Database Attacks

Database Attacks

Name:

Institution:

 

Database Attacks

Introduction

Data is the most vital resource in the modern corporate economy as it supports decision-making processes. In this, database systems have become important components of the knowledge based society where all production functions encompass the use of computerized mechanisms. Databases, which organize collective data, are specialized with reference to company operations and objectives. Cyber attacks that target information systems have become common in the global economy necessitating security of databases. Data stored in these technologies are determinants of corporate success and failure. Therefore, all Database Management Systems (DBMS) need to highlight capabilities of confidentiality, integrity, and availability of data. Given the dynamic natures of user requirements and technology, security is a complex and continuous process. Administrative or operational software necessitate new or modified approaches to database management. Database models such as Entity Relationship Models (ERM) need to grow with the same market speeds to ascertain application continuity. There still exists a wide scale for technique improvements in database management meant to ascertain security.

Recent Success and Present Status of Database Technologies

In order to give as detailed explanation of databases, the research makes a chronological analysis of developments in the science. The main objective of innovation in the field has been to improve the heterogeneity of databases over the last decade. Through this, data base technologies have matured gaining the capacities to support distributed applications. Therefore, modern day databases are able to meet the specific business requirements for most economic models. Below are the most recent successes in the field.

Relational to Commercial DBMS Application

Relational models were the first database prototypes develop in the year 1970 by E. F. Codd (Ferraggine, Doom & Rivero, 2009). The model developed under the subcontract of IBM database research was able to solve practical issues that revolved round management of large amounts of information. Over the next five years, the IBM research contract was able to develop the SQL (Structured Query Language) improving management of transactions and query optimizations in databases. Through SQL, technical solutions to issues concerning concurrent and multiple data users have been developed. These solutions include indexing and buffer management functions. SQL language has moved from the original SQL86 standard that lacked reverential identity domains. This was the major demerit of relational databases. Currently, databases employ SQL92 standards meaning that they have declarative integrity and domain functions (Ferraggine, Doom & Rivero, 2009). The standards increase the power of the query language equally improving security and management roles. In addition, the standards are accepted universally as the fundamentals of DBMS management making it the dominant database language.

Concurrency Technologies

These databases were innovated to address the two main concerns in transaction management that were recovery and concurrency. The objective was to ascertain that DBMS remained functional, fast and secure while getting instructions from multiple users. Concurrency technologies employ row level locking techniques that give access to committed groups according to data and process priority (Fayyoumi & Oommen, 2010). Similar to optimization, the techniques improve the rates of transaction. The 2PC (two phase commit) standard facilitates reliable data recovery in the multiple user environment (Fayyoumi & Oommen, 2010). The protocol ascertains consistency in instances of failure during updating operations in distributed systems.

Database Server Technologies

The database server technology was an innovation encouraged by the appearance of client/server computing models. The technology has more advanced features that support distributed systems when compared to relational DBMS. These features include database triggers, stored procedures and remote procedure calls (RPCs) (Ferraggine, Doom & Rivero, 2009). In this, database technologies have more integrity and database securities. In addition, most databases contain replication capabilities that support both asynchronous and synchronous operations. Advanced server databases are modeled in ways that allow functionality in open system environments such as APIs (Application Programming Interfaces).

Attacks on Database Technologies

Inference

The type of attack is one that derives sensitive information from non-sensitive data in database systems. It is a form of direct attack where the query manipulated is specific representing exactly one item in the records (Vacca, 2013). The hacker can derive sensitive information by manipulating statistical values used commonly in reports. Count is used alongside sum calculation to convert data into sensitive file information. Results are obtained in the form of aggregate functions, thus the attacker employs means and medians to derive the important information. Another form of inference is known as tracker attacks where sensitive data is derived from the use of additional queries that provide data that is not accounted for in the databases (Vacca, 2013). Two divergent queries are introduced in order to cancel each other out leaving useful information behind.

Passive Attacks

These are indirect intrusions on the DBMS where there is no actual physical manipulation of the system. The attacker only observes the files from remote locations. Passive attacks are carried out through static, linkage and dynamic leakages (Vacca, 2013). Static leakages are intrusions where data are observed trough file snapshots. Linkage leakages involve derivation of information from plain text values that were observed from connected data tables. Dynamic leakages involve observation of database changes in order to derive information from plain text values through reverse engineering.

Active Attacks

These are direct entailing actual physical modification of the database systems. Also carried out in three ways, active attacks bring greater information risks to corporate firms. In spoof attacks, cipher text values are removed and replaced by generated values. In splicing, cipher text values replace other cipher text values. In replay attacks, cipher text values are replaced by older versions of the text values (Vacca, 2013). Direct intrusions do not require use of linkages or statistical calculations to covert data into sensitive information.

SQL Infection Attacks

These type of attacks target web applications that employ SQL queries without appropriate input validation functions. These are broad intrusion avenues given that most databases in the modern market act as backups for most web based applications. Attackers introduce malicious queries on server applications thus manipulating the entire DBMS (Palvia & Zigli, 2012). These are extremely dangerous attacks carried out through bypassing web authentications, database fingerprints, union query injections, and remote executions of stored procedure calls.

Future Trends in Database Technologies

Given modern emphasis on system integration, database technologies are more likely to lean on object oriented features in order to facilitate accommodation of more complex objects, unstructured information while simultaneously allowing mobile support. Under this managerial perspective, future databases will have to accommodate high volume data, complex objects, and mobility functions.

Complex Object Databases

Computer Aided Design applications are forcing database developers to reform their principles in order to derive novel solutions that accommodate unstructured data and complex objects. CAD designs entail long duration and complicated transactions. Moreover, these applications connect several multiple users necessitating cooperation. These requirements rely on transaction rollbacks and locking to solve user conflicts when it comes to file access (Mullins, 2012). Object oriented technology in the past has been successful in the development of unstructured applications, yet its impact on databases is yet to be felt. This puts future focus of DBMS on object-oriented programming.

High Volume Databases

These databases are rising in demand given modern electronic commerce practices by multinational businesses. E-Commerce transactions entail large volumes of data per minute. The traditional relational storage architecture is limited in terms of processing speed and space. Business firms require the databases to not only capture speed and space, but also perform or accommodate extra functions such as ad-hoc analysis in determination of consumer patterns in retail chains (Mullins, 2012).

No SQL Databases

These types of databases are on demand because of big user, big data, and cloud computing technologies (Mullins, 2012). Social media companies have already developed and embraced the No SQL databases because of the number of users that interact with their platforms. An example of these firms is Twitter. The major benefit of the No SQL trend is that the database architecture easily runs with other user applications using little memory space. In addition, the databases can easily be increased in size through addition of whole batches (Mullins, 2012).

Sample Companies in the Database Sector

Microsoft Company

Using profitability statistics, Microsoft Company is in the top three biggest database software retailers because of its SQL Server. Given the popularity of the Microsoft operating system, most computer systems that use Microsoft Server run using the SQL Server program. The database software is an easy decision for most organizations given its ease of integration with the Microsoft operating system. At the present, the company is promoting its 2016 SQL Server platform that allows management of cloud and on-premises databases. This combination of complex and high volume databases in the platform facilitates business intelligence and security across online transaction processes (Vacca, 2013).

Oracle

This is the only technology company in the international market that begun primarily as a database developer. Founded in the year 1979, the company developed the first relational database management system (RDBMS) that was commercially available. The company is mostly associated with enterprise database systems and secures data delivery technologies that have, for years, put it within the Fortune 500 companies. The company is currently releasing its Oracle 12c RDBMS software for cloud computing technologies. The software that has a multitenant architecture captures the high volume trend in databases while equally facilitating complex transaction in its in-memory information processing capacities (Vacca, 2013).

Stratasoft Incorporation

The company was established in 1995 and pioneers innovative development of contact center databases. Stratasoft has a diverse and comprehensive portfolio when it comes to predictive dialing algorithms and contact center management systems. The file systems are fully open using GPL and LGPL languages. What sets the firm apart from other database companies is its emphasis in developing file software without using MySQL language. Therefore, most organizations that integrate the Stratasoft products run their networks using Linux operating systems. The StratasoftIVR, the latest database platform allows the manager to increase user utilization through its query optimizer (Vacca, 2013). This allows contact centers to have an improved service level and noticeable edge in terms of campaign productivity.

TeraData

Founded in the late 1970s, the company was the first developer of data warehouses. The company developed the first database that attained terabyte size in 1992 and sold it to Wal-Mart. Since then, data warehousing has been associated with the company. The VLDB, Very Large Database System by TeraData facilitates big data analytics, Internet of Things (IoT), and business intelligence for the management of novel enterprise trends specifically in the international market (Vacca, 2013).

Regulatory Issues in Database Management

Information Technology organizations that support their operations through database management are expected to conform to the Sarbanes Oxley Act (SOX). The legal statute necessitates that all public held organizations analyze and document on the efficacy of their in-house protocols and internal controls (Gatuba, 2014). Financial reporting should be both internal and integrate independent auditors. Therefore, regulatory requirements in the need to retain, protect, and analyze data in major companies is a common process that varies in a number of ways with respect to an organization’s operations and architecture. Regulatory conformance is comprehensive as it entails both jurisdictional and industrial variables. Despite the complexity, compliance requirements are supposed to meet two issues that are protection of customer information and data supply to government authorities (Gatuba, 2014). From a developer or managerial viewpoint, regulatory conformance boils down to information security and geographical (physical) approval for replication and clustering processes. Information security entails encryption, masking, access control, auditing amongst many other protection protocols. Positioning databases in approved locations is a major factor in multi-data processing, latency and disaster recovery (Gatuba, 2014).

Regulatory issues are meant to ascertain practice standardization in terms of corporate governance, auditing and financial reporting. Government authorities through data supplied by organizations can eradicate discrimination acts in labor and financial services. In addition, authorities ascertain work place safety and environment friendliness in brick and mortar industries. Third party entities such as insurance and utility firms use the public information to structure and regulate product and service pricing (Lu & Feng, 2008). Moreover, financial risk evaluation is simplified for third party entities facilitating customer ranking. Firms also benefit from regulatory conformance because data archives facilitate cost effectiveness. Regulatory compliance affects upper level management in large and medium organizations. C level executive need not only be aware of regulations, but also be able to prove that company data meets the requirements. Regulatory compliance necessitates collaborative participation between legal departments, IT and business consumers (Lu & Feng, 2008). This is a challenging act given communication, economic, technical, and human constraints. To ascertain compliance, organizations map business data with respect to regulations. Data mapping, control and policy establishment necessitate balance between organization and consumer privacy (Lu & Feng, 2008).

Global Implications of Database Management

Ethical Implications

Unethical and illegal behavior in information systems management has been a concern for decades because of its relevance in ensuring security. Attitudes towards computer usage vary between individuals, social classes, and nationalities. Despite differences, consensus is that the best method to ascertain ethical use of IT is education (Litzky, 2008). Legal and ethical training is vital in the development of prepared, informed and low risk system users, and managers. Under this argument, organizations are required to have codes of ethics that regulate professionalism and individual conduct. Codes of ethics create a positive environment where employees have good judgment on computer usage. Ethical education is one of the most effective methods of minimizing insider trading amongst other forms of internal crimes. Codes of ethics dictate that database managers need to act according to the established policies and procedures that govern employees, the organization and the immediate society (Litzky, 2008). Likewise, organizations are accountable for developing, disseminating, and enforcing the codes, policies, and controls.

Global/ Modular Serializability

Concurrency control is a major concern in grid, cloud and internet computing. This is a modern database concept found in control of distributed transaction applications. It is the requirement of having sequential flow of data access across individual databases that interact within the same multi-operational environment (Palvia & Zigli, 2012). Modular serializability is a global schedule that connects the timeframes of several individual databases in a federated database environment. Given the emergence and importance of the internet, multiple accesses to databases are vital for effective production. Compliance to global serializability requires that components of a database together with their schedules and properties be serializable (Palvia & Zigli, 2012). Under this, database management is more effective under loosely defined federated systems. Companies have the option to serialize part or all of their database components depending on the nature of their communication network. The objective of the implication is to ascertain data multi access under environments characterized by heterogeneity, modularity, autonomy, and scalability.

Conclusion

Despite database technologies highlighting positive patterns of innovation over the years, there is still need for further developments given the dynamic natures of consumer markets. One area of extreme importance under the scope is security. The emergence of the internet has increased the speed of growth for information technologies including databases. Proportional to the rates of growth are the employed ingenious ways to attack information systems resulting in consumer and organizational risks. Total protection of data is unattainable, but effective security minimizes risks to manageable levels. Effective file security demands the participation of employees, upper level management, entire organization, third party service providers, and government authorities. Entity cooperation has the objective of ascertaining DBMS highlight confidentiality, integrity and availability as core attributes.

 

 

References

Fayyoumi, E., & Oommen, B. J. (2010). A Survey on Statistical Disclosure Control and Micro-Aggregation Techniques for Secure Statistical Databases. Software: Practice and Experience, 40, 12, 1161-1188.

Ferraggine, V. E., Doorn, J. H., & Rivero, L. C. (2009). Handbook of Research on Innovations in Database Technologies and Applications: Current and Future Trends. Hershey, Pa: Information Science Reference.

Gatuba, E. (2014). Impact of External Security Measures on Data Access Implementation with Online Database Management System. Information Technology: Coding and Computing. 1. 243-248

Litzky, B. E. (2008). Ethical Issues in Information Technology: Does Education Make a Difference. International Journal of Information and Communication Technology Education, 4, 2, 67-83.

Lu, H., & Feng, L. (2008). Integrating Database and World Wide Web Technologies. World Wide Web, 1, 2, 73-86.

Mullins, Craig. (2012). Regulatory Compliance and Database Administration. Database Trends and Applications. Retrieved From < http://www.dbta.com/Editorial/Think-About-It/Regulatory-Compliance-and-Database-Administration-84231.aspx>

Palvia, S., & Zigli, R. (2012). The Global Issues of Information Technology Management. Harrisburg, Pa: Idea Group Pub.

Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.