Security Issues with Databases by Jing Ji
Security Issues with Databases
by
Jing Ji
David Maccarone
Sheng Mao
Security Issues with Databases
1. Current state of database security
A database is a system that is specialized to manage data in a computer application system. Data has many forms, such as text, digital, symbols, graphics, images and sound. The database systems are integral components of current and future command, communication, control and intelligence information systems. (Lunt, 1992, p. 253) Databases are used widely in our life. Because of databases, vast amounts of data have become easier to use and manage. Government, finance, operators, public security, energy, taxation, business, social security, transportation, health, education, e-commerce and corporate sectors have all set up their own database application systems in order to keep tremendous amounts of data in the database to manage and use, leading society into the information era. Meanwhile, with the development of the internet, databases play an even more import role, as they are invoked in website design and network marketing, including inquiries or information gathering of products, Press Releases, etc. However, information technology is a double-edged sword. While bringing about social progress and development, it also brings a lot of potential safety hazards. For databases, the potential safety hazards are great, due to its ubiquity, as can be seen in the various situations where database security incidents happen. Examples are: a systems development engineer invades the mobile central database via the Internet to steal prepaid cards; a hospital database system is illegally invaded, resulting in tens of thousands of patients’ privacy information being stolen; a DBA in a game-design company modifies the data illegally in the database to steal game cards; hackers use SQL injection attacks, invading a database center of anti-virus software to steal a large amount of confidential information, leading
by
Jing Ji
David Maccarone
Sheng Mao
Security Issues with Databases
1. Current state of database security
A database is a system that is specialized to manage data in a computer application system. Data has many forms, such as text, digital, symbols, graphics, images and sound. The database systems are integral components of current and future command, communication, control and intelligence information systems. (Lunt, 1992, p. 253) Databases are used widely in our life. Because of databases, vast amounts of data have become easier to use and manage. Government, finance, operators, public security, energy, taxation, business, social security, transportation, health, education, e-commerce and corporate sectors have all set up their own database application systems in order to keep tremendous amounts of data in the database to manage and use, leading society into the information era. Meanwhile, with the development of the internet, databases play an even more import role, as they are invoked in website design and network marketing, including inquiries or information gathering of products, Press Releases, etc. However, information technology is a double-edged sword. While bringing about social progress and development, it also brings a lot of potential safety hazards. For databases, the potential safety hazards are great, due to its ubiquity, as can be seen in the various situations where database security incidents happen. Examples are: a systems development engineer invades the mobile central database via the Internet to steal prepaid cards; a hospital database system is illegally invaded, resulting in tens of thousands of patients’ privacy information being stolen; a DBA in a game-design company modifies the data illegally in the database to steal game cards; hackers use SQL injection attacks, invading a database center of anti-virus software to steal a large amount of confidential information, leading
Bibliography: Chen, Ke, Chen, Gang, and Dong, Jinxiang. (2005). An Immunity-Based Intrusion Detection Solution for Database Systems. In Wenfei Fan, Zhaohui Wu, Jun Yang (Eds.), Advances in Web-Age Information Management (pp. 773-778). New York: Springer-Verlag. Clarke, Justin (2009). SQL Injection Attacks and Defense. Burlington, MA: Syngress. Li, Yingjiu, Guo, Huiping, and Wang, Shuhong. (2008). A Multiple-Bits Watermark for Relational Data. Journal of Database Management, 19(3), 1-21. Retrieved from Computer Database (http://proxy.nss.udel.edu:2104/gtx/start.do?prodId=CDB&userGroupName=udel_main) Lunt, Teresa F. (Ed.) (1992). Research Directions in Database Security. New York: Springer-Verlag. Natan, Ron Ben (2005). Implementing Database Security and Auditing. New York: Elsevier Digital Press. Oltsik, Jon (2009). Databases at Risk. Wilson, Rick L. and Rosen, Peter A. (2003). Protecting Data Through ‘Perturbation’ Techniques: The Impact on Knowledge Discovery in Databases. Journal of Database Management, 14(2), 14-26. Retrieved from Computer Database (http://proxy.nss.udel.edu:2104/gtx/start.do?prodId=CDB&userGroupName=udel_main) Prepared according to the APA Style. ----------------------- [1] Most of these came from Oltsik, 2009, p.4.