Mitigation of malicious modifications by insiders in databases

Authors:
Harini Ragavan;Brajendra Panda
Affiliations:
Department of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas;Department of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas
Venue:
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Year:
2011

Citing 11
Cited 0

Security and inference in multilevel database and knowledge-base systems

SIGMOD '87 Proceedings of the 1987 ACM SIGMOD international conference on Management of data
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures

IEEE Transactions on Knowledge and Data Engineering
The inference problem: a survey

ACM SIGKDD Explorations Newsletter
Data Level Inference Detection in Database Systems

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
The inference problem and updates in relational databases

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Honeypots: Catching the Insider Threat

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Towards a Theory of Insider Threat Assessment

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Defining the insider threat

Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Insiders Behaving Badly

IEEE Security and Privacy
Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems

CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Using attack trees to identify malicious attacks from authorized insiders

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Insider threat is considered as a serious issue in all organizations. Sophisticated insiders can override threat prevention tools and carry on their attacks with new techniques. One such technique which remains to be an advantage for insiders to attack a database is dependency relationship among data items. This paper investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The paper introduces a new term 'threshold', which defines the constraints and limits a write operation could take. Having threshold as the key factor, the paper proposes two different attack prevention systems which involve log and dependency graphs that aid in monitoring malicious activities and ultimately secure the data items in a database. Our proposed systems continuously monitor all the data items to prevent malicious operations, but the priority is to secure the most sensitive data items first since any damage to them can hinder the functions of critical applications that use the database. By prioritizing the data items, delay of the system is reduced in addition to mitigating insider threats arising from write operations.