Database security project-presentation-1-v1

1,229 views
1,093 views

Published on

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,229
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Database security project-presentation-1-v1

  1. 1. Presentation 1Thesis Work onDATABASE SECURITYGuided by:- Presented By:-Prof. Debabrata Kar Sk.Galib Hussain Qayam
  2. 2. What is Database Security?
  3. 3. Database Security1. Sql Injection.2. Anomalies Detection.3. Inference Detection.
  4. 4. What is Sql Injection? Client supplied data passed to an application withoutappropriate validation. Processed as commands by the database.
  5. 5. Types Of Sql Injection(a) Piggy-backed Queries(b) Tautologies(c) Alternate Encodings(d) Inference(e) Illegal/Logically Incorrect Queries(f) Union Query(g) Stored Procedures
  6. 6. Piggy-backed Queries
  7. 7. Tautologies• Inject code in one or more conditional statements so that they always evaluate to true SELECT accounts FROM users WHERE login = ‘’ or 1=1 --’ AND pass = ‘’ AND pin =
  8. 8. What are Anomalies Detection?• Anomaly is a pattern in the data that does not conform to the expected behavior• Also referred to as outliers, exceptions, peculiarities, surprise, etc.• Anomalies translate to significant (often critical) real life entities – Cyber intrusions – Credit card fraud
  9. 9. Simple Example Y• N1 and N2 are N1 o1 regions of normal O3 behavior• Points o1 and o2 are anomalies o2• Points in region O3 N2 are anomalies X
  10. 10. Real World Anomalies• Credit Card Fraud – An abnormally high purchase made on a credit card• Cyber Intrusions – A web server involved in ftp traffic
  11. 11. DB-Inferences Definition Inference problem Examples
  12. 12. Definition• Inferring prohibited information from results of queries is known as the inference problem• Inference problem uses an inference channel• Goal of inference problem is to detect and remove inference channels• Inference channel in a database provides a facility to infer data with a higher classification from a data with a lower classification
  13. 13. Flight ID Cargo Hold Contents Classification1254 A Boots Unclassified1254 B Guns Unclassified1254 C Atomic Top Secret bomb1254 D Butter Unclassified
  14. 14. Flight ID Cargo Hold Contents Classification1254 A Boots Unclassified1254 B Guns Unclassified1254 D Butter Unclassified
  15. 15. Questions?
  16. 16. Thank You
  17. 17. Referenceshttp://en.wikipedia.org/wiki/SQL_injectionhttp://www.authorstream.com/Presentation/Barbara-11743-Advanced-SQL-Injection-Product-Training-Manuals-ppt-powerpoint/

×