Database security project-presentation-1-v1

Thesis Work on

DATABASE SECURITY

Guided by:- Presented By:-Prof. Debabrata Kar Sk.Galib Hussain Qayam

Presentation 1

What is Database Security?

Database Security

1. Sql Injection.

2. Anomalies Detection.

3. Inference Detection.

What is Sql Injection?

Client supplied data passed to an application without appropriate validation.

Processed as commands by the database.

Types Of Sql Injection

(a) Piggy-backed Queries (b) Tautologies (c) Alternate Encodings (d) Inference (e) Illegal/Logically Incorrect Queries (f) Union Query (g) Stored Procedures

Piggy-backed Queries

Tautologies

• Inject code in one or more conditional statements so that they always evaluate to true

SELECT accountsFROM usersWHERE login = ‘’ or 1=1 --’ AND pass = ‘’

AND pin =

What are Anomalies Detection?

• Anomaly is a pattern in the data that does not conform to the expected behavior

• Also referred to as outliers, exceptions, peculiarities, surprise, etc.

• Anomalies translate to significant (often critical) real life entities– Cyber intrusions– Credit card fraud

Simple Example

• N1 and N2 are regions of normal behavior

• Points o1 and o2 are anomalies

• Points in region O3 are anomalies

X

Y

N1

N2

o1

o2

O3

Real World Anomalies

• Credit Card Fraud– An abnormally high purchase

made on a credit card

• Cyber Intrusions– A web server involved in ftp

traffic

DB-Inferences

Definition

Inference problem

Examples

Definition

• Inferring prohibited information from results of queries is known as the inference problem

• Inference problem uses an inference channel• Goal of inference problem is to detect and remove

inference channels• Inference channel in a database provides a facility to

infer data with a higher classification from a data with a lower classification

Flight ID Cargo Hold Contents Classification

1254 A Boots Unclassified

1254 B Guns Unclassified

1254 C Atomic bomb

Top Secret

1254 D Butter Unclassified

Flight ID Cargo Hold Contents Classification

1254 A Boots Unclassified

1254 B Guns Unclassified

1254 D Butter Unclassified

Questions?Questions?

Thank You

References

http://en.wikipedia.org/wiki/SQL_injectionhttp://www.authorstream.com/Presentation/Barbara-11743-Advanced-SQL-Injection-Product -Training-Manuals-ppt-powerpoint/

Database security project-presentation-1-v1

Education

inference detection

anomalies detection

intrusions credit card

credit card cyber intrusions

database security1

o2 areanomalies o2 points

types of sql injectiona

facility toinfer data