An Appraisal to Assess the Security of Database Configurations

2009 Fourth Latin-American Symposium on Dependable Computing

2009

Self Cite

Database Management Systems (DBMS) are usually immersed in a so complex environment that assessing the security impact of any particular configuration choice is an extremely hard task. DBMS configuration untrustworthiness can be defined as a measure of how much one should distrust a given configuration to be able to prevent the manifestation of the most common security threats as real attacks. In this paper we propose an approach to benchmark untrustworthiness in DBMS configurations. This benchmark allows database administrators to compare the trustworthiness of individual configuration choices from several perspectives and taking into account the threats that are meaningful for a particular environment. The paper discusses the characteristics of this type of tools and presents a preliminary untrustworthiness comparison of four real database installations (based on four different DBMS engines). Results show that untrustworthiness benchmarking can easily be used to compare and enhance the security of database systems.

show abstract

“…Due to the lack of space we do not present the complete list of recommendations, but interested readers can find it at [2].…”

Section: Defining Security Best Practicesmentioning

confidence: 99%

Section: Preliminary Examplementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Benchmarking Untrustworthiness in DBMS Configurations

2009 Fourth Latin-American Symposium on Dependable Computing

2009

Self Cite

show abstract

“…The final list includes 64 database configuration best practices associated with a weighted "criticality" defined by consensual judgment of several experts. More details can be found in [2]. Table II presents the 14 best practices (and their corresponding weights) that were pointed out as the most important ones by the experts.…”

Section: Sql Injection Enhancementmentioning

confidence: 99%

“…In [1,2] it is presented an approach to assess the security of DBMS configurations. That tool is based on a flat-out comparison of what security best practices are being applied or not in a given installation, by applying a set of predefined security tests.…”

Section: Background and Related Workmentioning

confidence: 99%

A Trust-Based Benchmark for DBMS Configurations

2009 15th IEEE Pacific Rim International Symposium on Dependable Computing

2009

Self Cite

Database Management Systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database system. Effectively, understanding the impact of different configuration alternatives in terms of security is one of the most difficult problems faced by database administrators nowadays (DBA). In this paper we propose a benchmark that allows DBAs to assess and compare database configurations. The benchmark provides a trust-based security metric, named minimum untrustworthiness, that expresses the minimum level of distrust the DBA should have in a given configuration regarding its ability to prevent attacks. The practical application of the benchmark in four real large database installations shows that it is quite easy to use and is, in fact, a powerful tool for DBAs to make informed security decisions, by taking into account the specifics needs of the environment being managed.

show abstract

Selecting Software Packages for Secure Database Installations

2011 Sixth International Conference on Availability, Reliability and Security

2011