Insider threat is considered as a serious issue in all organizations. Sophisticated insiders can override threat prevention tools and carry on their attacks with new techniques. One such technique which remains to be an advantage for insiders to attack a database is dependency relationship among data items. This paper investigates the ways by which an authorized insider detects dependencies in order to perform malicious write operations. The paper introduces a new term ’threshold’, which defines the constraints and limits a write operation could take. Having threshold as the key factor, the paper proposes two different attack prevention systems which involve log and dependency graphs that aid in monitoring malicious activities and ultimately secure the data items in a database. Our proposed systems continuously monitor all the data items to prevent malicious operations, but the priority is to secure the most sensitive data items first since any damage to them can hinder the functions of critical applications that use the database. By prioritizing the data items, delay of the system is reduced in addition to mitigating insider threats arising from write operations.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Mitigation of Malicious Modifications by Insiders in Databases
- Springer Berlin Heidelberg
Neuer Inhalt/© ITandMEDIA, Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung/© astrosystem | stock.adobe.com