Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
All Database Management Systems used in the industry provide secure access to data at the server level. The level of security is influenced by technology, security model, password encryption method, password strength and others. The human factor – unreasonable behaviour of users – also has a significant impact on safety. Developers of database applications often implement their security policy by limiting the risk caused by users. This implementation has a disadvantage – it does not work outside of the application. A large number and variety of applications that work with the database server may then create a security gap. The paper presents the authors’ extensions of the functional features implemented in the Oracle database server, increasing the security of data access. The implemented methods of controlling the time of user access to data and limiting the use of serial and modular passwords are also discussed.
Słowa kluczowe
Wydawca
Rocznik
Tom
Strony
69--75
Opis fizyczny
Bibliogr. 23 poz., fig., tab.
Twórcy
autor
- Lublin University of Technology
autor
- Lublin University of Technology
Bibliografia
- 1. Ahn G.-J., Sandhu R., Role-based authorization constraints specification. ACM Transactions on Information & System Security, 3(4), 2000, 207-226.
- 2. Bouzida Y., Logrippo L., Mankovski S., Concrete- and abstract-based access control. International Journal of Information Security, 10(4), 2011, 223-238.
- 3. CC. Common Criteria, 1/25/2016, http://www.commoncriteriaportal.org.
- 4. Chiasson S., van Oorschot P.C., Quantifying the security advantage of password expiration policies. Designs Codes and Cryptography, 77, 2015, 401-408.
- 5. CP. Certified Products. Common Criteria, 1/25/2016, http://www.commoncriteriaportal.org/products/
- 6. Duggan G.B., Johnson H., Grawemeyer B., Rational security: Modelling everyday password use. International Journal of Human Computer Studies, 70 (6), 2012, 415-431.
- 7. El Menshawy D., Mokhtar H., Hegazy O., A Keystroke Dynamics Based Approach for Continuous Authentication. In: Kozielski, A., Mrozek, D., Kasprowski, P., Małysiak-Mrozek, B., Kostrzewa, D. (eds) Beyond Databases, Architectures, and Structures, CCIS, 424, 2014, 415-424.
- 8. Fogel S., Oracle Database Administrator's Guide. 11g Release 2 (11.2). Oracle Corp., 2013.
- 9. Gruner F., Kassel S., Extending Lifecycle of Legacy Systems – An Approach for SME to Enhance Their Supported Business Processes through a Service-Integration-System. International Federation For Information Processing –Publications, 372, 2012, 43-50.
- 10. Hasani S. M., Modiri N., Criteria Specifications for the Comparison and Evaluation of Access Control Models. International Journal of Computer Network & Information Security, 5(5), 2013, 19-29.
- 11. Huey P., Oracle Database Security Guide. 11g Release 2 (11.2). Oracle Corp., 2012.
- 12. Juszczyk M., Digital identity acceptance at Polish large enterprises: The survey results. Actual Problems of Economics, 132, 2012, 474-481.
- 13. Juszczyk M., Impact of human factor in data security. Actual Problems of Economics, 120, 2011, 359-364.
- 14. Kozieł G., Information security policy creating. Actual Problems of Economics, 126, 2011, 367-380.
- 15. Lichtfield D., Anley C., Heasman J., Grindlay B., The Database Hacker’s Handbook: Defending Database Server. Wiley&Sons, 2005.
- 16. Lorenz B., Kikkas K., Klooster A., The four most-used passwords are love, sex, secret, and god: Password security and training in different user groups. In: Marinos, L., Askoxylakis, I. (eds) First Int. Conference on Human Aspects of Information Security, Privacy, and Trust. LNCS, 8030, 2013, 276-283.
- 17. Milosz E., Milosz M., Digital Identity Management at Polish SMEs. Actual Problems of Economics, 120, 2011, 340-345.
- 18. Natan R.B., Implementing Database Security and Auditing. Elsevier Inc., 2005.
- 19. Neagu A., Oracle 11g Anti-Hackre’s Cookbook. PACKT Publishing, 2012.
- 20. Ni Q., Bertino E., Lobo J., Brodie C., Karat C., Karat J., Trombetta A., Privacy-Aware Role-Based Access Control. ACM Transactions on Information & System Security, 13(3), 2010, 24-31.
- 21. Shaul J., Ingram A., Practical Oracle Security: Your Unauthorized Guide to Relational Database Security. Syngress Publishing Inc., 2007.
- 22. Thion R., Coulondre S., A relational database integrity framework for access control policies. Journal of Intelligent Information Systems, 38(1), 2012, 131-159.
- 23. Zezschwitz E., Luca A., Heinrich Hussmann H., Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition. In: Human-Computer Interaction – INTERACT 2013. LNCS, 8119, 2013, 460-467.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-0d89d2d7-6c76-4af3-8111-762f8c6249d3