Thesis Work on DATABASE SECURITY Guided by:- Presented By:- Prof. Debabrata Kar Sk.Galib Hussain Qayam Presentation 1
Jun 29, 2015
Thesis Work on
DATABASE SECURITY
Guided by:- Presented By:-Prof. Debabrata Kar Sk.Galib Hussain Qayam
Presentation 1
What is Database Security?
Database Security
1. Sql Injection.
2. Anomalies Detection.
3. Inference Detection.
What is Sql Injection?
Client supplied data passed to an application without appropriate validation.
Processed as commands by the database.
Types Of Sql Injection
(a) Piggy-backed Queries (b) Tautologies (c) Alternate Encodings (d) Inference (e) Illegal/Logically Incorrect Queries (f) Union Query (g) Stored Procedures
Piggy-backed Queries
Tautologies
• Inject code in one or more conditional statements so that they always evaluate to true
SELECT accountsFROM usersWHERE login = ‘’ or 1=1 --’ AND pass = ‘’
AND pin =
What are Anomalies Detection?
• Anomaly is a pattern in the data that does not conform to the expected behavior
• Also referred to as outliers, exceptions, peculiarities, surprise, etc.
• Anomalies translate to significant (often critical) real life entities– Cyber intrusions– Credit card fraud
Simple Example
• N1 and N2 are regions of normal behavior
• Points o1 and o2 are anomalies
• Points in region O3 are anomalies
X
Y
N1
N2
o1
o2
O3
Real World Anomalies
• Credit Card Fraud– An abnormally high purchase
made on a credit card
• Cyber Intrusions– A web server involved in ftp
traffic
DB-Inferences
Definition
Inference problem
Examples
Definition
• Inferring prohibited information from results of queries is known as the inference problem
• Inference problem uses an inference channel• Goal of inference problem is to detect and remove
inference channels• Inference channel in a database provides a facility to
infer data with a higher classification from a data with a lower classification
Flight ID Cargo Hold Contents Classification
1254 A Boots Unclassified
1254 B Guns Unclassified
1254 C Atomic bomb
Top Secret
1254 D Butter Unclassified
Flight ID Cargo Hold Contents Classification
1254 A Boots Unclassified
1254 B Guns Unclassified
1254 D Butter Unclassified
Questions?Questions?
Thank You
References
http://en.wikipedia.org/wiki/SQL_injectionhttp://www.authorstream.com/Presentation/Barbara-11743-Advanced-SQL-Injection-Product -Training-Manuals-ppt-powerpoint/