Auditing SQL Queries

Motwani, Rajeev; Nabar, Shubha U.; Thomas, Dilys

doi:10.1109/icde.2008.4497437

Cited by 36 publications

(27 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Two fundamentally different approaches have been adopted. One is data instance-independent including the notion of perfect privacy [19,16] and slightly weaker alternatives such as weak syntactic suspiciousness [20]. The other is instance-dependent [1,14], where a query is said to access a sensitive record if deleting the record changes its result.…”

Section: Auditing Semanticsmentioning

confidence: 99%

On scaling up sensitive data auditing

Kaushik

Ramamurthy

2013

Proc. VLDB Endow.

View full text Add to dashboard Cite

This paper studies the following problem: given (1) a query and (2) a set of sensitive records, find the subset of records "accessed" by the query. The notion of a query accessing a single record is adopted from prior work. There are several scenarios where the number of sensitive records is large (in the millions.) The novel challenge addressed in this work is to develop a general-purpose solution for complex SQL that scales in the number of sensitive records. We propose efficient techniques that improves upon straightforward alternatives by orders of magnitude. Our empirical evaluation over the TPC-H benchmark data illustrates the benefits of our techniques.

show abstract

Section: Auditing Semanticsmentioning

confidence: 99%

On scaling up sensitive data auditing

Kaushik

Ramamurthy

2013

Proc. VLDB Endow.

View full text Add to dashboard Cite

show abstract

“…[2] builds a practical system for detecting "suspicious" select-project-join queries, however the privacy guarantees of their definition of suspiciousness are not made explicit. [17] suggests other notions of suspiciousness that lie in between those of [16] and [2] both in terms of their disclosure detection guarantees and the ease of auditing under them.…”

Section: Readingmentioning

confidence: 99%

A Survey of Query Auditing Techniques for Data Privacy

Nabar

Kenthapadi

Mishra

et al. 2008

Privacy-Preserving Data Mining

Self Cite

View full text Add to dashboard Cite

“…For example, although it does not present itself as a DIDS, the work in [20] describes a method for auditing SQL queries to measure their suspiciousness from a privacy and confidentiality perspective that may be useful for intrusion detection purposes. A generic survey on how data mining techniques can be applied to intrusion detection is shown in [23], and an extensive survey on SQL injection is given in [14].…”

Section: Intrusion Response and Preventionmentioning

confidence: 99%

Approaches and Challenges in Database Intrusion Detection

2014

View full text Add to dashboard Cite

Databases often support enterprise business and store its secrets. This means that securing them from data damage and information leakage is critical. In order to deal with intrusions against database systems, Database Intrusion Detection Systems (DIDS) are frequently used. This paper presents a survey on the main database intrusion detection techniques currently available and discusses the issues concerning their application at the database server layer. The identified weak spots show that most DIDS inadequately deal with many characteristics of specific database systems, such as ad hoc workloads and alert management issues in data warehousing environments, for example. Based on this analysis, research challenges are presented, and requirements and guidelines for the design of new or improved DIDS are proposed. The main finding is that the development and benchmarking of specifically tailored DIDS for the context in which they operate is a relevant issue, and remains a challenge. We trust this work provides a strong incentive to open the discussion between both the security and database research communities.

show abstract

Auditing SQL Queries

Cited by 36 publications

References 10 publications

On scaling up sensitive data auditing

On scaling up sensitive data auditing

A Survey of Query Auditing Techniques for Data Privacy

Approaches and Challenges in Database Intrusion Detection

Contact Info

Product

Resources

About