We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Sensitive Data Exposure Prevention using Dynamic Database Security Policy

by Jignesh Doshi, Bhushan Trivedi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 106 - Number 15
Year of Publication: 2014
Authors: Jignesh Doshi, Bhushan Trivedi
10.5120/18600-9869

Jignesh Doshi, Bhushan Trivedi . Sensitive Data Exposure Prevention using Dynamic Database Security Policy. International Journal of Computer Applications. 106, 15 ( November 2014), 38-42. DOI=10.5120/18600-9869

@article{ 10.5120/18600-9869,
author = { Jignesh Doshi, Bhushan Trivedi },
title = { Sensitive Data Exposure Prevention using Dynamic Database Security Policy },
journal = { International Journal of Computer Applications },
issue_date = { November 2014 },
volume = { 106 },
number = { 15 },
month = { November },
year = { 2014 },
issn = { 0975-8887 },
pages = { 38-42 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume106/number15/18600-9869/ },
doi = { 10.5120/18600-9869 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:39:31.374015+05:30
%A Jignesh Doshi
%A Bhushan Trivedi
%T Sensitive Data Exposure Prevention using Dynamic Database Security Policy
%J International Journal of Computer Applications
%@ 0975-8887
%V 106
%N 15
%P 38-42
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Today, the internet has become a 4th necessity for human after air, water and food. The internet is widely used for business. Now-a-days, billions of transactions are done online with the use of different applications. In today's world threats to security is becoming more and more sensitive issue, lots of attacks have taken place in recent years. It is observed that there are many leakages in the security of web applications. Five attacks out of top ten attacks are done using Structured Query Language (SQL). Database attacks mostly affect on Data Theft, Data manipulation and by Pass user authentication. Our study focus is to prevent sensitive data exposure. The authors have proposed dynamic database security policy to prevent sensitive data exposure using Oracle database

References
  1. OWASP: https://www. owasp. org /index. php/ Top_10_2013-A1-Injection: accessed 31st May 2014
  2. Internet hosting statistics : http:/ /www. netcraft. com/internet-data-mining: accessed 31st May 2014
  3. Common Weakness Enumeration: http:// cwe. mitre. org/data/definitions/89. html : accessed 3rd June 2013
  4. Internet users : http://www. internetlivestats. com /internet-users: accessed 14th June 2014
  5. Nina Godbole, "Information Systems Security: Security Manaement, Metrics, Frameworks and Best Practices", Wiley India Pvt. Ltd, First Edition 2009
  6. Vulnerability Analysis: http://www. cert. org/vulnerability-analysis/publications/index. cfm:, accessed 14th June 2014
  7. http://www. symantec. com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018 . en-us. pdf
  8. Nina Godbole and Sunit Belapure, "Cyber Security: Understanding Cyber Crimes, Computer Forensic and Legal Perspective", Wiley India Pvt. Ltd, First Edition 2011
  9. Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 1: SQL Injection. " Page 3-27. McGraw-Hill. 2010
  10. Rahul Johri and Pankaj Sharma " A Survey on Web Application Vulnerabilities(SQLIA and XSS) Exploitation and Security Engine for SQL Injection", IEEE 2012
  11. Diallo Abdoulaye and Al-Sakib Khan Pathan, " A Survey on SQL Injection: Vulnerabilities, attacks AND Prevention Techniques", IEEE 15th International Symposiam on Consumer Electronics, 2011
  12. Ramya Dharam and Sajjan G Shiva, "A framework for development of Runtime Monitors", 2012 International Conference on Computer & Information Science ( ICCIS), 2012, IEEE, 978-1-4673-1938-612
  13. Jun Ziang Pinn and A. Fr. Zung:A NEW WATERMARKING TECHNIQUE FOR SECURE DATABASE, International Journal of Computer Engineering & Applications, Vol. I, No. I
  14. Dr. Anwar Pasha Abdul Gafoor Deshmukh, Dr. Riyazuddin Qureshi: Transparent Data Encryption- Solution for Security of Database Contents, International Journal of Advanced Computer Science and Applications, Vol. 2, No. 3, March 2011, page 25
  15. Samba Sesay, Zongkai Yang, Jingwen Chen, Du Xu, "A Secure Database Encryption Scheme", Second IEEE Consumer Communications and Networking Conference (CCNC), 3-6 Jan. 2005, pp. 49- 53
  16. Lianzhong Liu and Jingfen Gai, "A New Lightweight Database Encryption Scheme Transparent to Applications", 6th IEEE International Conference on Industrial Informatics, 13-16 July 2008, pp. 135-140.
  17. Hasan Kadhem, Toshiyuki Amagasa, Hiroyuki Kitagawa, "A Novel Framework for Database Security based on Mixed Cryptography", Fourth International Conference on Internet and Web Applications and Services, 24-28 May 2009, pp. 163-170
  18. M. Naseem, Ibrahim M. Hussain, M. Kamran Khan, Aisha Ajmal, "An Optimum Modified Bit Plane Splicing LSB Algorithm for Secret Data Hiding", International Journal of Computer Applications, Vol. 29, No. 12, 2011. Foundation of Computer Science, New York, USA, pp. 36-43
  19. Wen-Chung Kuo, Dong-Jin Jiang, Yu-Chih Huang, "A Reversible Data Hiding Scheme Based on Block Division", Congress on Image and Signal Processing, Vol. 1, 27-30 May 2008, pp. 365-369
  20. S Rizvi, A Mendelzon, S Sudarshan, Prasan Roy, "Extending query rewriting techniques for fine-grained access control", Proceedings of the ACM SIGMOD international conference on Management of data, 2004, pp. 551–562.
  21. Q Wang, T Yu, N Li, J Lobo, E Bertino, "On the Correctness Criteria of Fine Grained Access Control in Relational Databases", Proceedings of the 33rd international conference on Very large data bases, 2007, pp. 555-566.
  22. S Chaudhuri, T Dutta, S. Sudarshan, "Fine Grained Authorization Through Predicated Grants", IEEE 23rd International Conference on Data Engineering, 15-20 April 2007, pp. 1174-1183.
  23. Hong Zhu and Kevin Lü, "Fine-Grained Access Control for Database Management Systems", Data Management. Data, Data Everywhere, vol. 4587, 2007, pp. 215-223
  24. Zheng Zhang and Alberto O. Mendelzon, "Authorization Views and Conditional Query Containment", International Conference on Database Theory, vol. 3363, 2005, pp. 259-273
  25. Internet and social network penetration worldwide: http://wearesocial. net/tag/stats/ visited on 25th July 2014.
  26. DBMS_RLS :docs. oracle. com: visited on 25th July 2014
Index Terms

Computer Science
Information Sciences

Keywords

SQL SQL Injection Database theft Sensitive Data exposure Security policy

Powered by PhDFocusTM