This paper discusses how authorized users use various techniques to secure data schemes for getting privileged access and keeping database system security. However, there are different threats to databases such as SQL inject attack that would have caused loss of integrity, availability, and confidentiality. Therefore, firstly we introduce different control measures and then discuss mechanisms for granting and revoking privileges in the relational database system. In the paper, we specify security mechanisms including discretionary access control, mandatory access control, role-based access control, and XML access control. Furthermore, we offer specific preventive measures to a major threat, which is SQL injection in the database. Even for statistical databases, there are security problems, so it is important to pay attention to flow control and covert channels. To keep data encrypted, we summarize encryption and symmetric key and asymmetric key infrastructure schemes and discuss digital certificates as well. On the other hand, we use privacy-preserving techniques to limit perform large-scale data mining and analysis. To maintain database security, we research current challenges and discuss Oracle label-based security.
Cite this paper
Pan, X. , Obahiaghon, A. , Makar, B. , Wilson, S. and Beard, C. (2024). Analysis of Database Security. Open Access Library Journal, 11, e1366. doi: http://dx.doi.org/10.4236/oalib.1111366.
Wang, H. (2012) Security and Privacy for Database Systems. Proceedings of the Twenty-Third Australasian Database Conference (ADC 2012), Melbourne, 31 January-3 February 2012, 5-6. https://dl.acm.org/doi/10.5555/2483739.2483741
Thuraisingham, B. (2007) Security and Privacy for Multimedia Database Management Systems. Multimedia Tools and Applications, 33, 13-29. <br/>https://doi.org/10.1007/s11042-006-0096-1
William, G.J. Halfond, J.V. and Alessandro, O. (2006) A Classification of SQL Injection Attacks and Countermeasures. <br/>https://faculty.cc.gatech.edu/~orso/papers/halfond.viegas.orso.ISSSE06.pdf
Denning, D.E. and Denning, P.J. (1979) The Tracker: A Threat to Statistical Database Security. ACM Transactions on Database Systems, 4, 76-96. <br/>https://doi.org/10.1145/320064.320069
Elmasri, R. and Navathe, S. (2011) Database Security-Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing, 2, 1-19.
Rivest, R.L., Shamir, A. and Adleman, L. (1978) A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21, 120-126. <br/>https://doi.org/10.1145/359340.359342
He, J. and Wang, M. (2001) Cryptography and Relational Database Management Systems. Proceedings 2001 International Database Engineering and Applications Symposium, Washington DC, 16-18 July 2001, 273-284. <br/>https://dl.acm.org/doi/10.5555/646290.687060
