Upload
trilokreddy1
View
12
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Intrusion Response for Rel DB
Citation preview
JOINT THRESHOLD ADMINISTRATION MODEL FOR INTRUSION RESPONSE SYSTEM IN RELATIONAL DATABASES
UNDER THE GUIDANCE OF Mr.MUKESH, Assistant Professor
BY M.M.VINAY (08071A0589) P.TRILOK (08071A05A2) R.NAGARAJU (08071A05A6)
CONTENTSProblem definitionAbstractExisting and Proposed systemModulesRequirementsSystem ArchitectureDesign-UML DiagramsDatabase DesignImplementation-screen shotsTest casesFuture EnhancementsConclusionReferences
PROBLEM DEFINITION
To Implement an Intrusion Response System for Relational Databases
ABSTRACTWe propose the notion of database response policies to support our intrusion response system tailored for a DBMS.The two main issues that we address in context of such response policies are that of policy matching, and policy administration.We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty.
EXISTING SYSTEMStandard database security mechanisms, such as access control, authentication, and encryption, are not of much help when it comes to preventing data theft from insiders.
PROPOSED SYSTEMIntrusion detection (ID) is a solution for high-assurance database security. ID mechanism consists of three main elements 1. Joint Threshold Administration Model 2. Anomaly detection system 3. Anomaly response system.
MODULESDBA and USER MAINTENANCE POLICY ADMINISTRATIONPOLICY ACTIVATIONANOMALY DETECTIONANOMALY RESPONSE SYSTEM LOG AND ACCESS INFORMATION
MINIMUM HARDWARE REQUIREMENTSPROCESSOR : PENTIUM IVRAM: 512 Mb RAMMONITOR: 15 COLORHARD DISK: 10 GB Space
SOFTWARE REQUIREMENTSOPERATING SYSTEM : Windows XP ProfessionalENVIRONMENT :Visual Studio .NET 2008.NET FRAMEWORK :Version 3.5LANGUAGE :VB.NETBACK END :SQL server 2005
ARCHITECTURE DIAGRAMSSoftware ArchitectureTechnical Architecture
SOFTWARE ARCHITECTURE Client DBA user
Presentation layer Application Integration Data
VB.NET - WINDOWS FORMSDB INTRUSIONADO.NET SQL SERVER
TECHNICAL ARCHITECTURE DBA USERS admins access reports result
ADO.NETPOLICY CREATIONANOMALY DETECTIONANOMALY RESPONSESYSTEM LOGDB INTRUSIONVB.NETSQL SERVER
UML DIAGRAMSClass DiagramUse case DiagramSequence DiagramCollaboration DiagramActivity Diagram
CLASS DIAGRAM
USE CASE DIAGRAM
SEQUENCE FOR LOGIN
COLLABORATION FOR LOGIN
SEQUENCE FOR USER ADMINISTRATION
COLLABORATION FORUSER ADMINISTRATION
SEQUENCE FOR POLICY ADMINISTRATION
COLLABORATION FOR POLICY ADMINISTRATION
SEQUENCE FOR ADMIN OPERATIONS
COLLABORATION FOR ADMIN OPERATION
SEQUENCE FOR USER OPERATION
COLLABORATION FOR USER OPERATION
ACTIVITY DIAGRAM
DATABASE DESIGNDBA TABLE
USER TABLE
POLICIES TABLE
VOTES TABLE
LOG TABLE
Implementationscreen shots
TEST CASES
CASEINPUTSACTUAL OUTPUTOBTAINED OUTPUTDESCRIPTIONSuccessful loginType, uid, pwdSuccessSuccessTest passed. Transfer to menuun-successful loginType, uid, pwdFailedFailedTest passed.Invalid.try againSuccessful DBA creationId,name,pwdSuccessSuccessTest passed. DBA is created.un-successful DBA creationEither Id, name, pwdFailedFailedTest passed. Dba not created. provide all details,Successful user creationId,name,pwdSuccessSuccessTest passed. User createdUnsuccessful user creationEither id,name,pwdFailedFailedTest passed. User not created. Provide all details
TEST CASES
CASEINPUTSACTUAL OUTPUTOBTAINED OUTPUTDESCRIPTIONSuccessful policy creationPid,did,pname, tname, operationSuccessSuccessTest passed. Policy createdun-successful policy creationEither Pid,did,pname, tname, operationFailedFailedTest passed policy not created.Successful policy associationUid,pidSuccessSuccessTest passed. Policy associatedun-successful policy associationEither uid, pidFailedFailedTest passed. Policy not associated. provide all details,Successful user operationSql statementSuccessSuccessTest passed. Cmd executed.Unsuccessful user operationSql statementFailedFailedTest passed. Anomaly detected. Cmd not executed.
FUTURE ENHANCEMENTS
Alerts can be extended to the DBAs mobile.The application can also be extended to the web.
CONCLUSION
This application will monitor the database and will reduce the misuse of privileges assigned to users. The possibility of an unwanted permission being assigned or excess permission being assigned can be minimized or nullified.
REFERENCESDesign and Implementation of an Intrusion Response System for Relational Databases http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5560655A. Conry-Murray, The Threat from within. Network Computing (Aug. 2005), http://www.networkcomputing.com/showArticle. jhtml?articleID=166400792, July 2009.M. Nicolett and J. Wheatman, Dam Technology ProvidesMonitoring and Analytics with Less Overhead. Gartner Research(Nov. 2007), http://www.gartner.com, 2010.R. Mogull, Top Five Steps to Prevent Data Loss and InformationLeaks. Gartner Research (July 2006), http://www.gartner.com,2010.
THANK YOU