JOINT THRESHOLD ADMINISTRATION MODEL FOR INTRUSION RESPONSE SYSTEM IN RELATIONAL DATABASES

UNDER THE GUIDANCE OF Mr.MUKESH, Assistant Professor

BY M.M.VINAY (08071A0589) P.TRILOK (08071A05A2) R.NAGARAJU (08071A05A6)

CONTENTSProblem definitionAbstractExisting and Proposed systemModulesRequirementsSystem ArchitectureDesign-UML DiagramsDatabase DesignImplementation-screen shotsTest casesFuture EnhancementsConclusionReferences

PROBLEM DEFINITION

To Implement an Intrusion Response System for Relational Databases

ABSTRACTWe propose the notion of database response policies to support our intrusion response system tailored for a DBMS.The two main issues that we address in context of such response policies are that of policy matching, and policy administration.We propose a novel Joint Threshold Administration Model (JTAM) that is based on the principle of separation of duty.

EXISTING SYSTEMStandard database security mechanisms, such as access control, authentication, and encryption, are not of much help when it comes to preventing data theft from insiders.

PROPOSED SYSTEMIntrusion detection (ID) is a solution for high-assurance database security. ID mechanism consists of three main elements 1. Joint Threshold Administration Model 2. Anomaly detection system 3. Anomaly response system.

MODULESDBA and USER MAINTENANCE POLICY ADMINISTRATIONPOLICY ACTIVATIONANOMALY DETECTIONANOMALY RESPONSE SYSTEM LOG AND ACCESS INFORMATION

MINIMUM HARDWARE REQUIREMENTSPROCESSOR : PENTIUM IVRAM: 512 Mb RAMMONITOR: 15 COLORHARD DISK: 10 GB Space

SOFTWARE REQUIREMENTSOPERATING SYSTEM : Windows XP ProfessionalENVIRONMENT :Visual Studio .NET 2008.NET FRAMEWORK :Version 3.5LANGUAGE :VB.NETBACK END :SQL server 2005

ARCHITECTURE DIAGRAMSSoftware ArchitectureTechnical Architecture

SOFTWARE ARCHITECTURE Client DBA user

Presentation layer Application Integration Data

VB.NET - WINDOWS FORMSDB INTRUSIONADO.NET SQL SERVER

TECHNICAL ARCHITECTURE DBA USERS admins access reports result

ADO.NETPOLICY CREATIONANOMALY DETECTIONANOMALY RESPONSESYSTEM LOGDB INTRUSIONVB.NETSQL SERVER

UML DIAGRAMSClass DiagramUse case DiagramSequence DiagramCollaboration DiagramActivity Diagram

CLASS DIAGRAM

USE CASE DIAGRAM

SEQUENCE FOR LOGIN

COLLABORATION FOR LOGIN

SEQUENCE FOR USER ADMINISTRATION

COLLABORATION FORUSER ADMINISTRATION

SEQUENCE FOR POLICY ADMINISTRATION

COLLABORATION FOR POLICY ADMINISTRATION

SEQUENCE FOR ADMIN OPERATIONS

COLLABORATION FOR ADMIN OPERATION

SEQUENCE FOR USER OPERATION

COLLABORATION FOR USER OPERATION

ACTIVITY DIAGRAM

DATABASE DESIGNDBA TABLE

USER TABLE

POLICIES TABLE

VOTES TABLE

LOG TABLE

Implementationscreen shots

TEST CASES

CASEINPUTSACTUAL OUTPUTOBTAINED OUTPUTDESCRIPTIONSuccessful loginType, uid, pwdSuccessSuccessTest passed. Transfer to menuun-successful loginType, uid, pwdFailedFailedTest passed.Invalid.try againSuccessful DBA creationId,name,pwdSuccessSuccessTest passed. DBA is created.un-successful DBA creationEither Id, name, pwdFailedFailedTest passed. Dba not created. provide all details,Successful user creationId,name,pwdSuccessSuccessTest passed. User createdUnsuccessful user creationEither id,name,pwdFailedFailedTest passed. User not created. Provide all details

TEST CASES

CASEINPUTSACTUAL OUTPUTOBTAINED OUTPUTDESCRIPTIONSuccessful policy creationPid,did,pname, tname, operationSuccessSuccessTest passed. Policy createdun-successful policy creationEither Pid,did,pname, tname, operationFailedFailedTest passed policy not created.Successful policy associationUid,pidSuccessSuccessTest passed. Policy associatedun-successful policy associationEither uid, pidFailedFailedTest passed. Policy not associated. provide all details,Successful user operationSql statementSuccessSuccessTest passed. Cmd executed.Unsuccessful user operationSql statementFailedFailedTest passed. Anomaly detected. Cmd not executed.

FUTURE ENHANCEMENTS

Alerts can be extended to the DBAs mobile.The application can also be extended to the web.

CONCLUSION

This application will monitor the database and will reduce the misuse of privileges assigned to users. The possibility of an unwanted permission being assigned or excess permission being assigned can be minimized or nullified.

REFERENCESDesign and Implementation of an Intrusion Response System for Relational Databases http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5560655A. Conry-Murray, The Threat from within. Network Computing (Aug. 2005), http://www.networkcomputing.com/showArticle. jhtml?articleID=166400792, July 2009.M. Nicolett and J. Wheatman, Dam Technology ProvidesMonitoring and Analytics with Less Overhead. Gartner Research(Nov. 2007), http://www.gartner.com, 2010.R. Mogull, Top Five Steps to Prevent Data Loss and InformationLeaks. Gartner Research (July 2006), http://www.gartner.com,2010.

THANK YOU