Improving data access security by server-side functional extensions

Miłosz, M.; Draganek, D.

doi:10.12913/22998624/62514

Artykuł - szczegóły

Tytuł artykułu

Improving data access security by server-side functional extensions

Autorzy

Miłosz M. , Draganek D.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12913/22998624/62514

Warianty tytułu

Języki publikacji

Abstrakty

All Database Management Systems used in the industry provide secure access to data at the server level. The level of security is influenced by technology, security model, password encryption method, password strength and others. The human factor – unreasonable behaviour of users – also has a significant impact on safety. Developers of database applications often implement their security policy by limiting the risk caused by users. This implementation has a disadvantage – it does not work outside of the application. A large number and variety of applications that work with the database server may then create a security gap. The paper presents the authors’ extensions of the functional features implemented in the Oracle database server, increasing the security of data access. The implemented methods of controlling the time of user access to data and limiting the use of serial and modular passwords are also discussed.

Słowa kluczowe

security data access access time control password policy

Wydawca

Lublin University of Technology
Polish Society of Ecological Engineering (PTIE), Branch of PTIE in Lublin

Czasopismo

Advances in Science and Technology. Research Journal

Rocznik

2016

Tom

Vol. 10, nr 30

Strony

69--75

Opis fizyczny

Bibliogr. 23 poz., fig., tab.

Twórcy

autor

Miłosz M.

m.milosz@pollub.pl

Lublin University of Technology

autor

Draganek D.

d.draganek@pollub.edu.pl

Lublin University of Technology

Bibliografia

1. Ahn G.-J., Sandhu R., Role-based authorization constraints specification. ACM Transactions on Information & System Security, 3(4), 2000, 207-226.
2. Bouzida Y., Logrippo L., Mankovski S., Concrete- and abstract-based access control. International Journal of Information Security, 10(4), 2011, 223-238.
3. CC. Common Criteria, 1/25/2016, http://www.commoncriteriaportal.org.
4. Chiasson S., van Oorschot P.C., Quantifying the security advantage of password expiration policies. Designs Codes and Cryptography, 77, 2015, 401-408.
5. CP. Certified Products. Common Criteria, 1/25/2016, http://www.commoncriteriaportal.org/products/
6. Duggan G.B., Johnson H., Grawemeyer B., Rational security: Modelling everyday password use. International Journal of Human Computer Studies, 70 (6), 2012, 415-431.
7. El Menshawy D., Mokhtar H., Hegazy O., A Keystroke Dynamics Based Approach for Continuous Authentication. In: Kozielski, A., Mrozek, D., Kasprowski, P., Małysiak-Mrozek, B., Kostrzewa, D. (eds) Beyond Databases, Architectures, and Structures, CCIS, 424, 2014, 415-424.
8. Fogel S., Oracle Database Administrator's Guide. 11g Release 2 (11.2). Oracle Corp., 2013.
9. Gruner F., Kassel S., Extending Lifecycle of Legacy Systems – An Approach for SME to Enhance Their Supported Business Processes through a Service-Integration-System. International Federation For Information Processing –Publications, 372, 2012, 43-50.
10. Hasani S. M., Modiri N., Criteria Specifications for the Comparison and Evaluation of Access Control Models. International Journal of Computer Network & Information Security, 5(5), 2013, 19-29.
11. Huey P., Oracle Database Security Guide. 11g Release 2 (11.2). Oracle Corp., 2012.
12. Juszczyk M., Digital identity acceptance at Polish large enterprises: The survey results. Actual Problems of Economics, 132, 2012, 474-481.
13. Juszczyk M., Impact of human factor in data security. Actual Problems of Economics, 120, 2011, 359-364.
14. Kozieł G., Information security policy creating. Actual Problems of Economics, 126, 2011, 367-380.
15. Lichtfield D., Anley C., Heasman J., Grindlay B., The Database Hacker’s Handbook: Defending Database Server. Wiley&Sons, 2005.
16. Lorenz B., Kikkas K., Klooster A., The four most-used passwords are love, sex, secret, and god: Password security and training in different user groups. In: Marinos, L., Askoxylakis, I. (eds) First Int. Conference on Human Aspects of Information Security, Privacy, and Trust. LNCS, 8030, 2013, 276-283.
17. Milosz E., Milosz M., Digital Identity Management at Polish SMEs. Actual Problems of Economics, 120, 2011, 340-345.
18. Natan R.B., Implementing Database Security and Auditing. Elsevier Inc., 2005.
19. Neagu A., Oracle 11g Anti-Hackre’s Cookbook. PACKT Publishing, 2012.
20. Ni Q., Bertino E., Lobo J., Brodie C., Karat C., Karat J., Trombetta A., Privacy-Aware Role-Based Access Control. ACM Transactions on Information & System Security, 13(3), 2010, 24-31.
21. Shaul J., Ingram A., Practical Oracle Security: Your Unauthorized Guide to Relational Database Security. Syngress Publishing Inc., 2007.
22. Thion R., Coulondre S., A relational database integrity framework for access control policies. Journal of Intelligent Information Systems, 38(1), 2012, 131-159.
23. Zezschwitz E., Luca A., Heinrich Hussmann H., Survival of the Shortest: A Retrospective Analysis of Influencing Factors on Password Composition. In: Human-Computer Interaction – INTERACT 2013. LNCS, 8119, 2013, 460-467.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-0d89d2d7-6c76-4af3-8111-762f8c6249d3