L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Jun Zhu,Bill Chu,Heather Richter Lipford

DOI: https://doi.org/10.1145/2914642.2914661

2016-01-01

Abstract:ABSTRACTPrivilege Escalation is a common and serious type of security attack. Although experience shows that many applications are vulnerable to such attacks, attackers rarely succeed upon first trial. Their initial probing attempts often fail before a successful breach of access control is achieved. This paper presents an approach to automatically instrument application source code to report events of failed access attempts that may indicate privilege escalation attacks to a run time application protection mechanism. The focus of this paper is primarily on the problem of instrumenting web application source code to detect access control attack events. We evaluated false positives and negatives of our approach using two open source web applications.

Cai Liang,Yang Xiao-hu,Dong Jin-xiang

DOI: https://doi.org/10.1631/jzus.2003.0287

2003-01-01

Journal of Zhejiang University SCIENCE A

Abstract:Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Bin Liang,Heng Liu,Wenchang Shi,Yanjun Wu

DOI: https://doi.org/10.1007/978-3-540-31979-5_10

2005-01-01

Abstract:In order to provide effective support to the principle of least privilege, considering the limitation of traditional privilege mechanisms, this paper proposes a new privilege control model called State-Based Privilege Control (SBPC) and presents the design and implementation of a prototype system for SBPC called Controlled Privilege Framework (CPF) on the Linux operating system platform. SBPC decomposes the time space of a process' lifetime into a series of privilege states according to activities of the process and its need for special permissions. The privilege state is closely related to the application logic of a process. It is the privilege state transfer event that stimulates a process to transfer from one privilege state into another one. For a specified process, there is a specific set of privileges corresponding to every privilege state of the process. With the implementation of CPF, experiment results show that fine-grain and automatic privilege control can be exercised transparently to traditional applications, threats of intrusion to a system can be reduced greatly, and support to the principle of least privilege can therefore be achieved effectively.

Tian Puyang,Qingni Shen,Yang Luo,Wu Luo,Zhonghai Wu

DOI: https://doi.org/10.1109/ICC.2017.7997107

2017-01-01

Abstract:Failing to promote the least privilege principle in administration can lead to substantial vulnerabilities in cloud computing. A malicious insider like a compromised cloud administrator can affect security of data and workloads belonging to cloud customers. Enforcing the least privilege principle in cloud administration can fairly restrict the permissions of administrators and reduce the attack surface. However, writing a least privilege policy can be hard and error prone for cloud service providers. In this paper, we propose a framework called Least Privilege for Cloud (LPCloud) to address these concerns. LPCloud automatically produces policies for minimization of administrators' privileges at the granularity of representational state transfer (REST) application program interfaces (API), and enforces the policies without affecting current systems. Specifically, we introduce a novel algorithm to partition privileges based on dependencies between API calls. This paper presents design of LPCloud, including a service called Policy Generator which produces partitioned policies and a component named Policy Enforcer to enforce the policies. We implement a prototype of our framework in OpenStack Mitaka. Experiments indicate that LPCloud can produce proper policies to enforce the least privilege principle. Meantime, the average performance overhead is 10.1% which is in acceptable level.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

Jiwei Li,Xuewei Ding,Yuchen Jiang,Yongqi Ai,Zhen Jia,Xinyi Zhang

DOI: https://doi.org/10.1145/3661638.3661710

2024-01-01

Abstract:Due to the limited ability to authenticate user access attributes, the control effect of database access is difficult to achieve the desired state. Therefore, an identity based database security access control method is proposed. In the stage of building identity trust relationships in cloud services, a trust transfer model was designed, with a trust chain consisting of guarantee nodes and recommendation nodes, allowing users to establish a direct trust relationship between accessing the database through identity authentication. The cloud service provider (CSP) was used as a trusted third party to establish mutual trust relationships between different domains, and the identity authentication gateway was used as a special identity of the domain trust proxy, Use a gateway token as the information credential for trust transfer, thereby achieving secure transfer of user identity between different domains. In the access control stage, the authentication of cloud service identity is achieved by combining trust relationships, and the permission to request database access is determined. In the test results, the interception rate of designing database access control methods for abnormal access has always been stable at over 98.0%, which can effectively ensure the security of database information, with the shortest response time and the least impact from the scale of concurrent access requests.

Xiaoguang Wang,Qi Yong,Yue-hua Dai,Jianbao Ren,Zhang Hang

DOI: https://doi.org/10.1109/HPCC.and.EUC.2013.128

2013-01-01

Abstract:The lack of remote data access control capability and the loss of remote data access trail make data owners hesitate when they have to outsource their sensitive data to remote third party platform. The data owners have no choice but to trust the remote third party software before they ship their data to the remote environment. In this paper we propose a new set of guiding principles for protecting outsourced data with data owner specified policy. Compared with traditional access control mechanism equipped by service providers, which can be regarded as the first layer of confinement, we aim to provide data owner a second layer of confinement on data propagation and access without modifying existing data-access applications. This is achieved by two critical techniques: (1) a policy-carrying data model that binds customer data with logical data access policy, and (2) a remote application running environment which acts as data access verifier and propagation controller. To demonstrate the feasibility of this approach, we build the logical data propagation and access control (LDPAC) system, in which a human-readable policy abstract is provided to formulate data propagation and access. When policy-carrying data is shipped to remote service provider, the per-node LDPAC verifier module conducts the logical proof checking to mediate sensitive data access. Meanwhile, the authorized application which intends to access sensitive data is forced to run in an application container, in order to prevent sensitive data leakage through in-memory data breaches. Our evaluation shows that LDPAC system adds reasonable performance overhead for the remote sensitive data access and propagation mediation, while preserving the original service deployment.

Xiaowei Li,Xujie Si,Yuan Xue

DOI: https://doi.org/10.1145/2557547.2557552

2014-01-01

Abstract:Access control vulnerabilities within web applications pose serious security threats to the sensitive information stored at back-end databases. Existing approaches are limited from several aspects, including the coarse granularity at which the access control is modeled, the incapability of handling complex relationship between data entities and the requirement of source code and the specific application platform. In this paper, we present an automated black-box technique for identifying a broad range of access control vulnerabilities, which can be applied to applications that are developed using different languages and platforms. We model the access control policy based on a novel virtual SQL query concept, which captures both the database access operations (i.e., through SQL queries) and the post-processing filters within the web application. We leverage a crawler to automatically explore the application and collect execution traces. From the traces, we identify the set of database access operations that are allowed for each role (i.e., role-level policy inference) and extract the constraints over the operation parameters to characterize the relationship between the users and the accessed data (i.e., user-level policy inference). Based on the inferred policy, we construct test inputs to exploit the application for potential access control flaws. We implement a prototype system BATMAN and evaluate it over a set of PHP and JSP web applications. The experiment results demonstrate the effectiveness and accuracy of our approach.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Yue Zhuo,Zhiqiang Ge

DOI: https://doi.org/10.1109/tii.2021.3103765

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, data-driven industrial monitoring systems have been rapidly developed and significantly improved the performance on industrial monitoring tasks. However, the widely deployed data-driven models expose industrial data to more unsecured links, which significantly increase the safety risk of safe-critical industrial systems. The research about adversarial attacks has shown that the potential attackers can utilize tiny crafted perturbations on the input data to mislead the machine learning models’ output. In this article, a novel cross-domain data protection scheme named “Data Guardian” is proposed to authenticate and correct industrial data under potential attacks on data-driven monitoring systems. “Data Guardian” embeds designed redundancy information into the data least significant bits, based on $q$ -ary low-density parity-check (LDPC) codes over the Galois field (finite field). The data are encoded at the secured industrial sites and then decoded before being input into the monitoring systems, in which the security risk is usually higher. The decoding capability of $q$ -ary LDPC codes is improved by the data statistical characteristics, with a new proposed prior estimation method. In the experiments, “Data Guardian” is tested under the attacks to the fault diagnosis models on the Tennessee Eastman process and rolling element bearing from Case Western Reserve University. The results show that “Data Guardian” can efficiently reduce the success rate of adversarial attacks, especially when the attack variable ratio is small.

Bai Wen-yang

2010-01-01

Abstract:The development of modern information technology and digitalization of the daily lives brings security database new challenges. It is necessary for a security database to provide access control and privacy protection mechanism to ensure the legal use of data and to prevent privacy breach. This paper introduced an integrated security model which could provide the functions of privacy protection and access control simultaneously by building the connection between the validity of query in parameterized authorization view model and the suspiciousness of a conjunctive select-project-join query in online query audit model, it also designed a polynomial time detecting algorithm and two incorporating frameworks for the integrated model to provide higher performance and fine-grained access control in modern database systems.

SHEN Qing-ni,QING Si-han,HE Ye-ping,LI Li-ping

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.10.012

2006-01-01

Abstract:Least privilege mechanism can provide a reasonable degree of security assurance for secure operating systems.This paper described a framework for implementing dynamically modified least privilege security policy,which combined role's duty separation property and domain's function separation property.Under the control of its new capability mechanism based on a process's executable image,current role and current domain,it restricted the process to the minimum amount of privileges within these contexts.This paper illustrated its implementation in ANSHENG OS v4.0,a copyrighted secure operating system satisfying all the specified requirements of Criteria class 4,"Structured-Protection",in GB17859-1999(equally,the B2 level in TCSEC) in China.Thus it demonstrates that this framework can help enforcing dynamically least privilege control on a secure operating system,while still providing a flexible efficient system.

ling huang,xiuxia tian,yong wang,xiaoling wang,chaofeng sha

DOI: https://doi.org/10.1002/sec.1098

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:AbstractDatabase as a service DaaS, a new paradigm of software as a service based on cloud computing, is attracting more and more enterprises data owners to delegate their database management to a professional third party database service provider such as Amazon Web Services and Rackspace. Data owners in DaaS lose control of their sensitive data, which are stored in the delegated database and managed by the untrusted database service provider. Therefore, many encryption-based approaches including attribute-based encryption were proposed to implement fine-grained access control in DaaS scenarios. However, most of the proposed access control enforcement approaches only support one or two of the following privacy guarantees: data privacy, policy privacy and key privacy. In this paper, we first propose a novel concept of DualAcE: a flexible fine-grained dual access control enforcement mechanism in DaaS by efficiently combining the ciphertext-policy attribute-set-based encryption with database service provider re-encryption into a DaaS paradigm. The proposed mechanism has implemented dual access control enforcement with multi-privacy guarantee: data privacy in delegated database, policy privacy in delegated authorization table and key privacy in key distribution process.We describe the security and efficiency analysis through cryptography theory and experimental results. Copyright © 2014 John Wiley & Sons, Ltd.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Privacy requirements have an increasing impact on the real-world applications. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect data privacy, user privacy and access control on outsourced database services. The theoretical analysis shows that our new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control. Copyright © 2010 Binary Information Press.

Tao Hu,Zhen Zhang,Peng Yi,Dong Liang,Ziyong Li,Quan Ren,Yuxiang Hu,Julong Lan

DOI: https://doi.org/10.1016/j.jpdc.2020.09.006

IF: 4.542

2021-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>Cloud computing provides scalable network services and makes network management more flexible by combining Software-Defined Networking (SDN). Through the northbound interface (e.g., REST API) offered by the SDN controller, users can easily deploy diversified applications to access the network resources. However, exploiting the openness of the northbound interface, malicious applications abuse APIs to launch hostile attacks, which poses serious threats to the network. In this paper, we propose SEAPP, a secure application management framework based on REST API access control. Our main idea is to granularly manage application permissions and encrypt REST API calls to defend against malicious attacks. SEAPP includes two components: 1) permissions detection engine identifies the facticity of application permissions by analyzing permission manifests and byte codes and further identifies the legality of permissions with constructed sensitive API list; 2) registration authorization engine executes encrypted registration between applications and controller by virtue of NTRU algorithm and authorizes applications to call the requested REST APIs based on their risk levels after securely authenticating them. Besides, SEAPP is a lightweight logic architecture between application plane and control plane and supports quick deployment and reconfiguration in runtime. Both theoretical analysis and evaluation results show the security and effectiveness of SEAPP. Besides, SEAPP introduces negligible CPU and memory overheads.</p>

computer science, theory & methods

Ehab Zaghloul,Kai Zhou,Jian Ren

DOI: https://doi.org/10.48550/arXiv.1801.02685

2018-01-09

Abstract:Cloud computing has changed the way enterprises store, access and share data. Data is constantly being uploaded to the cloud and shared within an organization built on a hierarchy of many different individuals that are given certain data access privileges. With more data storage needs turning over to the cloud, finding a secure and efficient data access structure has become a major research issue. With different access privileges, individuals with more privileges (at higher levels of the hierarchy) are granted access to more sensitive data than those with fewer privileges (at lower levels of the hierarchy). In this paper, a Privilege-based Multilevel Organizational Data-sharing scheme~(P-MOD) is proposed that incorporates a privilege-based access structure into an attribute-based encryption mechanism to handle these concerns. Each level of the privilege-based access structure is affiliated with an access policy that is uniquely defined by specific attributes. Data is then encrypted under each access policy at every level to grant access to specific data users based on their data access privileges. An individual ranked at a certain level can decrypt the ciphertext (at that specific level) if and only if that individual owns a correct set of attributes that can satisfy the access policy of that level. The user may also decrypt the ciphertexts at the lower levels with respect to the user's level. Security analysis shows that P-MOD is secure against adaptively chosen plaintext attack assuming the DBDH assumption <a class="link-external link-http" href="http://holds.The" rel="external noopener nofollow">this http URL</a> comprehensive performance analysis demonstrates that P-MOD is more efficient in computational complexity and storage space than the existing schemes in secure data sharing within an organization.

Cryptography and Security

Zhuotao Liu,Hao Zhao,Sainan Li,Qi Li,Tao Wei,Yu Wang

DOI: https://doi.org/10.1145/3433210.3453076

2021-01-01

Abstract:ABSTRACTRPCs are fundamental to our large-scale distributed system. From a security perspective, the blast radius of RPCs is worryingly big since each RPC often interacts with tens of internal system components. Thus, discovering RPC vulnerabilities is often a top priority in the software quality assurance process for production systems. In this paper, we present the design, implementation, and deployment experiences of PAIR, a fully automated system for privilege-escalation vulnerability discovery in Ant Group's large-scale RPC system. The design of PAIR centers around the live replay design principle where the vulnerability discovery is driven by the live RPC requests collected from production, rather than relying on any engineered testing requests. This ensures that PAIR is able to provide complete coverage to our production RPC requests in a privacy-preserving manner, despite the manifest of scale (billions of daily requests), complexity (hundreds of system-services involved) and heterogeneity (RPC protocols are highly customized). However, the live replay design principle is not a panacea. We made a couple of critical design decisions (and addressed their corresponding challenges) along the way to realize the principle in production. First, to avoid inspecting the responses of user-facing RPCs (due to privacy concerns), PAIR designs a universal and privacy-preserving mechanism, via profiling the end-to-end system invocation, to represent the RPC handling logic. Second, to ensure that PAIR provides proactive defense (rather than reactive defense that is often limited by known vulnerabilities), PAIR designs an empirical vulnerability labeling mechanism to effectively identify a group of potentially insecure RPCs while safely excluding other RPCs. During the course of three-year production development, PAIR in total helped locate 133 truly insecure RPCs, from billions of requests, while maintaining a zero false negative rate per our production observations.

Kai Huang,Gaoya Ouyang,Qingqing Ye,Haibo Hu,Bolong Zheng,Xi Zhao,Ruiyuan Zhang,Xiaofang Zhou

DOI: https://doi.org/10.1109/tkde.2024.3358909

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:The protocols that satisfy Local Differential Privacy (LDP) enable untrusted third parties to collect aggregate information about a population without disclosing each user&#x27;s privacy. In particular, each user locally encodes and perturbs his private data before sending it to the data collector, who aggregates and estimates the statistics about the population based on the collected perturbed values from individuals. Owing to their growing importance, LDP protocols have been widely studied and deployed in real-world scenarios (eg Chrome and Windows). However, as data poisoning attacks may be injected by attackers who introduce many fake users, the utility of the statistics is heavily poisoned. In this paper, we present a generic and extensible framework called LDPGuard to address the problem. LDPGuard provides effective defenses against data poisoning attacks to LDP protocols for frequency estimation, a basic query of most data analytics tasks. In particular, it first precisely estimates the percentage of fake users and then provides adversarial schemes to defend against particular data poisoning attacks. Experimental study on real-world and synthetic datasets demonstrates the superiority of LDPGuard compared to existing techniques.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Haifeng Gu,Jianning Zhang,Tian Liu,Ming Hu,Junlong Zhou,Tongquan Wei,Mingsong Chen

DOI: https://doi.org/10.1109/tr.2019.2925415

IF: 5.883

2020-01-01

IEEE Transactions on Reliability

Abstract:SQL injection attack (SQLIA) is among the most common security threats to web-based services that are deployed on cloud. By exploiting web software vulnerabilities, SQL injection attackers can run arbitrary malicious code on target databases to acquire or compromise sensitive data. Although web application firewalls (WAFs) are offered by most cloud service providers, tenants are reluctant to pay for them, since there are few approaches that can report accurate SQLIA statistics for their deployed services. Traditional WAFs focus on blocking suspicious SQL requests. Few of them can accurately decide whether an attack is really harmful and quickly answer how severe the attack is. To raise the tenants' awareness of the seriousness of SQLIAs, in this paper, we introduce a novel traffic-based SQLIA detection and vulnerability analysis framework named DIAVA, which can proactively send warnings to tenants promptly. By analyzing the bidirectional network traffic of SQL operations and applying our proposed multilevel regular expression model, DIAVA can accurately identify successful SQLIAs among all the suspects. Meanwhile, the severity of such SQLIAs and the vulnerabilities of the corresponding leaked data can be quickly evaluated by DIAVA based on its GPU-based dictionary attack analysis engine. Experimental results show that DIAVA not only outperforms state-of-the-art WAFs in detecting SQLAs from the perspectives of precision and recall, but also enables real-time vulnerability evaluation of leaked data caused by SQL injection.