MN691 Assignment 3 - Final Report 2

MN691 Research Methods and Project Design

Database security system for applying sophisticated

access control in organisations

MN691 Research Methods and Project DesignPage 2 of 22

Final Report

Student Names: Arunkumar Radhakrishnan (mit150189)

Sakthi Karthikeyan.L (mit150190)

Abilash reddy (mit150573)

School of IT and Engineering

Trimester 2015


ACKNOWLEDGEMENTWe are thankful to Prof. Dr. Savitri Bevinakoppa for her aspiring guidance,

invaluably constructive criticism and friendly advice throughout the course journey. We take

this opportunity to thank each and everyone for their relentless assistance during times of

difficulties and also on and off contact hours. We are sincerely grateful to you for sharing

your truthful and enlightening views on a number of issues related to the project.

Signature of Students: ARUNKUMAR RADHAKRISHNANSAKTHI KARTHIKEYAN.LABILASH REDDY


Date of Submission of Report: 09.10.2015


Table of Contents

ACKNOWLEDGEMENT............................................................................3ABSTRACT..................................................................................................5INTRODUCTION.........................................................................................5PROBLEM DOMAIN AND RESEARCH QUESTIONS.................................6PROJECT REQUIREMENTS ANALYSIS AND SPECIFICATION.................8SUMMARY OF LITERATURE REVIEW.......................................................8Objectives of the Project...........................................................................15PROJECT PLAN AND PRELIMINARY DESIGN........................................15RESEARCH METHODS TO BE USED FOR THE NEXT STAGE OF THE PROJECT...................................................................................................16Gantt Chart.................................................................................................19CONCLUSION AND LIMITATIONS..........................................................19REFERENCES...........................................................................................20GLOSSARY AND ABBREVIATIONS................................................................21


ABSTRACT

As of late, data leak incidents have happened because of database security

vulnerabilities. The heads in the customary database access control systems stipend basic

authorizations to clients for getting to database objects. Despite the fact that they attempted to

apply more strict consents in late database frameworks, it was hard to legitimately receive

complex access control approaches to business databases because of execution corruptions.

This paper proposes a database security framework including a database firewall server as an

upgraded database access control framework which can effectively uphold complex security

arrangements to give database with secrecy utilizing an information covering method for

various conditions for example, the date, time, SQL string, and table sections to database

frameworks.

INTRODUCTION

Security is one of the key ideas to safeguard the CPS environment and diverse

implanting devices with a specific end goal to have a dependable and secure correspondence

stage. There are numerous security methodologies and routines proposed and executed

internationally keeping in mind the end goal to secure databases. These days all the private

and sensitive information are being stored in databases and almost every organization have an

increasing growth of using the same. Since this information is highly important and cost

excess amount of money, there is a growth of illegal access of information. There are various

methods that can be used such as Access control methods and data encryption. But these

methods also have many significant problems like database performance and confidentiality.

Hence security is one of the key ideas to safeguard the CPS (Cyber physical systems)

environment and diverse implanting devices with a specific end goal to have a dependable

and secure correspondence stage. There are numerous security methodologies and routines

proposed and executed internationally keeping in mind the end goal to secure databases. Until

now, all the efforts to establish safety have inclined to servers or systems while customers or

system endpoints have missed the indulged security concerns generally. Utilizing secure

equipment as a premise for trusted processing gives a level of significance since equipment

based security is mooted hard to trade off than customary methodologies. Therefore this trust-

based system enhances the certainty of secure entities joining the CPS framework


furthermore assembles connections among elements, along these lines expanding the security

shielding the shaped databases from outside dangers and attacks.

Here section 1 gives the review of the topic written. Section 2 gives a detailed

description of the problem domain and research questions. Section 3 provides the Project

requirements and Specifications. 3.1 provides the summary of the literature reviews .Section

4 is the Project plan & design. Section 5 is about project scheduling and Gantt chart. Section

6 is the conclusion and followed by section 7 are references.

PROBLEM DOMAIN AND RESEARCH QUESTIONS

The following discusses about the problems that the paper

encountered and the solutions that were derived from referring various other relative papers.

The solutions achieved may either be qualitative or quantitative based on their surveys.

How did we fix the performance reduction of data encryption and decryption time?

In the previous existing systems and oracle databases they have

the data encryption internally, in the new proposed system we made the data masking to work

independently. Therefore there is no reduction in performance. It is Qualitative.

How the confidentiality of the data is improved in proposed model?

The confidentiality of the data acts as a main feature for the

database security. Any way the database security is not significant. It may come up with new

challenges in the future, so we have fixed the present issues in the databases. The proposed

method fixes the problem of data packets that are sniffed while transmission. The data can be

hidden by using data masking so data masking is the new technique that we can implement to

secure the data while transmission. Hence the sensitive data are secured, even if one packet is

sniffed. Hence it is considered quantitative.

What did we improve with integrated management of database policy?

In terms of coordinated administration of a heterogeneous database approach, in

the previous technique, consent conflict issue can happen between different databases in

developing consent award structure. Additionally, incorporated approach can't be connected


since it is given by every database. In the proposed strategy, autonomous information

executions are conceivable on the grounds that information is worked before databases

specifically. Through this physical component, the expansion of consent structure in

incorporated administration can be conceivable. The following proposal is Qualitative.

Research Goal: Secrecy of information itself.

Viable inquiry and answer for access control.

Incorporated administration of heterogeneous database strategy.

Detailed access control as indicated by the differing access necessities.

Information handling which has the capacity do the indexing.

List of items Previously existing Oracle DBS Proposed model

Performance

reduction

Yes yes No-more

Delay of time Yes No-More No-more

Confidentiality No Yes Yes

Integrated

Management

NO Yes Yes

Specific column

result

Yes Yes Yes

SQL query No Yes Yes

Data indexing Yes Yes Yes

Table 1

The above table 1 explains about the improvements made in the proposed model.

The performance reduction is existing in previous model. In the proposed model there are no

more performance issues.

The delay time is reduced in the proposed model. Confidentiality is high in the proposed

model.


PROJECT REQUIREMENTS ANALYSIS AND SPECIFICATION

The paper is one of the recently published which describes about the modern security

threats that happen within an organization due to lack of security implementations, it also

describes about various strategies that secure the same. To all of the previously mentioned,

network security has always been a wide area to cover that has a vast opportunity for

individuals to specialize in.

Project requirements (hardware, Software, Etc):

1. oracle database “SQL”

2. The client machine should have to support windows 2000 & Unix

3. C++ is used for development the specifications.

4. Filter kit 2000 is to be used.

5. We also use group polices

6. Windows server 2000.

Resolve the information privacy issue of the existing database security framework,

and existing data can resolve framework overhead issue. Also, this data can cover time

postponement, proficiency, and incorporated administration issues, and can fulfil the

requirements of the information client. Furthermore, this paper applies the proposed system

to a strategy for information concealing; keeping in mind the end goal to ensure information

in and makes the information indexing conceivable.

SUMMARY OF LITERATURE REVIEW

This section gives ideas and other key elements gathered from other authors from

their work over the same topic. It also features new innovations that are possible to achieve

though the progress of this project. This area ought to contain highlights from the writing

audit segment, especially focuses and thoughts that this paper is to produce.

The paper [1] on “Internet of things” is commonly known as the intelligent way of

communication made by the network devices. Due to that reason there are many cyber

security vulnerabilities in them. Let us discuss about a few of them now.


The type of ubiquitous computing system of spontaneous interaction between digital

devices, bring convenience and risks that impact the society. Scientists say that it is good to

study about the risks that this system will cause before they are built and deployed. The

security the security of the devices are further classified in to three main classes 1

1. Integrity

2. Confidentiality

3. Availability

PDA is a kind of gadget which can control all your other devices. [1] we can say that

it is a centralized remote access. So by using a PDA we can get rid of all the other remote

controls like TV, STERIO, DVD, VCR, CENTRAL HEATING & AIR CONDITIONING.

So instead of having single remote for each and every devices all these devices are controlled

by one single gadget called PDA. To get it working all we need to do is establishing an

association between PDA and the device. The security issues with PDA are, these devices are

not supposed to be controlled by other people and replacing a broken PDA without losing the

control of all your appliances. [2]

How to solve the security issues with the resurrecting duckling security policy model.

The devices that are to be connected to PDA are assumed as slaves (Duckling) and the PDA

is the master (Mother Duck).

The 4 principles of the resurrection duckling are:

1. IMPRINTABLE: In this stage any one can take the connection of duckling.

2. IMPRINTED: In this stage the duckling obeys only to the Mother Duck.

3. IMPRINTING: The transition from imprint able to imprinted happens when the mother

duck sends the imprinting key to the duckling. This is done where the confidentiality and the

integrity is protected.

4. DEATH: The transition back from imprinted to imprint able is known as the death and this

can only be initiated by an order from the mother duck. The denial of service attacks are

resolved by this implementation. To tackle the new arising problems with the communication

and transmission. The new duckling policy model is been established. The security for the

authentication issues are well sorted.

Problem formulation:

The mother duck is the main person that have the privileges to change the policy of

the device. So we have two master long term and everyone have privileges which is


vulnerable. This can be closely held against the denial-of service attack by malicious people.

So the factor of security is less. [1]To provide high grade tamper resistance which can

significantly prevent attacker to modify settings, but it’s expensive[2]. To understand the

problem identification that technical mechanisms such as key-certification are too hard for

normal mortals to understand. The problem formulation for this type of ubiquitous computing

differs with various number of interesting ways from protection issues to distributed systems.

To tackle all this problem the author have proposed a new method called resurrecting

duckling policy.

Solution:

From the above justifications and the new approach methods the resurrection duckling

gives a great answers for the security of the systems. And how to secure this systems from the

attackers.

A. Denial of service of attacks Duckling policy.

B. Security of duckling policy issues.

Since it wasn’t practically experimented in a group of people. And it speaks about the

quality measures of security so I think this paper can be termed as a qualitative or analytical

research. This paper discuss more about the vulnerabilities of security issues and how the

duckling policy have overcome with that. This is experimented and implemented, there

would be future work on this section as well.

This paper [3] mainly focuses on how “Dutch government on cyber security strategy”

to reduce the cyber security threat, by building a partnerships between public and private

organizations. The author explains that this approach builds the trust building and

participation of common goals. This model was developed on the basis of study been made

from two decades. Firstly to distinguish the conceivable dangers that an association can

experience, then plan a particular examination model which will then organize the inputs and

after that furnish with arrangements that will help in alleviating the dangers.

Problem formulation

Any digital assault can hurt a relationship in any number of courses, stretching out

from minor damages to a site to shutting down focus frameworks and taking authorized


property. Consequently affiliations should execute critical, risk based understanding

structures remembering the final objective to opportune distinguish misrepresentation

exercises. The paper is generally common sense based which adjusts a substantial bit of the

current issues from the past investigation and courses of action that were made, by all plans

what's more, purposes realizes the probable game plans that are proposed here. It is test or

execution based where everything was inferred and actualized for the vital exercises, future

work will likewise be done from this paper considering their investigation.[4] This paper was

proposed as a consequence of investigating past cybercrime hones, following more current

dangers are rising regular the time has come to change the practices. It principally

concentrates on planning successful security frameworks that will anticipate interruptions.

Solution:

Along these lines helping in overseeing and securing the association's system

administrations. In addition this paper concentrates on the centre danger zones to which an

association is helpless and from which an investigation model is made which accumulates

the information, assesses them lastly gives a legitimate answer for the same. It is empirical or

quantitative and the Research is quantitative. The paper is generally research based which

adapts the vast majority of the momentum issues from the past examination and arrangements

that were made, it doesn't for all intents and purposes actualize the conceivable arrangements

that are proposed here. It is hypothesis based and future work can be done from this paper

taking into account their examination.

This paper[4] ‘Managing Information Technology Security in the Context of Cyber

Crime Trends’ was proposed as a result of analysing previous cybercrime practices, since

newer risks are emerging everyday it is time to change the practices. It mainly focuses on

designing effective security systems that will prevent intrusions, thus aiding in managing and

securing the organization’s network services. Moreover this paper focuses on the core risk

areas to which an organization is vulnerable and from which an analysis model is made

which gathers the input data, evaluates them and finally provides a valid solution to the same.

Problem formulation:


This paper highlights the significance of planning viable security procedures and

proactively tending to cybercrime issues as key components and to expand awareness efforts

and to highlight the critical significance of utilizing the full degree of resources provided.

Solution:

Entities are in charge of actualizing and keeping up a coordinated methodology

between its representatives, operational procedure, and innovation assets executed with a

specific end goal to finish effective risk administration techniques. Assets must be dispensed

to accumulate and process digital risk analysis data, informing the outcomes and

characterizing alarms for better security controls furthermore, measures to be taken by the

operational units. Complex cyber risk analysis procedures are repeatable, unmistakably

characterized, all around recorded, also, adjusted to an association’s bigger IT hazard

administration.

This paper [5] “Securing database as a service” The heads in the traditional database

access control frameworks award clear agrees to customers for getting to database objects. In

spite of the way that they endeavoured to apply more strict approvals in late database

systems, it was difficult to grasp propelled access control ways to deal with business

databases due to execution corruptions. This paper proposes a database security structure

including a database firewall server as an enhanced database access control system which can

beneficially approve refined security ways to deal with give database with classifieds using a

data veiling framework for different conditions for instance, the date, time, SQL string,

furthermore, table fragments to database structures. A couple of studies are in no time being

directed to control access to and supervise data for database security. The strategies for

database security can be divided into two areas, access control/review frameworks and data

encryption routines. Access control/review frameworks pay exceptional personality to

enter/yield course of the database, and data encryption schedules deal with the encoded

information in the database.[6] There are bundle of breaking down technique is utilized, a

nitty gritty access control is conceivable which is in light of a reference screen model. The

proposed model controls the client's entrance inside and out what's more, henceforth

diminishing the interim taken to apply arrangements and along these lines making it secure.

Also future exploration work will be completed to give much more solid access control and

that can be connected to all databases independent of the kind.


Problem formulation

As indicated by paper [1], Present studies which use access control schedules, nitty

gritty furthermore, distinctive access necessities can't be suited, it is hard to change these

necessities when a customer's security necessities change every now and again. From paper

[2], Usage of the encryption module is exceptionally constraining, the reason being its

productivity is declining. From paper [3], Lately research on security structures for diverse

sizes of data social affairs focused on a couple of necessities related to data size. In any case,

it couldn't promise data mystery in databases. Likewise, in describing data groups, overhead

could happen, besides, including the methodology could in like manner bring around a

diminishing of execution viability and duplication of the methodology. Too, consolidated

organization would not be practical for diverse databases. The proposed security system uses

the confirmation procedure to keep the change of the entrance to customer information to the

database and exchanges the encoded SQL acceptance code between CAA likewise, DFS to

ensure the uprightness of the asked for SQL from the client. Besides, it lessens the

obstruction of SQL period owing to the entrance control game plan by each area and executes

the data veiling methodology for data access as showed by the assent. Thus, the

confirmations of this paper are according to the following:

Solution:

1. Security for data and reasonable data handling.

2. Intense Query and Answer execution for access control.

3. Coordinated organization for heterogeneous database approaches.

4. Point by point access control according to diverse access conditions.

5. List capable data handling. Identify whether: analytical or empirical or qualitative or

quantitative. It is empirical or quantitative. The Research is quantitative. The paper is

generally common sense based which adjusts a substantial bit of the current issues from the

past investigation and courses of action that were made, it by all plans what's more, purposes

realizes the probable game plans that are proposed here. It is test or execution based where

everything was inferred and actualized for the vital exercises, future work will likewise be

done from this paper considering their investigation.

Project title: Securing Database as a service: Issues and compromises


Project Scope:

1. Analysing threats from the researches done previously

2. Comparison and evaluation

3. Design a secured data base.

4. Expansion for further research.

Problem statement

In the present studies which use access control schedules, furthermore, distinctive

access necessities can't be suited, it is hard to change these necessities when a customer's

security necessities change every now and then. We have to have a chance of breaking down

the convention down in more detail for the solid access.

Objectives:

1. Information security of the data itself

2. The certifications of this paper are according to the accompanying:

3. Feasible request and answer for access control.

4. Joined organization of heterogeneous database methodology.

5. Point by point access control as showed by the contrasting access necessities.

6. Data taking care of which has the limit do the indexing

Current State of Research:

The paper gives a comprehensive look into Scyther as an analysis tool for verification

of security protocols. It advocates for its performance mainly due to advanced features not

available to its predecessors. The relevance for such a tool is understood by looking at the

way the internet operates. It is known that communication occurs over predefined protocols

and new protocols are developed as applications are created. Hence, the driving force for

developing a protocol is inherently dependant on the application for which it is written. To

ensure secure communications, the protocols need to have a mechanism to ensure it has

adequate security measures incorporated in it. According to the paper, Scythe helps in

verifying the security mechanisms and possible vulnerabilities in the protocol though the

execution of its algorithm.

List of open and current problems:


The existing protocol verification tools predominantly use command line interfaces to

carry out the verification and analysis. Scyther, on the other hand, provides a graphical user

interface which aids in detailed analysis with pictorial representation. With respect to other

protocol verification tools, the paper claims that Scyther outperforms the other in terms of

performance. Scyther has capabilities for multi-protocol analysis, where a protocol that

contains additional sub protocols are analysed simultaneously with the main protocol. The

paper provides a brief description of three capabilities possessed by Scyther namely,

verification of claims, automatic claims and the characterization of the protocol under

assessment. Although the paper suggests the superiority of the algorithm and mechanisms

used in Scyther, the paper is strictly applied in teaching and research scenarios and more

work is to be done on obtaining a working model to be used on real time applications for

threat detection and mitigation.

Objectives of the Project

This section is very specific to your project. It is where you now undertake detailed

and further research on the theory surrounding your project and also proper and focused

research on what to do and how to do it. You may even propose a theory of your own here.

The objectives of the project are analysing threats from the researches done previously

Comparison and evaluation, to design a secure database that extends for further research.

Specific objectives of the project are:

1. Classification for information and powerful information handling.

2. Successful Query and Answer execution for access control.

3. Incorporated administration for heterogeneous database strategies.

4. Definite access control as indicated by differing access prerequisites.

5. Index able information handling.

PROJECT PLAN AND PRELIMINARY DESIGN


This section showcases the design of the project, documentation

that were carried out, equations made, methods followed in a block diagram.

In the above diagram the database fire wall server is placed in-

front of Database farm. The client authentication agent bypasses TCP and IP to read the data.

And hence the textual code is generated from the message. The DFS analyses the traffic

entering in to the database farm. By using the packet analyser the packets are further

examined like Ethernet frame header, TCP header, IP . The ACRP used to separate the

permissions in the database farm.so the system analyse the data and the request to the desired

database. The server can speak with customer system through two sorts of strategy; access for

outside client through system convention, for example, TCP/IP and access for inside client by

means of BEQ (Bequeath convention). Be that as it may, in this paper, we concentrate on the

TCP/IP for outside client. The checked bundle substance are examined by utilizing Ethereal

at the point when inquiries are asked. The broke down result depends on 100 example

information and in the event of answer parcels, on `SELECT' explanations which have

segment data as SQL data results.

RESEARCH METHODS TO BE USED FOR THE NEXT STAGE OF THE PROJECT

Group of Data bases

Packet analyser

Data Masker

Client&CAA

Query Analyzer Access Control Policy Repository


Compose how are you going to This section actualizes the

project’s outline in regards to the strategy followed, configuration of examination,

information gathering system, information investigation technique and so forth. Also shows

the distinct options for the investigative model outline.

In this execution for the database piece environment, `Oracle',

which is a business DBMS, is utilized, and we can get to the Oracle database by utilizing

SQL*Plus Windows 2000 and Oracle Client Release 9.x adaptation are utilized for the

customer and DFS. What's more, UNIX and Oracle9i Enterprise Edition Release 9.x are

utilized for the ACPR and item database of control, and Windows 2000 and Visual C++ 6.0

are utilized for the improvement synthesis environment. To contrast customer augments, the

Oracle server applies gets the chance to accord to the two separate cases, which gets to an

outer client utilizing TCP/IP in addition, gets to of an inside client utilizing BEQ. This

paper concentrates on TCP/IP essentially as the gets to of an outer client in databases. This

proposed structure utilizes a camouflaging system by bit unit to ensure information from

unapproved clients as appeared by the aftereffect of a solicitation in a bundle between a

customer and server. This strategy first investigates packs of a request got from the database

server and picks whether the information containing them should be hidden. In the event

that it should be concealed, it changes the first character into a `*' check and interchange

characters into a `NULL' string. This is not the same as the `data encryption' system. By

ideals of information encryption, blended information can be longer than stand-out

information as indicated by the encryption tally. This proposes that substance and length of

the

Database Security System 1203 sorted out convention is changed

in the Oracle database server. By then, the DFS ought to recover partitions to relate to the

Oracle custom. Besides, pay-load length data in the TCP header ought to be changed. Along

these lines, the proposed structure utilizes the value of framework which is all the more

extraordinary to the degree expense, and it is comparatively more real with the last target of

camouflaging information area values from unauthorized clients essentially. And the

justification is empirical.


The next stage of the project progresses every week as follows:

Week Task

1 Data collection and requirement analysis

2 Designing the database firewall server

3 Create domains, group policies and

configure servers

4 Write the coding

5 Check for coding errors/ Debug

6 Project implementation

7 Project implementation

8 Troubleshoot

9 Hardware implementation

10 Collecting results and further analysis

11 Demonstrate

12 Report writing


Gantt Chart

CONCLUSION AND LIMITATIONS

Late research on security frameworks for different sizes of information gatherings

concentrated on a few necessities identified with information size. Nonetheless, it couldn't

guarantee information secrecy in databases. Also, in characterizing information bunches,

overhead could happen, furthermore, including the strategy could likewise bring about a

lessening of execution effectiveness and duplication of the strategy. Also, incorporated

administration would not be feasible for different databases. Hence this database firewall

server was developed to address the issues by providing discretion, performance proficiency

and integrated administration for imposing security guidelines. The proposed security

framework utilizes the verification technique to keep the modification of the access to client

data to the database and trades the encrypted SQL validation code between CAA also, DFS to

guarantee the integrity of the requested SQL from the customer. Furthermore, it diminishes

the hindrance of SQL period attributable to the access control arrangement by every section

and executes the information veiling procedure for information access as indicated by the

consent. Along these, the influences of this paper are as per the following:

1. Privacy for information and viable information processing.

2. Powerful Query and Answer execution for access control.

3. Integrated administration for heterogeneous database approaches.


4. Point by point access control as per different access conditions.

5. Index able information processing.

To start with, the projected framework can safeguard the information and make a

record by utilizing a masking system simultaneously. Likewise, client can deal with an ideal

opportunity to get to databases and get the information with this information masking system.

Here we have utilized packet monitoring which provides greater access control at the packet

stage. Furthermore, every one of these procedures depend on the reference screen model.

Along these lines, we composed and actualized that this proposed framework can screen

whole access to the databases to deal with the varied databases, that may have diverse

policies, successfully and without any modification. Hence, the proposed framework can

control the client access in point of interest. The information masking module and veiling

information choice module is executed independently. Along these, it can lessen the time

deferral to allot policies including the reformed policies progressively. Besides, our

framework can shield the information from the assault brought on by unclear access on the

grounds that it can deal with all solicitations from client requests to databases via the

reference screen.

In future a standardized policy is to be developed that can be implemented in any kind of

database. When a database management demand increases, effective methods must be studied

and implemented. Further analysis are to be made for stronger access control.

REFERENCES

[1] C. H. O. Eun-Ae, Chang-Joo MOON, Dae-Ha PARK and Y. I. M. Kang-Bin, "Database

Security System for Applying Sophisticated Access Control Via Database Firewall

Server." Computing & Informatics, vol. 32, pp. 1192-1211, 12, 2013.

[2] S. ALI, R. W. ANWAR and O. K. HUSSAIN, "Cyber Security for Cyber Physical

Systems: a Trust-Based Approach," Journal of Theoretical & Applied Information

Technology, vol. 71, pp. 144-152, 01/20, 2015.

[3] F. Xia, A. Vinel, R. Gao,L. Wang and T. Qiu, “Evaluating IEEE 802.15.4 for Cyber-

Physical Systems”, EURASIP Journal on Wireless Communications and Networking, 24 Dec

2013.


[4] H. Giese, B. Rumpe, B. Schatz and J. Sztipanovits , “Science and Engineering of Cyber-

Physical Systems”, Dagsthul Reports ( 1/ 11), pp 1-22, 2011.

[5] S. Jajodia, P. Liu, V. Swarup, & C. Wang, “Cyber situational awareness” (Vol. 14). New

York, NY: Springer. 2010.

[6] D. Neghina and E. Scarlat, "Managing Information Technology Security in the Context of Cyber Crime Trends," International Journal of Computers, Communications & Control, vol. 8, pp. 97-104, 02, 2013.[7] H.LEE, G.LEE, S. M.NAM, T. Y.: “Database Encryption Technology and Current

Product Trend.” Electronics and Telecommunications Trend Analysis, Vol. 22, 2007, No. 1,

pp. 105-113.

[8] S.KIM, G.NAM, W.KIM, S. G.: “Filtering Unauthorized SQL Query by Uniting DB

Application Firewall with Web Application Firewall.” Proceedings of the Korea Institutes of

Information Security and Cryptology Conference 2003, pp. 686-690.

[9] S. PEAESON, A. BENAMEUR, “Privacy, Security and Trust Issues Arising from Cloud

Computing”, In Proceedings of 2nd IEEE International Conference on Cloud Computing

Technology and Science, Nov. 30 2010-Dec. 3 2010 , pp. 693-702.

[10] JEONG, M.A.KIM, J.J.WON, Y. G.: “A Flexible Database Security System Using

Multiple Access Control Policies”. LNCS No. 2736, 2003, pp. 876-885.

[11] T. Shimeall, P. Williams. (2000, June). Models of Information Security Trend Analysis

[Online].Available:http://citeseerx.ist.psu.edu/viewdoc/download?

doi=10.1.1.11.8034&rep=rep1&type=pdf

GLOSSARY AND ABBREVIATIONSTCP: Transmission Control Protocol

PDA: Personal Digital Assistance

IP: Internet Protocol

DFS: Database Firewall Server

DBMS: Data Base Management System

CPS: Cyber Physical Systems

CAA: Client Authentication Agent

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.11.8034&rep=rep1&type=pdf

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.11.8034&rep=rep1&type=pdf

Documents

MN691 Assignment 3 - Final Report 2