Future Forecast

Introduction

With rapid grown of web sites, database is becoming more and more important to organizations and companies, since web provides a cheap, convenient, and fast way to publishing, transferring and accessing data. As we know, database is an important resource currently. Today users of database are spread to any filed, such as business, education, medical, and industry. However, this wide use of database has also provided new threats to those organizations and companies, it was because hacker is developing techniques to steal data form the web server. Therefore to any organizations and companies, it is really important to control the accessed level for different level users.

Background and Current State

Basically, database security is divided into physical database integrity, logical database integrity, element integrity, auditability, access control, user authentication, and availability.

The purpose of physical database integrity is that the data of a database immune to physical problem;
Logical database integrity ensures that change one section of the database but do not affect other unrelated section;
Element integrity is enable that a database contained accurate date in each element;
Auditability is to be able to track who has accessed or modified data in a database;
Access control is to control different users to enter different level of a database;
User authentication controls a barrier that must be passed before the user can access the database. Such as a log in page, the user must input his/her log in username and password and the username and password must match the registered data in the database, then the user can access particulate web site. Otherwise, the user access will be denied.
Availability is meaning that users can access a database in general.

In order to avoiding the attack, many organizations and companies usually used multi-layered protection for their web site and database. Basically, most of organizations and companies adopted firewalls and Intrusion Detection Systems to protect their database. However, firewalls and Intrusion Detection Systems are still not useful for protecting against the attack techniques used by hacker. For firewalls, they cannot provide the well protection against attack. Since in order to system function, ports in firewall must be open, it also let the hacker to get in the web database. For Intrusion Detection Systems, they also can not provide enough protection for web database. Because Intrusion Detection Systems can only detect, but cannot provide real time prevention of the attack.

Currently most of famous database software companies also develop their database products in Security. Not only did Oracle Corp. provide general security methods to protect their user, but also Oracle provides a new technique called Oracle Label Security for Oracle 8I and 9I. This technique let the IT manager the ability to control who can read and write the special information. MySQL Company also developed a new version to enhance the database security. Microsoft Company also did a lot of research in database security. For database access, famous database software, Microsoft has integrated IIS security. Although Microsoft used a strong encryption technique in Access, the hacker still can attack it by using physically access.

Future Forecast

Obviously, database security will continue to be an important filed. The future research in database security will include several filed.

Program security protects the database executables. It means that not allow any program other than the designer to modify the executable;
Data security is restricted to access the data in a database;
Registry security is to make sure the correct read or write access for database, since some databases rely on setting story in the system registration;
User security is to enhance the permission of the users which level can access;
Develop intrusion detection systems and let them protect database at real time.

Reference:

Is Database security an Oxymoron? By Mary chipman http://e-commerceadvisor.com/doc/11530

MySQl Releases Database Upgrade with Major Security, Stability Enhancements http://mysql.azc.uam.mx/press/release_2002_17.html

Oracle, IBM zero in on database security By Sonia R. Lelii http://www.zdnet.com.au/newstech/news/story