Towards assessing the security of DBMS configurations

2009 Fourth Latin-American Symposium on Dependable Computing

2009

Self Cite

Database Management Systems (DBMS) are usually immersed in a so complex environment that assessing the security impact of any particular configuration choice is an extremely hard task. DBMS configuration untrustworthiness can be defined as a measure of how much one should distrust a given configuration to be able to prevent the manifestation of the most common security threats as real attacks. In this paper we propose an approach to benchmark untrustworthiness in DBMS configurations. This benchmark allows database administrators to compare the trustworthiness of individual configuration choices from several perspectives and taking into account the threats that are meaningful for a particular environment. The paper discusses the characteristics of this type of tools and presents a preliminary untrustworthiness comparison of four real database installations (based on four different DBMS engines). Results show that untrustworthiness benchmarking can easily be used to compare and enhance the security of database systems.

Section: Preliminary Examplementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Benchmarking Untrustworthiness in DBMS Configurations

Neto

2009 Fourth Latin-American Symposium on Dependable Computing

2009

Self Cite

“…Neto and Vieira [12] propose an approach to assess the effectiveness of database management systems (DBMS) configurations concerning security. The approach consists in the use of a set of security best practices obtained through an analysis of the CIS security benchmarks for DBMS.…”

Section: Related Workmentioning

confidence: 99%

A security configuration assessment for android devices

Vecchiato

Proceedings of the 30th Annual ACM Symposium on Applied Computing

Martins

2015

Self Cite

The wide spreading of mobile devices, such as smartphones and tablets, and their always-advancing capabilities makes them an attractive target for attackers. This, together with the fact that users frequently store critical personal information in such devices and that many organizations currently allow employees to use their personal devices to access the enterprise information infrastructure and applications, makes the assessment of the security of mobile devices a key issue. This paper proposes an approach supported by a tool that allows assessing the security of Android devices based on the user-defined settings, which are known to be a key source of security vulnerabilities. The tool automatically extracts 41 settings from the mobile devices under testing, 14 of which defined and proposed in this work and the remaining adapted from the well-known CIS benchmarks. The paper discusses the settings that are analyzed, describes the overall architecture of the tool, and presents a preliminary evaluation that demonstrates the importance of this type of tools as a foundation towards the assessment of the security of mobile devices.

“…In [1,2] it is presented an approach to assess the security of DBMS configurations. That tool is based on a flat-out comparison of what security best practices are being applied or not in a given installation, by applying a set of predefined security tests.…”

Section: Background and Related Workmentioning

confidence: 99%

A Trust-Based Benchmark for DBMS Configurations

Neto

2009 15th IEEE Pacific Rim International Symposium on Dependable Computing

2009

Self Cite

Database Management Systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database system. Effectively, understanding the impact of different configuration alternatives in terms of security is one of the most difficult problems faced by database administrators nowadays (DBA). In this paper we propose a benchmark that allows DBAs to assess and compare database configurations. The benchmark provides a trust-based security metric, named minimum untrustworthiness, that expresses the minimum level of distrust the DBA should have in a given configuration regarding its ability to prevent attacks. The practical application of the benchmark in four real large database installations shows that it is quite easy to use and is, in fact, a powerful tool for DBAs to make informed security decisions, by taking into account the specifics needs of the environment being managed.