism to extract digital signatures(watermark)to prove the ownership of the data under dispute.This is often inefficient as lots of processing is required.Moreover,certain malicious attacks,like additive attacks,can give rise to a situation when more than one parties can claim the ownership of the same data by inserting and detecting their own set of watermarks from the same data.To solve this problem,we propose to use blockchain technology—as trusted third party—along with watermarking for providing a means of rights protection of relational databases.Using blockchain for writing the copyright information alongside watermarking helps to secure the watermark as changing the blockchain is very difficult.This way,we combined the resilience of our watermarking scheme and the strength of blockchain technology—for protecting the digital rights information from alteration—to design and implement a robust scheme for digital right protection of relational databases.Moreover,we also discuss how the proposed scheme can also be used for version control.The proposed technique works with nonnumeric features of relational database and does not target only selected tuple or portion(subset)from the database for watermark embedding unlike most of the existing techniques;as a result,the chances of subset selection containing no watermark decrease automatically.The proposed technique employs zerowatermarking approach and hence no intentional error(watermark)is added to the original dataset.The results of the experiments proved the effectiveness of the proposed scheme.展开更多
The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data...The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.展开更多
This article describes the design and implementation of Residents Life Event Management System (hereinafter called as RLEMS) with high level reliability and security by blockchain technology. The data access environme...This article describes the design and implementation of Residents Life Event Management System (hereinafter called as RLEMS) with high level reliability and security by blockchain technology. The data access environment provided by blockchain is highly secure and trustworthy. In Blockchain system, some data fragments are grouped into one piece called as <i>blocks</i>, and all blocks are connected to create a chain of blocks in database. When blocks are connected, hash value is used to connect blocks properly. Blockchain technology enables highly secure and reliable data management system under relatively poor ICT environment. For example, developing countries such as African countries do not have sufficient ICT environment. Therefore adopting blockchain technology is suitable for such countries. Based on this consideration, we have started to build RLEMS on the blockchain system. In previous work, we used the MultiChain as a blockchain platform. However, as MultiChain platform is mainly for private blockchain system, it is not suitable for government-level data management system. Therefore, we tried to use another blockchain framework. We selected Hyperledger Fabric which was developed by Linux Foundation. It enables to implement all styles of blockchain system. This article describes the design and implementation of RLEMS by using Hyperledger Fabric. Furthermore, to provide the best user experience, we also built the web application interface with Java web application framework named PrimeFace. The implementation of a prototype revealed that the Hyperledger Fabric blockchain technology is more suitable than MultiChain.展开更多
Wireless sensor networks(WSNs)are created and affect our daily lives.You can find applications in various fields such as health,accident,life,manufacturing,production management,network management and many other field...Wireless sensor networks(WSNs)are created and affect our daily lives.You can find applications in various fields such as health,accident,life,manufacturing,production management,network management and many other fields.WSN now connects to the Internet of Things,connects the sensor to the Internet,and then uses it for collaboration and collaboration.However,when WSN is part of the internet we need to be able to study and analyze related terms.In this article,we’re going to look at different ways to getWSN online and identify the challenges that address in future as well.展开更多
Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications.Though much work on FGAC models has been conducted,there a...Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications.Though much work on FGAC models has been conducted,there are still a number of ongoing problems.We propose a new FGAC model which supports the specification of open access control policies as well as closed access control policies in relational databases.The negative authorization is supported,which allows the security administrator to specify what data should not be accessed by certain users.Moreover,multiple policies defined to regulate user access together are also supported.The definition and combination algorithm of multiple policies are thus provided.Finally,we implement the proposed FGAC model as a component of the database management system (DBMS) and evaluate its performance.The performance results show that the proposed model is feasible.展开更多
SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks.Different from traditional run time security strategies such as IDS and fire-wa...SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks.Different from traditional run time security strategies such as IDS and fire-wall,this paper focuses on the solution at the outset;it presents a method to find vulnerabilities by analyzing the source codes.The concept of validated tree is developed to track variables referenced by database operations in scripts.By checking whether these variables are influenced by outside inputs,the database operations are proved to be secure or not.This method has advantages of high accuracy and efficiency as well as low costs,and it is universal to any type of web application platforms.It is implemented by the software code vulnerabilities of SQL injection detector(CVSID).The validity and efficiency are demonstrated with an example.展开更多
The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves stora...The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.展开更多
文摘Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.
文摘How to protect the database, the kernel resources of information warfare, is becoming more and more important since the rapid development of computer and communication technology. As an application-level firewall, database security proxy can successfully repulse attacks originated from outside the network, reduce to zerolevel damage from foreign DBMS products. We enhanced the capability of the COAST' s firewall reference model by adding a transmission unit modification function and an attribute value mapping function,describes the schematic and semantic layer reference model, and finally forms a reference model for DBMS security proxy which greatly helps in the design and implementation of database security proxies. This modeling process can clearly separate the system functionality into three layers, define the possible security functions for each layer, and estimate the computational cost for each layer.
文摘As an information-rich collective, there are always some people who choose to take risks for some ulterior purpose and others are committed to finding ways to deal with database security threats. The purpose of database security research is to prevent the database from being illegally used or destroyed. This paper introduces the main literature in the field of database security research in recent years. First of all, we classify these papers, the classification criteria </span><span style="font-size:12px;font-family:Verdana;">are</span><span style="font-size:12px;font-family:Verdana;"> the influencing factors of database security. Compared with the traditional and machine learning (ML) methods, some explanations of concepts are interspersed to make these methods easier to understand. Secondly, we find that the related research has achieved some gratifying results, but there are also some shortcomings, such as weak generalization, deviation from reality. Then, possible future work in this research is proposed. Finally, we summarize the main contribution.
基金This project was supported by University of Jeddah under the Grant Number(UJ-02-014-ICGR).
文摘With widespread use of relational database in various real-life applications,maintaining integrity and providing copyright protection is gaining keen interest of the researchers.For this purpose,watermarking has been used for quite a long time.Watermarking requires the role of trusted third party and a mechanism to extract digital signatures(watermark)to prove the ownership of the data under dispute.This is often inefficient as lots of processing is required.Moreover,certain malicious attacks,like additive attacks,can give rise to a situation when more than one parties can claim the ownership of the same data by inserting and detecting their own set of watermarks from the same data.To solve this problem,we propose to use blockchain technology—as trusted third party—along with watermarking for providing a means of rights protection of relational databases.Using blockchain for writing the copyright information alongside watermarking helps to secure the watermark as changing the blockchain is very difficult.This way,we combined the resilience of our watermarking scheme and the strength of blockchain technology—for protecting the digital rights information from alteration—to design and implement a robust scheme for digital right protection of relational databases.Moreover,we also discuss how the proposed scheme can also be used for version control.The proposed technique works with nonnumeric features of relational database and does not target only selected tuple or portion(subset)from the database for watermark embedding unlike most of the existing techniques;as a result,the chances of subset selection containing no watermark decrease automatically.The proposed technique employs zerowatermarking approach and hence no intentional error(watermark)is added to the original dataset.The results of the experiments proved the effectiveness of the proposed scheme.
文摘The conception of multilevel security (MLS) is commonly used in the study of data model for secure database. But there are some limitations in the basic MLS model, such as inference channels. The availability and data integrity of the system are seriously constrained by it′s 'No Read Up, No Write Down' property in the basic MLS model. In order to eliminate the covert channels, the polyinstantiation and the cover story are used in the new data model. The read and write rules have been redefined for improving the agility and usability of the system based on the MLS model. All the methods in the improved data model make the system more secure, agile and usable.
文摘This article describes the design and implementation of Residents Life Event Management System (hereinafter called as RLEMS) with high level reliability and security by blockchain technology. The data access environment provided by blockchain is highly secure and trustworthy. In Blockchain system, some data fragments are grouped into one piece called as <i>blocks</i>, and all blocks are connected to create a chain of blocks in database. When blocks are connected, hash value is used to connect blocks properly. Blockchain technology enables highly secure and reliable data management system under relatively poor ICT environment. For example, developing countries such as African countries do not have sufficient ICT environment. Therefore adopting blockchain technology is suitable for such countries. Based on this consideration, we have started to build RLEMS on the blockchain system. In previous work, we used the MultiChain as a blockchain platform. However, as MultiChain platform is mainly for private blockchain system, it is not suitable for government-level data management system. Therefore, we tried to use another blockchain framework. We selected Hyperledger Fabric which was developed by Linux Foundation. It enables to implement all styles of blockchain system. This article describes the design and implementation of RLEMS by using Hyperledger Fabric. Furthermore, to provide the best user experience, we also built the web application interface with Java web application framework named PrimeFace. The implementation of a prototype revealed that the Hyperledger Fabric blockchain technology is more suitable than MultiChain.
文摘Wireless sensor networks(WSNs)are created and affect our daily lives.You can find applications in various fields such as health,accident,life,manufacturing,production management,network management and many other fields.WSN now connects to the Internet of Things,connects the sensor to the Internet,and then uses it for collaboration and collaboration.However,when WSN is part of the internet we need to be able to study and analyze related terms.In this article,we’re going to look at different ways to getWSN online and identify the challenges that address in future as well.
基金Project (No.2006AA01Z430) supported by the National High-Tech Research and Development Program (863) of China
文摘Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications.Though much work on FGAC models has been conducted,there are still a number of ongoing problems.We propose a new FGAC model which supports the specification of open access control policies as well as closed access control policies in relational databases.The negative authorization is supported,which allows the security administrator to specify what data should not be accessed by certain users.Moreover,multiple policies defined to regulate user access together are also supported.The definition and combination algorithm of multiple policies are thus provided.Finally,we implement the proposed FGAC model as a component of the database management system (DBMS) and evaluate its performance.The performance results show that the proposed model is feasible.
基金supported by the National Natural Science Foundation of China (Grant No.60574087)the Hi-Tech Research and Development Program of China (Nos.2007AA01Z475,2007AA01Z480,2007AA01Z464)the 111 International Collaboration Program of China.
文摘SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks.Different from traditional run time security strategies such as IDS and fire-wall,this paper focuses on the solution at the outset;it presents a method to find vulnerabilities by analyzing the source codes.The concept of validated tree is developed to track variables referenced by database operations in scripts.By checking whether these variables are influenced by outside inputs,the database operations are proved to be secure or not.This method has advantages of high accuracy and efficiency as well as low costs,and it is universal to any type of web application platforms.It is implemented by the software code vulnerabilities of SQL injection detector(CVSID).The validity and efficiency are demonstrated with an example.
基金the National Key Basic Research and Development (973) Program of China (Nos. 2012CB315801 and 2011CB302805)the National Natural Science Foundation of China A3 Program (No. 61161140320) and the National Natural Science Foundation of China (No. 61233016)Intel Research Councils UPO program with title of security Vulnerability Analysis based on Cloud Platform with Intel IA Architecture
文摘The archiving of Internet traffic is an essential function for retrospective network event analysis and forensic computer communication. The state-of-the-art approach for network monitoring and analysis involves storage and analysis of network flow statistic. However, this approach loses much valuable information within the Internet traffic. With the advancement of commodity hardware, in particular the volume of storage devices and the speed of interconnect technologies used in network adapter cards and multi-core processors, it is now possible to capture 10 Gbps and beyond real-time network traffic using a commodity computer, such as n2disk. Also with the advancement of distributed file system (such as Hadoop, ZFS, etc.) and open cloud computing platform (such as OpenStack, CloudStack, and Eucalyptus, etc.), it is practical to store such large volume of traffic data and fully in-depth analyse the inside communication within an acceptable latency. In this paper, based on well- known TimeMachine, we present TIFAflow, the design and implementation of a novel system for archiving and querying network flows. Firstly, we enhance the traffic archiving system named TImemachine+FAstbit (TIFA) with flow granularity, i.e., supply the system with flow table and flow module. Secondly, based on real network traces, we conduct performance comparison experiments of TIFAflow with other implementations such as common database solution, TimeMachine and TIFA system. Finally, based on comparison results, we demonstrate that TIFAflow has a higher performance improvement in storing and querying performance than TimeMachine and TIFA, both in time and space metrics.