Swapnil Salunke, profile picture
Uploaded bySwapnil Salunke
856 views

M-Score

This document proposes a new measure called M-Score to quantify the potential damage if insider data access is misused. M-Score considers factors like the sensitivity of accessed data, anonymity levels, and the insider's role and history. The document reviews related work on insider threat detection and access control. It then outlines a proposed dynamic access control system that calculates M-Scores and regulates insider access based on their individual thresholds to mitigate misuse risks. The system is designed to work in either a binary access mode or subset disclosure mode to control data exposure.

Embed presentation

M-Score: A Misuseability Weight Measure
Introduction • Database : Asset of an organization • CSW survey:26% of attacks caused by insiders.[1] • Out of total attacks 16% because of theft of sensitive data. • 15% because of exposure of confidential data. • Organization worried about misuse of data
Cont’d.. • Insiders 1)Employees 2)Business Partners 3)Service Providers • Insider use Information/Data to perform their task • Possibility of Misuse of Data
Motivation • Insider may misuse crucial information of a Firm. • Limiting access to data is not the solution. • Need to mitigate misuse of Information from Insider.
Related Work • Two approaches to detect misuse of Data. 1)Syntax Centric 2)Data Centric • Syntax Centric : Data requests are analyze to detect misuse. • Data Centric : Actual Data accessed is analyze to detect misuse.
Related Work cont’d: • “Detecting Anomalous Access Patterns in Relational Data- bases”[2]  Syntax Centric approach  Capture all SQL statements submitted by user.  Extract Features from captured SQL stmts.  Use Extracted features to detect Anomaly.
Related Work cont’d.. • “A Risk Management Approach to RBAC,” Risk and Decision Analysis[3]  Syntax centric approach  Designed Model for risk management Distributed DB systems  Measures Risk poses by user to misuse data
Related Work cont’d.. • “Data-Centric Approach to Insider Attack Detection in Database Systems”[4]  Data Centric Approach  S-vector is created for every access to DB.  S-vector : Extracted statistical information from result set.  Analyze S-vector to detect inside misuse.
Related work cont’d.. • “Insider Threat Prediction Evaluating the Probability of IT Misuse”[5]  Preventive approach  Insider Prediction tool  Evaluated Potential Threat (EPT) measure to predict inside threat.
Related Work Evaluation • Some related work in this area analyze requests by user submitted to DB to detect misuse. • Another way to do that is analyze result set access by user • Some calculate Risk of misuse from particular user in the organization.
Proposal (A)To measure(M-score ) how much damage is possible if requested data is given to user and it is misused ,in particular context . (B)Utilize M-Score to mitigate misuse of data from insiders. • Our proposed work is limited to Relational DB.
Proposal cont’d : M-score • Assign M-score : 1) Presentation Dependent(Tabular , structured , text) 2)Domain Specific • Dimensions For Misuseability 1)No of Entities 2) Anonymity level 3) Number of properties 4) Values of properties
Proposal cont’d.. M-score based Dynamic Access control System • Purpose : To regulate insider access control to sensitive data. • Data Centric approach. • Each insider given Threshold M-score • M-score of Result set calculated. • Access is granted if user’s threshold is greater or equal than Result-set score.
MDAC system cont’d.. MDAC works in two modes 1)Binary Mode 2)Subset disclosure Mode Binary Mode : Complete access to data or No access. Subset Disclosure Mode: Complete access or Subset of actual result set
Requirement Analysis Hardware/Software Requirement Processor Pentium IV and above RAM 1 GB TOOLS Netbeans IDE, Jdk 1.6 Technologies JAVA Operating System Windows xp,7 Hard disk 8 GB Database MySQL
System Design • General Architecture DATABASE Qi Qi Ri User Interface Insider( I ) Result set for Query URi URi Qi-Query Submitted by user Ri –Result Set For Qi Uri-Updated Result set for Qi MDAC Decision Block Fig 1:Genral Architecture of MDAC Calculate M-score of Ri
System Design User login to the system • Flowchart User submits query to DB Result Set(RS) for query evaluated Calculate M-score of RS YES M-score > Threshold of user M-score NO Mode? Binary Subset Disclosure Remove most Sensitive Data “Access denied” Display Result set to user Display subset of RS User logout Fig 2:Flowchart
Algorithm : M-score evaluation Input :RS (Result Set for Query q) Table. 1)Calculate Raw Record Score(RRS) for each record in the RS Table 2)Calculate Record Distinguishing Factor(RFD) 3)Calculate Final Record Score(FSD) 4)Calculate M-score of the Table Output : M-score of the table
MDAC algorithm • Input :M-score of RS Table And Threshold M-score Value of the User 1. If (M-score of Rs table >= Threshold) 2. then 3. { 4. if (Mode : Binary) 5. then 6. { 7. Display Message ”Access denied” 8. } 9. else 10. { 11. Remove Most Sensitive Data Till 12. M-score of RS Table<=Threshold 13. Show Subset Of RS(i.e. Appropriate RS) 14. } 15. } 16. Else 17. { 18. Show Result Set To the user 19. }
Data Flow Diagram Level 0 Figure 3: DFD Level 0
Data Flow Diagram : Level 1 Fig 4
Use Case Diagram
Expected Results • When M-score evaluated of result set before exposing it to the user ,we can estimate the extent of damage to firm if data is misused. • We can take appropriate steps to mitigate inside misuse
Conclusion We proposed new concept, in which we focused on degree of damage to the firm if particular information in particular context by particular insider is misused can be used to mitigate the misuse of information.
Future Work • Score Function in proposed system is strongly domain dependent. • Upgrade that score function to mitigate domain dependency. • Develop more applications of M-score to mitigate data misuse.
References [1] 2010 Cyber Security Watch Survey, http://www.cert.org/ archive/pdf/ecrimesummary10.pdf, 2012. [2]A. Kamra, E. Terzi, and E. Bertino, “Detecting Anomalous Access Patterns in Relational Data- bases,” Int’l J. Very Large Databases,vol. 17, no. 5, pp. 1063-1077, 2008. [3]E. Celikel et al., “A Risk Management Approach to RBAC,” Risk and Decision Analysis, vol. 1, no. 2, pp. 21-33, 2009. [4]S. Mathew, M. Petropoulos, H.Q. Ngo, and S. Upadhyaya, “Data-Centric Approach to Insider Attack Detection in Database Systems,” Proc. 13th Conf. Recent Advances in Intrusion Detection,2010. [5]G.B. Magklaras and S.M. Furnell, “Insider Threat Prediction Tool : Evaluating the Probability of IT Misuse,” Computers and Security , vol. 21, no. 1, pp. 62-73, 2002.

More Related Content

PDF
Lect17
bySulman Ahmed
 
PDF
A statistical data fusion technique in virtual data integration environment
byIJDKP
 
PPT
Cloud computing for agent based urban transportation system vinayss
byVinay Sirivara
 
PPTX
Final review m score
byazhar4010
 
PDF
Sub1582
byInternational Journal of Science and Research (IJSR)
 
PDF
Kg2417521755
byIJERA Editor
 
PDF
306 310
byEditor IJARCET
 
PDF
306 310
byEditor IJARCET
 
Lect17
bySulman Ahmed
 
A statistical data fusion technique in virtual data integration environment
byIJDKP
 
Cloud computing for agent based urban transportation system vinayss
byVinay Sirivara
 
Final review m score
byazhar4010
 
Sub1582
byInternational Journal of Science and Research (IJSR)
 
Kg2417521755
byIJERA Editor
 
306 310
byEditor IJARCET
 
306 310
byEditor IJARCET
 

Similar to M-Score

PPT
Dstca
byajay vj
 
DOCX
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection System
bySimran Seth
 
PDF
A1802030104
byIOSR Journals
 
PPT
current-trends
byQuickoffice Test
 
PPT
Database Security
byalraee
 
PDF
Accuracy constrained privacy-preserving
bypravash sahoo
 
PPTX
Intruders
byALOK KUMAR
 
PDF
Dynamic Access Control for RBAC-administered web-based Databases
byThitichai Sripan
 
PPTX
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
byDenny Lee
 
PDF
Database security presentation in easy way
byArsalanMaqsood1
 
PDF
A Review Report on Security Threats on Database
byShivnandan Singh
 
DOCX
Database Security—Concepts,Approaches, and ChallengesElisa
byOllieShoresna
 
PPTX
chapter 1 HARDWARE AND NETWORKING SERVICE.pptx
bysufiyanhussein798
 
PDF
Top ten database_threats
byFITSFSd
 
PDF
Iaetsd database intrusion detection using
byIaetsd Iaetsd
 
DOCX
50
byieeeprojectsvadapalani
 
PDF
Distributed database security with discretionary access control
byJyotishkar Dey
 
PPTX
Database Security - IK
byIlgın Kavaklıoğulları
 
PPTX
Geek Sync | Handling HIPAA Compliance with Your Data Access
byIDERA Software
 
PPTX
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
byWinWire Technologies Inc
 
Dstca
byajay vj
 
Query Pattern Access and Fuzzy Clustering Based Intrusion Detection System
bySimran Seth
 
A1802030104
byIOSR Journals
 
current-trends
byQuickoffice Test
 
Database Security
byalraee
 
Accuracy constrained privacy-preserving
bypravash sahoo
 
Intruders
byALOK KUMAR
 
Dynamic Access Control for RBAC-administered web-based Databases
byThitichai Sripan
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
byDenny Lee
 
Database security presentation in easy way
byArsalanMaqsood1
 
A Review Report on Security Threats on Database
byShivnandan Singh
 
Database Security—Concepts,Approaches, and ChallengesElisa
byOllieShoresna
 
chapter 1 HARDWARE AND NETWORKING SERVICE.pptx
bysufiyanhussein798
 
Top ten database_threats
byFITSFSd
 
Iaetsd database intrusion detection using
byIaetsd Iaetsd
 
50
byieeeprojectsvadapalani
 
Distributed database security with discretionary access control
byJyotishkar Dey
 
Database Security - IK
byIlgın Kavaklıoğulları
 
Geek Sync | Handling HIPAA Compliance with Your Data Access
byIDERA Software
 
Modern Data Security for the Enterprises – SQL Server & Azure SQL Database
byWinWire Technologies Inc
 

Recently uploaded

PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PPTX
INSY_7213_Theme Sessions 47 & 48 Advanced databases.pptx
bystormzy56
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
INSY_7213_Theme Sessions 47 & 48 Advanced databases.pptx
bystormzy56
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
Certified AI-Native Foundations Professional.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
Fortinet Certified Fundamentals in Cybersecurity
byVICTOR MAESTRE RAMIREZ
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 

M-Score

  • 1.
  • 2.
    Introduction • Database :Asset of an organization • CSW survey:26% of attacks caused by insiders.[1] • Out of total attacks 16% because of theft of sensitive data. • 15% because of exposure of confidential data. • Organization worried about misuse of data
  • 3.
    Cont’d.. • Insiders 1)Employees 2)Business Partners 3)ServiceProviders • Insider use Information/Data to perform their task • Possibility of Misuse of Data
  • 4.
    Motivation • Insider maymisuse crucial information of a Firm. • Limiting access to data is not the solution. • Need to mitigate misuse of Information from Insider.
  • 5.
    Related Work • Twoapproaches to detect misuse of Data. 1)Syntax Centric 2)Data Centric • Syntax Centric : Data requests are analyze to detect misuse. • Data Centric : Actual Data accessed is analyze to detect misuse.
  • 6.
    Related Work cont’d: •“Detecting Anomalous Access Patterns in Relational Data- bases”[2]  Syntax Centric approach  Capture all SQL statements submitted by user.  Extract Features from captured SQL stmts.  Use Extracted features to detect Anomaly.
  • 7.
    Related Work cont’d.. •“A Risk Management Approach to RBAC,” Risk and Decision Analysis[3]  Syntax centric approach  Designed Model for risk management Distributed DB systems  Measures Risk poses by user to misuse data
  • 8.
    Related Work cont’d.. •“Data-Centric Approach to Insider Attack Detection in Database Systems”[4]  Data Centric Approach  S-vector is created for every access to DB.  S-vector : Extracted statistical information from result set.  Analyze S-vector to detect inside misuse.
  • 9.
    Related work cont’d.. •“Insider Threat Prediction Evaluating the Probability of IT Misuse”[5]  Preventive approach  Insider Prediction tool  Evaluated Potential Threat (EPT) measure to predict inside threat.
  • 10.
    Related Work Evaluation •Some related work in this area analyze requests by user submitted to DB to detect misuse. • Another way to do that is analyze result set access by user • Some calculate Risk of misuse from particular user in the organization.
  • 11.
    Proposal (A)To measure(M-score )how much damage is possible if requested data is given to user and it is misused ,in particular context . (B)Utilize M-Score to mitigate misuse of data from insiders. • Our proposed work is limited to Relational DB.
  • 12.
    Proposal cont’d :M-score • Assign M-score : 1) Presentation Dependent(Tabular , structured , text) 2)Domain Specific • Dimensions For Misuseability 1)No of Entities 2) Anonymity level 3) Number of properties 4) Values of properties
  • 13.
    Proposal cont’d.. M-score basedDynamic Access control System • Purpose : To regulate insider access control to sensitive data. • Data Centric approach. • Each insider given Threshold M-score • M-score of Result set calculated. • Access is granted if user’s threshold is greater or equal than Result-set score.
  • 14.
    MDAC system cont’d.. MDACworks in two modes 1)Binary Mode 2)Subset disclosure Mode Binary Mode : Complete access to data or No access. Subset Disclosure Mode: Complete access or Subset of actual result set
  • 15.
    Requirement Analysis Hardware/Software Requirement Processor Pentium IVand above RAM 1 GB TOOLS Netbeans IDE, Jdk 1.6 Technologies JAVA Operating System Windows xp,7 Hard disk 8 GB Database MySQL
  • 16.
    System Design • GeneralArchitecture DATABASE Qi Qi Ri User Interface Insider( I ) Result set for Query URi URi Qi-Query Submitted by user Ri –Result Set For Qi Uri-Updated Result set for Qi MDAC Decision Block Fig 1:Genral Architecture of MDAC Calculate M-score of Ri
  • 17.
    System Design User loginto the system • Flowchart User submits query to DB Result Set(RS) for query evaluated Calculate M-score of RS YES M-score > Threshold of user M-score NO Mode? Binary Subset Disclosure Remove most Sensitive Data “Access denied” Display Result set to user Display subset of RS User logout Fig 2:Flowchart
  • 18.
    Algorithm : M-scoreevaluation Input :RS (Result Set for Query q) Table. 1)Calculate Raw Record Score(RRS) for each record in the RS Table 2)Calculate Record Distinguishing Factor(RFD) 3)Calculate Final Record Score(FSD) 4)Calculate M-score of the Table Output : M-score of the table
  • 19.
    MDAC algorithm • Input:M-score of RS Table And Threshold M-score Value of the User 1. If (M-score of Rs table >= Threshold) 2. then 3. { 4. if (Mode : Binary) 5. then 6. { 7. Display Message ”Access denied” 8. } 9. else 10. { 11. Remove Most Sensitive Data Till 12. M-score of RS Table<=Threshold 13. Show Subset Of RS(i.e. Appropriate RS) 14. } 15. } 16. Else 17. { 18. Show Result Set To the user 19. }
  • 20.
    Data Flow DiagramLevel 0 Figure 3: DFD Level 0
  • 21.
    Data Flow Diagram: Level 1 Fig 4
  • 22.
  • 23.
    Expected Results • WhenM-score evaluated of result set before exposing it to the user ,we can estimate the extent of damage to firm if data is misused. • We can take appropriate steps to mitigate inside misuse
  • 24.
    Conclusion We proposed newconcept, in which we focused on degree of damage to the firm if particular information in particular context by particular insider is misused can be used to mitigate the misuse of information.
  • 25.
    Future Work • ScoreFunction in proposed system is strongly domain dependent. • Upgrade that score function to mitigate domain dependency. • Develop more applications of M-score to mitigate data misuse.
  • 26.
    References [1] 2010 CyberSecurity Watch Survey, http://www.cert.org/ archive/pdf/ecrimesummary10.pdf, 2012. [2]A. Kamra, E. Terzi, and E. Bertino, “Detecting Anomalous Access Patterns in Relational Data- bases,” Int’l J. Very Large Databases,vol. 17, no. 5, pp. 1063-1077, 2008. [3]E. Celikel et al., “A Risk Management Approach to RBAC,” Risk and Decision Analysis, vol. 1, no. 2, pp. 21-33, 2009. [4]S. Mathew, M. Petropoulos, H.Q. Ngo, and S. Upadhyaya, “Data-Centric Approach to Insider Attack Detection in Database Systems,” Proc. 13th Conf. Recent Advances in Intrusion Detection,2010. [5]G.B. Magklaras and S.M. Furnell, “Insider Threat Prediction Tool : Evaluating the Probability of IT Misuse,” Computers and Security , vol. 21, no. 1, pp. 62-73, 2002.