DOI QR코드

DOI QR Code

A Study on Database Access Control using Least-Privilege Account Separation Model

최소 권한 계정 분리 모델을 이용한 데이터베이스 엑세스 제어 연구

  • Received : 2019.08.20
  • Accepted : 2019.09.11
  • Published : 2019.09.30

Abstract

In addition to enabling access, database accounts play a protective role by defending the database from external attacks. However, because only a single account is used in the database, the account becomes the subject of vulnerability attacks. This common practice is due to the lack of database support, large numbers of users, and row-based database permissions. Therefore if the logic of the application is wrong or vulnerable, there is a risk of exposing the entire database. In this paper, we propose a Least-Privilege Account Separation Model (LPASM) that serves as an information guardian to protect the database from attacks. We separate database accounts depending on the role of application services. This model can protect the database from malicious attacks and prevent damage caused by privilege escalation by an attacker. We classify the account control policies into four categories and propose detailed roles and operating plans for each account.

References

  1. S.M. Groomer and U.S. Murthy, "Continuous auditing of database applications: An embedded audit module approach," In Continuous Auditing: Theory and Application, 2018, pp.105-124.
  2. Separation of system resources guideline, UC Berkely Information Security Office, https://security.berkeley.edu/separation-system-resources-guideline
  3. M. Malik and T. Patel, "Database security attacks and control methods," International Journal of Information, Vol.6, 2016, pp.175-183.
  4. P. Colombo and E. Ferrari, "Enforcement of purpose based access control within relational database management systems," IEEE Transactions on Knowledge and Data Engineering, Vol.26, No.11, 2014, pp.2703-2716. https://doi.org/10.1109/TKDE.2014.2312112
  5. SU. Moon and YJ. Jeong, "System and method for authentication," DC: U.S. Patent and Trademark Office, 2016.
  6. M. Guarnieri, S. Marinovic, and D. Basin, D. "Strong and provably secure database access control," In 2016 IEEE Euro S&P, 2016, pp.163-178.
  7. CK. Wee and R. Nayak, R. "A novel database exploitation detection and privilege control system using data mining," In Modern Approaches for Intelligent Information and Database Systems, 2018, pp.505-516.
  8. N. Batra and H. Aggarwal, "Autonomous multilevel policy based security configuration in distributed database," International Journal of Computer Science Issues(IJCSI), Vol.9, No.6, 2012, pp.170-176.
  9. YS. Jang and JY. Choi, "Detecting SQL injection attacks using query result size," Comput. Sec., Vol. 44, 2014, pp.104-118. https://doi.org/10.1016/j.cose.2014.04.007
  10. JS. Park and CS. Kim, "Research trends analysis of big data: focused on the topic modeling," The korea society of digital industry and information management, Vol.15, No.1, 2019, pp.1-7.
  11. ES. Cho, SY. Min, SH. Kim, and BG. Kim, "Development of extracting system for meaning subject related social topic using deep learning," The korea society of digital industry and information management, Vol.14, No.4, 2019, pp.35-45.