共查询到20条相似文献,搜索用时 109 毫秒
1.
《Network Security》2003,2003(7):6-8
Paul Morrison, Insight ConsultingThis is the second of two articles that examines database security. In the previous article we discussed general database security concepts and common problems. In this article we will focus on specific Microsoft SQL and Oracle security concerns and just as important, solutions to mitigate these. 相似文献
2.
数据挖掘对数据库安全的影响 总被引:3,自引:0,他引:3
1.引言现代社会信息不断膨胀。在各种数据库、报刊、杂志、网络等媒体上,充斥着各种各样的信息。这些信息中既存在许多过时的、错误的或冗余的信息,也有许多有用的数据,包括一些敏感的数据,或是一些本身不敏感,但可以利用推理、归纳等逻辑手段从这些数据得到数据提供者本不想公开的隐私(private)数据。如何满足既利用好这些数据,同时又能维护数据提供者的隐私(privacy)要求已经成为当前数据库安全和数 相似文献
3.
随着社会经济的发展,信息安全渐渐成为众人关注的焦点。数据的安全和业务运行的可靠性越来越重要。本文将从简析数据库灾、简析数据库灾备体系在实际中的应用、浅谈数据库灾备的重要性及其发展方向等几个方面做一简要的分析。 相似文献
4.
随着计算机网络的发展,数据的共享日益加强,数据的安全保密越来越重要。为了响应数据安全需求,Oracle在其数据库产品中实现了强大的安全特性。文章从数据库用户安全、权限设置、数据限制等几个方面对Oracle数据库的安全性能进行分析研究。 相似文献
5.
Securing information over the Internet can be facilitated by a multitude of security technologies. Technologies such as intrusion detection systems, anti-virus software, firewalls and crypto devices have all contributed significantly to the security of information. This article focuses on vulnerability scanners (VSs). A VS has a vulnerability database containing hundreds of known vulnerabilities, which it scans for. VSs do not scan for the same type of vulnerabilities since the vulnerability databases for each VS differ extensively. In addition, there is an overlap of vulnerabilities between the vulnerability databases of various VSs. The concept of harmonised vulnerability categories is introduced in this paper. Harmonised vulnerability categories consider the entire scope of known vulnerabilities across various VSs in a bid to act as a mediator in assessing the vulnerabilities that VSs scan for. Harmonised vulnerability categories, thus, are used to do an objective assessment of the vulnerability database of a VS. 相似文献
6.
7.
蒋燕 《数字社区&智能家居》2009,(18)
Access数据库作为网站的首选数据库方案。因其操作便捷、界面友好等优点而拥有大批用户,但它也存在着不容忽视的安全问题。文章分析了Access数据库存在的安全隐患,有针对性的提出了增强安全、消除隐患的方法。 相似文献
8.
Walter Peissl 《突发事故与危机管理杂志》2003,11(1):19-24
Modern societies are vulnerable. We have known this long before the attacks of 11 September 2001, but they made it clear to everyone. The second lesson learned from the attacks was that it is impossible to foresee such events. Although these attacks to the real world were “low‐tech”, now there are attempts around the globe to control especially the electronic or virtual world. However, does more surveillance really lead to more security? If so, what will be the price we have to pay? National states try to provide their citizens with a high level of security, but the effort for better security often gets mixed up with the claim for more surveillance. This is one reason why, over the past few months, governmental activities seemed to jeopardise the internationally acknowledged fundamental right of privacy. Societal security versus personal freedom is an old and well‐known area of conflict. In the light of the incidents of 11 September 2001 some old ideas for surveillance and for measures restricting privacy got on the agenda again – and new ones keep emerging. This article will give an overview of what happened on a governmental level after 11 September 2001 in the EU, in some EU‐member states and in the USA. Apart from political actions, we already face even direct socio‐economic implications as some anonymiser services were shut down. They empowered Internet users to protect their right of privacy, and they were the first targets of investigation and suspicion. Shutting down these services reduces the potential room for users to protect their privacy by using Privacy Enhancing Technologies (PETs). This is an indicator for a serious societal problem: democracy has already changed. In the second part I will analyse the relationship between surveillance and security and I will argue that, and give reasons why, these international over‐reactions will not lead to the intended effects. Rather, they will have long‐term implications for the respective societies. So in the end this has to be acknowledged in a necessary appreciation of values. 相似文献
9.
Hui Xiong Michael Steinbach Vipin Kumar 《The VLDB Journal The International Journal on Very Large Data Bases》2006,15(4):388-402
In multi-relational databases, a view, which is a context- and content-dependent subset of one or more tables (or other views), is often used to preserve privacy by hiding sensitive information. However, recent developments in data mining present a new challenge for database security even when traditional database security techniques, such as database access control, are employed. This paper presents a data mining framework using semi-supervised learning that demonstrates the potential for privacy leakage in multi-relational databases. Many different types of semi-supervised learning techniques, such as the K-nearest neighbor (KNN) method, can be used to demonstrate privacy leakage. However, we also introduce a new approach to semi-supervised learning, hyperclique pattern-based semi-supervised learning (HPSL), which differs from traditional semi-supervised learning approaches in that it considers the similarity among groups of objects instead of only pairs of objects. Our experimental results show that both the KNN and HPSL methods have the ability to compromise database security, although the HPSL is better at this privacy violation (has higher prediction accuracy) than the KNN method. Finally, we provide a principle for avoiding privacy leakage in multi-relational databases via semi-supervised learning and illustrate this principle with a simple preventive technique whose effectiveness is demonstrated by experiments.A preliminary version of this work has been published as a two-page short paper in ACM CIKM 2005 (Proceedings of the ACM conference on information and knowledge management (CIKM) 2005). 相似文献
10.
SSL/TLS协议是目前通信安全和身份认证方面应用最为广泛的安全协议之一,对于保障信息系统的安全有着十分重要的作用.然而,由于SSL/TLS协议的复杂性,使得Web网站在实现和部署SSL/TLS协议时,很容易出现代码实现漏洞、部署配置缺陷和证书密钥管理问题等安全缺陷.这类安全问题在Web网站中经常发生,也造成了许多安全事件,影响了大批网站.因此,本文首先针对Web网站中安全检测与分析存在工具匮乏、检测内容单一、欠缺详细分析与建议等问题,设计并实现了Web网站SSL/TLS协议部署配置安全漏洞扫描分析系统,本系统主要从SSL/TLS协议基础配置、密码套件支持以及主流攻击测试三方面进行扫描分析;之后使用该检测系统对Alexa排名前100万网站进行扫描,并做了详细的统计与分析,发现了不安全密码套件3DES普遍被支持、关键扩展OCSP Stapling支持率不足25%、仍然有不少网站存在HeartBleed攻击等严重问题;最后,针对扫描结果中出现的主要问题给出了相应的解决方案或建议. 相似文献
11.
Ashish Kamra Evimaria Terzi Elisa Bertino 《The VLDB Journal The International Journal on Very Large Data Bases》2008,17(5):1063-1077
A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high
assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID)
techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms
proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach
is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles
that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing
the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a
RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is
able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An
important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting
against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user
population. In the second scenario, we assume that there are no roles associated with users of the database. In this case,
we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal
user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to
identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database
traces shows that our methods work well in practical situations.
This material is based upon work supported by the National Science Foundation under Grant No. 0430274 and the sponsors of
CERIAS. 相似文献
12.
13.
信息系统安全需要从多方面予以保障。可是,人们当前在很多情况下是分开考虑的,比如有些主要从数据库方面关注,考虑数据库自身的数据安全、访问控制和数据一致性;而有些着眼于从程序结构、设计方法等来满足系统安全。实际中,用户使用数据库中的数据不是直接从中得到的,而是经过展现在他们面前的程序界面实现的,从用户看到的
的程序界面到数据库本身的数据,中间可能经过了多个程序控制的环节,而将数据库和程序设计一起考虑,如何提高系统的安全性并不多见。本文探讨了如何通过程序设计对数据库进行多方位控制来保证信息系统所使用的数据的安全。 相似文献
的程序界面到数据库本身的数据,中间可能经过了多个程序控制的环节,而将数据库和程序设计一起考虑,如何提高系统的安全性并不多见。本文探讨了如何通过程序设计对数据库进行多方位控制来保证信息系统所使用的数据的安全。 相似文献
14.
15.
基于可搜索加密机制的数据库加密方案 总被引:1,自引:0,他引:1
近年来,数据外包的日益普及引发了数据泄露的问题,云服务器要确保存储的数据具有足够的安全性,为了解决这一问题,亟需设计一套高效可行的数据库加密方案,可搜索加密技术可较好地解决面向非结构文件的查询加密问题,但是仍未较好地应用在数据库中,因此,针对上述问题,提出基于可搜索加密机制的数据库加密方案.本文贡献如下:第一,构造完整的密态数据库查询框架,保证了数据的安全性且支持在加密的数据库上进行高效的查询;第二,提出了满足IND-CKA1安全的数据库加密方案,在支持多种查询语句的前提下,保证数据不会被泄露,同时在查询期间不会降低数据库中的密文的安全性;第三,本方案具有可移植性,可以适配目前主流的数据库如MySQL、PostgreSQL等,本文基于可搜索加密方案中安全索引的构建思想,利用非确定性加密方案和保序加密方案构建密态数据库安全索引结构,利用同态加密以及AES-CBC密码技术对数据库中的数据进行加密,实现丰富的SQL查询,包括等值查询、布尔查询、聚合查询、范围查询以及排序查询等,本方案较BlindSeer在功能性方面增加了聚合查询的支持,本方案改善了CryptDB方案执行完成SQL查询后产生相等性泄露和顺序泄露的安全性问题,既保证了数据库中密文的安全性,又保证了系统的可用性,最后,我们使用一个有10000条记录的Student表进行实验,验证了方案框架以及算法的有效性,同时,将本方案与同类方案进行功能和安全性比较,结果表明本方案在安全性和功能性之间取得了很好的平衡. 相似文献
16.
Greitzer F.L. Moore A.P. Cappelli D.M. Andrews D.H. Carroll L.A. Hull T.D. 《Security & Privacy, IEEE》2008,6(1):61-64
The penetration of US national security by foreign agents as well as American citizens is a historical and current reality that's a persistent and increasing phenomenon. Surveys, such as the e-crime watch survey, reveal that current or former employees and contractors are the second greatest cybersecurity threat, exceeded only by hackers, and that the number of security incidents has increased geometrically in recent years. The insider threat is manifested when human behavior departs from compliance with established policies, regardless of whether it results from malice or a disregard for security policies. In this article, we focus on the need for effective training to raise staff awareness about insider threats and the need for organizations to adopt a more effective approach to identifying potential risks and then taking proactive steps to mitigate them. 相似文献
17.
Computing environment is moving towards human-centered designs instead of computer centered designs and human's tend to communicate wealth of information through affective states or expressions. Traditional Human Computer Interaction (HCI) based systems ignores bulk of information communicated through those affective states and just caters for user's intentional input. Generally, for evaluating and benchmarking different facial expression analysis algorithms, standardized databases are needed to enable a meaningful comparison. In the absence of comparative tests on such standardized databases it is difficult to find relative strengths and weaknesses of different facial expression recognition algorithms. In this article we present a novel video database for Children's Spontaneous facial Expressions (LIRIS-CSE). Proposed video database contains six basic spontaneous facial expressions shown by 12 ethnically diverse children between the ages of 6 and 12 years with mean age of 7.3 years. To the best of our knowledge, this database is first of its kind as it records and shows spontaneous facial expressions of children. Previously there were few database of children expressions and all of them show posed or exaggerated expressions which are different from spontaneous or natural expressions. Thus, this database will be a milestone for human behavior researchers. This database will be a excellent resource for vision community for benchmarking and comparing results. In this article, we have also proposed framework for automatic expression recognition based on Convolutional Neural Network (CNN) architecture with transfer learning approach. Proposed architecture achieved average classification accuracy of 75% on our proposed database i.e. LIRIS-CSE. 相似文献
18.
As a new form of sustainable development, the concept “Smart Cities” knows a large expansion during the recent years. It represents an urban model, refers to all alternative approaches to metropolitan ICTs case to enhance quality and performance of urban service for better interaction between citizens and government. However, the smart cities based on distributed and autonomous information infrastructure contains millions of information sources that will be expected more than 50 billion devices connected by using IoT or other similar technologies in 2020. In Information Technology, we often need to process and reason with information coming from various sources (sensors, experts, models). Information is almost always tainted with various kinds of imperfection: imprecision, uncertainty, ambiguity, we need a theoretical framework general enough to allow for the representation, propagation and combination of all kinds of imperfect information. The theory of belief functions is one such Framework. Real-time data generated from autonomous and distributed sources can contain all sorts of imperfections regarding on the quality of data e.g. imprecision, uncertainty, ignorance and/or incompleteness. Any imperfection in data within smart city can have an adverse effect over the performance of urban services and decision making. In this context, we address in this article the problem of imperfection in smart city data. We will focus on handling imperfection during the process of information retrieval and data integration and we will create an evidential database by using the evidence theory in order to improve the efficiency of smart city. The expected outcomes from this paper are (1) to focus on handling imperfection during the process of information retrieval and data integration (2) to create an evidential database by using the evidence theory in order to improve the efficiency of smart city. As experimentation we present a special case of modeling imperfect data in the field of Healthcare. An evidential database will be built which will contain all the perfect and imperfect data. These data come from several Heterogeneous sources in a context of Smart Cities. Imperfect aspects in the evidential database expressed by the theory of beliefs that will present in this paper. 相似文献
19.
Managing information security as opposed to the IT security is an area that is now eventually coming of age. For many years the focus has been mainly on IT security and with the implementation of such security left to the IT department and technical experts. Early in the 90s things started to change with the first draft of an information security management standard BS 7799 focusing in on security related to people, processes, information as well as IT. Since then there has been many developments taking us to where we are today with these early security management standards being transformed in international standards published by ISO/IEC. These standards are being used by hundreds of thousands of organisations using these standards worldwide. Based on the authors previously copyrighted writings, this article explores what these standards have got to offer organisations, what benefits are to be gained and how such standards have helped with compliance. In particular it focuses in on the insider threat as an example of one of the growing problems that organisations need to deal with and how these international standards are useful in helping to solve the insider threat problem. 相似文献
20.
随着计算机技术及互联网技术的快速发展,人们逐渐进入现代化信息时代。利用各种现代化信息手段,人们
的工作及生活都变得更加便利。但同时,也有不法分子利用网络的便利性不断进行网络安全攻击,使网络数据库安全受到威
胁,信息的传输及处理受到影响,为此就需制定一套完善的网络数据库安全机制以保证网络数据库的安全性。文章简单概述
了网络数据库安全机制的基本概念、网络数据库的模式及其安全机制模型,分析了网络数据库各层的安全机制,并讨论了利用
DBMS 安全机制来防范网络攻击问题,旨在为提高网络数据库的安全性提供若干建议。 相似文献