An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs

Fadolalkarim, Daren; Bertino, Elisa; Sallam, Asmaa

doi:10.1109/icde48307.2020.00030

Cited by 13 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Fadolalkarim et al [Fadolalkarim et al 2020] apresentam o AD-PROM, um sistema de detecc ¸ão de anomalias que visa proteger bancos de dados relacionais contra agentes maliciosos. O AD-PROM rastreia as chamadas de sistema executadas pelos programas em execuc ¸ão no sistema computacional que hospeda o banco de dados a ser protegido.…”

Section: Trabalhos Relacionadosunclassified

Detecção de Ameaças de Injeção de SQL em Serviços de Computação Urbana

Souza¹,

Ribeiro²,

Gomes³

2023

Anais Do VII Workshop De Computação Urbana (CoUrb 2023)

View full text Add to dashboard Cite

Devido ao expressivo volume de dados heterogêneos gerados pelos espaços urbanos, bem como aos avanços da tecnologia da informação, diversos Serviços de Computação Urbana têm ganhado visibilidade. Estes serviços utilizam bancos de dados relacionais para armazenamento dos dados coletados e são suscetíveis a possíveis ameaças, dentre elas os ataques de SQL Injection (SQLi). Desta forma, se fazem necessárias soluções de segurança que possam, além de trazer eficiência na detecção, atender aos aspectos de tempo de processamento e tempo de resposta. Dentro deste contexto, este artigo apresenta uma solução para Detecção Escalável de Ameaças SQLi (DEA-SQLi) baseada em Expressões Regulares, atuando assim como um serviço de filtragem inicial para proteção contra ameaças de SQLi, a fim de atender a demandas de tempo de resposta e escalabilidade. Os resultados dos experimentos utilizando um conjunto de dados real sugerem que o DEA-SQLi possui uma eficiência adequada para a detecção de ameaças, enquanto atende aos requisitos de escalabilidade dos serviços de computação urbana.

show abstract

Section: Trabalhos Relacionadosunclassified

Detecção de Ameaças de Injeção de SQL em Serviços de Computação Urbana

Souza¹,

Ribeiro²,

Gomes³

2023

Anais Do VII Workshop De Computação Urbana (CoUrb 2023)

View full text Add to dashboard Cite

show abstract

“…Techniques have been proposed for capturing database accesses by applications [8,12]. Such techniques could be extended for capturing network transaction activities.…”

Section: Capturing Communication Requirementsmentioning

confidence: 99%

Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing

Katsis

Cicala

Thomsen

et al. 2021

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

The zero trust principle only allows authorized and authenticated actions in a computer network. A network policy satisfies the least privilege principle by minimizing the network permissions to only those needed by users and applications. However, administrators face many challenges in creating a least privilege policy since it requires a detailed understanding of the network topology and knowing the communication requirements of every network application and user. This paper addresses those challenges by introducing a graph-based policy specification framework to capture a network's communication requirements and a network compiler that turns those requirements into an enforceable policy. To offset the effort of building such a stringent policy, we incorporate patterns to spread the work of policy creation over time and people. In the paper, we first elaborate on how our framework's semantics enhances network security and resilience. We then introduce a Security Policy Regression Testing tool (SPRT), which leverages our framework's semantics, to test and reason about consistency, correctness, and relevance of network security policies. Finally, we outline relevant research directions. CCS CONCEPTS• Security and privacy → Access control; Authorization; Network security; Domain-specific security and privacy architectures.

show abstract

“…With the assistance of proxy devices and edge servers [4], these data can be outsourced to edge storage for subsequent analysis and use. However, although data outsourcing based on edge computing reduces the storage and computing overhead on the user side, it also exposes the user's sensitive data to the risk of leakage [5]. How to protect the privacy of data stored on edge servers and share data with designated data consumers (such as service and product providers, medical professionals, and educators) has become the focus of research.…”

Section: Introductionmentioning

confidence: 99%

Outsourced Mutual Private Set Intersection Protocol for Edge-Assisted IoT

Zhang

Qin

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The development of edge computing and Internet of Things technology has brought convenience to our lives, but the sensitive and private data collected are also more vulnerable to attack. Aiming at the data privacy security problem of edge-assisted Internet of Things, an outsourced mutual Private Set Intersection protocol is proposed. The protocol uses the ElGamal threshold encryption algorithm to rerandomize the encrypted elements to ensure all the set elements are calculated in the form of ciphertext. After that, the protocol maps the set elements to the corresponding hash bin under the execution of two hash functions and calculates the intersection in a bin-to-bin manner, reducing the number of comparisons of the set elements. In addition, the introduction of edge servers reduces the computational burden of participating users and achieves the fairness of the protocol. Finally, the IND-CPA security of the protocol is proved, and the performance of the protocol is compared with other relevant schemes. The evaluation results show that this protocol is superior to other related protocols in terms of lower computational overhead.

show abstract

An Anomaly Detection System for the Protection of Relational Database Systems against Data Leakage by Application Programs

Cited by 13 publications

References 24 publications

Detecção de Ameaças de Injeção de SQL em Serviços de Computação Urbana

Detecção de Ameaças de Injeção de SQL em Serviços de Computação Urbana

Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing

Outsourced Mutual Private Set Intersection Protocol for Edge-Assisted IoT

Contact Info

Product

Resources

About