Database security issues - Research Paper Example

The paper analyzes security issues concerning both web based and traditional databases. Database inference is a security issue that multi level databases are prone to. Inference can be defined as the process in which a user can infer restricted information from results of queries. Typically, inference occurs when a user at a lower security level is able to put together trivial information accessible at that level to deduce a fact that requires a higher security clearance to access. To be able to access the higher security level information, a user may exploit correlated data.

If for instance a user can access the values of H and K, then for a case whereby Z=H*K, the user can correctly infer the value Z even without security clearance. Another inference channel is missing data. When a user receives null values when querying certain fields, the restricted information can be inferred. A practical example is when a user cannot slot in a booking and yet the space is not yet reserved. Through cross-referencing, it can be known that some record is already stored in the given field.

Another aspect of the inference problem is caused by value constraints. For example if attribute Y is not classified and X is secret with the constraint X+Y>100, the value of X can be inferred through a query. A technique to remedy the inference problem is through polyinstantiation. This is a relationship whereby elements of a given attribute are associated but have multiple independent instances of instantiation. This may end up creating a new problem of double records in the long run. According to Natan (2003), “the entries may result in major problems if the database is for mission critical systems like airliners.

” The other security issue is SQL Injection. This refers to a scenario whereby unauthorized MySQL statement is run on a database. This technique takes advantage of un-validated user input vulnerability to pass commands from a web