Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

王德强,张锐,谢立,宋娇

DOI: https://doi.org/10.3969/j.issn.1002-137X.2002.12.004

2002-01-01

Computer Science

Abstract:Being an important part of Information System, Database Security has absorbed much attention fordecades. First, we bring forth the Database Security's contents, properties of data: sensitivity, integrity and availabil-ity. Several access control models to guarantee these properties are described in this paper. Due to the challengesbrought by advanced DBMSs such as OODBMS and ADBMS, we also discuss some security topics in these fields. Atthe end of this paper, the encryption control and inference control are reviewed together with some trend of thedatabase security technology in the future.

WANG Jun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2012.23.013

2012-01-01

Abstract:Along with the social informatization is getting higher and higher,the data stored in the DBMS to security requirements are also gradually improve.Systems generally will require the user to input the password,that is,by setting a password to protect the security of the database.It’s talking about commonly used methods of password analysis about database encryption.It’s obvious that encryption algorithm has been greatly enhanced in the new version through to the contrast analysis between an encrypted database of Access 2003 and an encrypt ed database of Access 2010,improved the password security of Access 2010.

Lina Gong,Li Zhang,Wei Zhang,Xuhong Li,Xia Wang,Wenwen Pan

DOI: https://doi.org/10.1063/1.4981623

2017-01-01

AIP Conference Proceedings

Abstract:With the development of computer network and the popularization of information system, the security of databases, as platforms for centralized storage and sharing of information system data, has increasingly become a serious problem in the field of information security, so data encryption technology has come into people's sight. However, the current data encryption technology still has certain shortcomings, such as the inconsistency of the code text of the encryption and decryption technology, and the low efficiency of decoding and encryption. The purpose of this paper is to study the application of data encryption technology in computer network communication to provide better suggestions and explore better methods for improving network communication security system. This article, through the analysis of the database threat model and database application system structure, puts forward a design scheme of database encryption system model. A complete database encryption system can be divided into five logic modules: a key storage module, key engine module, key information module, key management module, and data storage module, and provides an in-depth analysis of the various parts and implementation details related to these modules. Finally, the designed encryption system model is programmed to be implemented; with the help of online examination system, the function and performance of the encryption system were tested; and the transmission efficiency of data encryption is maintained at more than 95%, which proves the effectiveness of the system.

Kui Ren

DOI: https://doi.org/10.1145/3433210.3434067

2021-01-01

Abstract:In recent years, we have witnessed an upsurge in cyber-attacks and data breach incidents that put tremendous data at risk, affect millions of users, and cause severe economic losses. As an in-depth defence to counter the persistent and pervasive security threats, maintaining data in always encrypted form is becoming a trend and even a regulatory requirement. Satisfying the demand is particularly challenging in the context of databases, which, as a pillar in modern computing infrastructure, provide indispensable means to organize, store and retrieve data at different scales. The difficulty lies in how to perform the database query processing over encrypted data while meeting the requirements of security, performance, and complex query functions. This field has grown tremendously over the past two decades, though there is no dominant solution that is universally applicable. Solutions based on cryptographic techniques, e.g., searchable encryption or property-preserving encryption, can efficiently provide certain primitive operations for database queries. But studies have shown that their allowed leakage profiles can be (sometimes highly) exploitable. The recent advent of secure hardware enclaves opens up new opportunities. Yet, the first few enclave-based proposals mostly explore extreme design points that rest on strong assumptions (e.g., huge enclave) or result in weak security (e.g., leaking relations of ciphertexts). In this talk, we will overview these latest advancements and the potential challenges, respectively, and discuss the possible roadmap ahead towards practically more secure, efficient and functional encrypted databases.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Yong Zhang

DOI: https://doi.org/10.1109/EEBDA56825.2023.10090574

2023-02-24

Abstract:This paper innovatively proposes a database access information security management method under the big data platform. This paper first designs and implements a network information security management system based on B/S architecture. The system consists of a safety management platform management center, a WEB console, an agency center and a processing center. At the same time, the system covers a total of five sub-modules including security monitoring management, security policy management, event analysis and processing, security incident response and system management. Secondly, this paper constructs an attribute-based multi-authorization encryption system, which reduces the number of matching operations and improves the efficiency of password utilization. Then, this paper builds a user hierarchical role key tree in the big data platform user role authentication center, and describes the relationship between the big data platform user role and the encryption key of extremely sensitive information. Finally, simulation experiments are carried out in this paper. The results show that the establishment of the encryption system enhances the security of web page access information, and realizes the security management of information platform access information under the big data platform.

Computer Science

Elisa Bertino

DOI: https://doi.org/10.1561/1900000014

2010-01-01

Foundations and Trends in Databases

Abstract:<div>As organizations depend on, possibly distributed, information systems for operational, decisional and strategic activities, they are vulnerable to security breaches leading to data theft and unauthorized disclosures even as they gain productivity and efficiency advantages. Though several techniques, such as encryption and digital signatures, are available to protect data when transmitted across sites, a truly comprehensive approach for data protection must include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. To address such requirements, over the years the database security research community has developed a number of access control techniques and mechanisms that are specific to database systems. In this monograph, we present a comprehensive state of the art about models, systems and approaches proposed for specifying and enforcing access control policies in database management systems. In addition to surveying the foundational work in the area of access control for database systems, we present extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. The monograph also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for objectdatabases and XML data. For the reader not familiar with basic notions concerning access control and cryptography, we include a tutorial presentation on these notions. Finally, the monograph concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.<h3>Suggested Citation</h3>Elisa Bertino, Gabriel Ghinita and Ashish Kamra (2011), "Access Control for Databases: Concepts and Systems", Foundations and Trends® in Databases: Vol. 3: No. 1–2, pp 1-148. http://dx.doi.org/10.1561/1900000014</div>

Bai Wen-yang

2010-01-01

Abstract:The development of modern information technology and digitalization of the daily lives brings security database new challenges. It is necessary for a security database to provide access control and privacy protection mechanism to ensure the legal use of data and to prevent privacy breach. This paper introduced an integrated security model which could provide the functions of privacy protection and access control simultaneously by building the connection between the validity of query in parameterized authorization view model and the suspiciousness of a conjunctive select-project-join query in online query audit model, it also designed a polynomial time detecting algorithm and two incorporating frameworks for the integrated model to provide higher performance and fine-grained access control in modern database systems.

Zhimin Song,Xianghao Nan,Liyong Tang,Jianing Yu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.01.029

2001-01-01

Abstract:This article summarizes the research work in database security in recent years and foresees the future work in this direction.

PENG Pai,Dai Yiqi,Li Wujun

DOI: https://doi.org/10.3321/j.issn:1000-0054.2001.01.024

2001-01-01

Abstract:Encrypted databases are an effective method to realize database security. The data encrypt ion prevents intruders from stealing or tampering with crucial information. A design scheme for a network encrypted database is developed using the principles of database encryption and the request for secure data transmission in an open network, using Microsoft's ODBC (open database connectivity). The scheme makes changes in existing database systems and introduces the mechanisms of databaseen cryption and secret key management. It also implements authentication and encrypted data transmission by adding a secure proxy to normal database accessing flow.

Zhu Qin,Yan Luo

2007-01-01

Abstract:Database encryption is an effective method for protecting sensitive data.The requirements for database encryption system are summarized,the implemental mechanism,cryptographic granularity, cryptographic algorithm and cryptographic key management of database encryption are overviewed,the index mechanism and query policy of encrypted database are analyzed,the limits of database encryption are disussed and the future development of database encryption and query over encrypted data are looked ahead.

Lu, Siqi

DOI: https://doi.org/10.1007/s11432-021-3393-x

2022-09-28

Science China Information Sciences

Abstract:Big data drive multidimensional convergence and profound innovations among industries and provide novel ways of exploring the world. As they significantly create economic and social value, big data meaningfully impact the implementation and management of information security and privacy protection. Cryptographic technologies are used to protect the security and entire life cycle of big data. The demand for this technology is multiplied when the data are stored in the cloud. They are stored in the cloud in the form of ciphertext, and the driving requirement for data retrieval, sharing, and manipulation places the security of data at risk. The all-or-nothing approach of traditional cryptography systems cannot realize the release and processing of data information with flexible and increasingly fine granularity. Consequently, dealing with the relationship between privacy protection and data utilization, as well as navigating the blurry boundaries between subverting either plaintext or ciphertext, has become a research focus of the current cryptographic trend for protecting big data security. Presently, there are many studies designed to solve these limitations. First, security requirements and source encryption mode for future big data systems and applications are elaborated. Then, focusing on the practical security and functionality of the big data life cycle, including storage, retrieval, sharing, calculation, statistical analysis, and utilization, the research being conducted based on those functions is reviewed. For each cryptographic technology that meets the requirement of each type of big data security or application, security and efficiency comments and sufficient comparison analyses of cryptography schemes or protocols are provided; moreover, the current general problems and development trends are expounded. Because the current innovative research on cryptographic technology was primarily based on the development or improvement of a single solution, the study on the security of the entire big data life cycle from a holistic perspective is extremely limited. Finally, based on surveys and integration of cryptographic techniques, a compatible and comprehensive reference cryptographic architecture for big data security (Z-CABDS) is proposed, which can be used to guide each sub-direction to cooperate with each other to achieve the full life cycle security of big data. Moreover, certain challenges, open problems, and thoughts on future research related to the cryptography of big data security from the viewpoint of the entire big data life cycle are addressed, including views on information theory, the intersection and fusion of technologies, and new technology derivation, which aims to provide a good reference and inspiration for follow-up research.

computer science, information systems,engineering, electrical & electronic

Na Zhang

DOI: https://doi.org/10.1088/1742-6596/1744/2/022060

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract The rapid development of computer technology and the extensive coverage of computer network have promoted the rise of Chinese computer industry in the 21st century. But while computer technology benefits mankind, it also carries great potential risks. For example, the loss or damage of key data, the disclosure or abuse of personal privacy, has undoubtedly brought serious losses to human society. Therefore, it is necessary to develop and make good use of data encryption technology, and to increase the defense line for computer network security, so as to maintain computer network security and reduce the possibility of information being tampered with or stolen. Based on the current situation of computer network security and the necessity of strengthening computer network security, this paper analyzes the factors affecting computer network security, points out the classification and value of data encryption technology, thus provides a scientific theoretical basis for the application of data encryption technology in computer network security.

LI Fang-tao,ZHU Xiao-yan,MENG Li-rong

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.22.037

2006-01-01

Abstract:An integrated database security architecture is proposed.The encryption/authentication component,making use of cryp-tographic knowledge,not only makes the database integrity and confidentiality,but also have the function of detecting and correcting the single error.The single error correction tolerate the transfer's intrusion,and this enables the outer-level intrusion-tolerance.Inner intrusion-tolerant component provides an intrusion-tolerance based database security structure.The flexibility and the ability of protecting from attacks are improved.This system has the functions of not only intrusion-tolerance,but also encryption and authe-ntication.So it can apply to fields where the higher security level is needed.

Qin Jun,Wang Zhengfei,Tan Zijing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.12.002

2006-01-01

Abstract:The protection of sensitive data in database is an important aspect on information security.It becomes more and more exigent to incorporate security features into DBMS.In this paper,a methed is presented that makes DBMS support database encryption by modifying the implementation of DBMS.This method doesn't affect the functionality of DBMS and decreases the performance of DBMS little.This paper also presents correlative key management architecture that makes the management of key secure and effective.Finally,the performance of database encryption is assessed by experimenting on TPC-H data set.

P.K. Paul,P. S. Aithal

DOI: https://doi.org/10.47992/ijmts.2581.6012.0070

2019-10-18

Abstract:Information is the core and most vital asset these days. The subject which deals with Information is called Information Science. Information Science is responsible for different information related affairs from collection, selection, organization, processing, management and dissemination of information and contents. And for this information related purpose Information Technology plays a leading role. Information Technology has different components viz. Database Technology, Web Technology, Networking Technology, Multimedia Technology and traditional Software Technology. All these technologies are responsible for creating and advancing society. Database Technology is concerned with the Database. It is worthy to note that, Database is concerned with the repository of related data in a container or base. The data, in Database normally stored in different forms and Database Technology play a lead role for dealing with the affairs related to database. The Database is very important in the recent past due to wider applications in different organizations and institutions; not only profit making but also non-profit making. Today most organizations and sectors which deal with sensitive and important data keep them into the database and thus its security becomes an important concern. Large scale database and its security truly depend on different defensive methods. This paper talks about the basics of database including its meaning, characteristics, role etc. with special focus on different security challenges in the database. Moreover, this paper highlights the basics of security management, tools in this regard. Hence different areas of database security have mentioned in this paper in a simple sense.

Yu-Ding WANG,Jia-Hai YANG,Cong XU,Xiao LING,Yang YANG

DOI: https://doi.org/10.13328/j.cnki.jos.004820

2015-01-01

Abstract:With the intensive and large scale development of cloud computing, security becomes one of the most important problems. As an important part of security domain, access control technique is used to limit users' capability and scope to access data and ensure the information resources not to be used and accessed illegally. This paper focuses on the state-of-the-art research of access control technology in cloud computing environment. First, it briefly introduces access control theory, and discusses the access control framework in cloud computing environment. Then, it thoroughly surveys the access control problems in cloud computing environment from three aspects including cloud access control model, cloud access control based on ABE (attribute-based encryption) cryptosystem, and multi-tenant and virtualization access control in cloud. In addition, it probes the best current practices of access control technologies within the major cloud service providers and open source cloud platforms. Finally, it summarizes the problems in the current research and prospects the development of future research.

ZHANG Ke,LI Yongzhen

DOI: https://doi.org/10.1088/1742-6596/2005/1/012004

2021-08-01

Journal of Physics: Conference Series

Abstract:Abstract The company's data leakage has always been a very serious problem. Many of the leaked data is the user's personal privacy data, which will bring a lot of trouble to users. In order to improve the security of the storage and use of personal private information in the database, two methods of lightweight private information encryption and social engineering anonymization are proposed to protect database information. We compare the proposed method with the application layer encryption and pre encryption methods. The experimental results show that the proposed method can effectively protect the user's personal privacy data, and can detect and recover the privacy data when managers need it. The storage efficiency of the three methods is close. Therefore, it has good application value in privacy protection.

ZHU Qin,LUO Yi-shu,LE Jia-jin

2006-01-01

Abstract:Nowadays,there are a lot of researches on protecting the privacy of users because the database systems are suffering more and more disclosure of privacy information.In this paper,the state-of-the-art of database privacy protection is overviewed,methods of privacy protection including user authentication,access control,and inference control are analyzed,and the latest progresses are introduced.Furthermore,privacy protections in data mining and future researches on database privacy protection are discussed.A conclusion is drawn at the end of this paper that it is critical to trade off the security and the availability to build a privacy protected database.