Negative database for data security....

1. NEGATIVE DATABASE
FOR DATA SECURITY
Shivnandan Singh Chauhan
Mtech (CSE)
1201102021
5/27/2014
1
ShivnandanSingh

2. DATABASE
 A database is an organized collection of data.
The data is typically organized to model relevant
aspects of reality in a way that supports
processes requiring this information.
5/27/2014
2
ShivnandanSingh

3. NEGATIVE DATABASE
 A negative database can be defined as a
database that contains huge amount of data
which consists of counterfeit data along with the
actual data.
 A few approaches that describe this concept have
been proposed but have not yet been
implemented to work for real world databases.
5/27/2014
3
ShivnandanSingh

4. DATABASE SECURITY IMPORTANCE
 Database Security has become an important
issue in today’s world. Organizations have
become highly dependent on the database for
their daily operations.
 The objective of database security is to prevent
undesired information disclosure and
modification of data while ensuring the
availability of the necessary service. With the
increase in the use of World Wide Web in recent
years emphasize the web database security.
5/27/2014
4
ShivnandanSingh

5. CLASSIFICATION SCHEME
In best of my knowledge database security are
classified based on the type of information security and
models.
 Encryption
 Negative Database
 Web-based Database Security
 Authentication and Access Control
 Timeliness and Security in Real-time Database
Systems
 Testing Schemes for SQL Injections
5/27/2014
5
ShivnandanSingh

6. ENCRYPTION
 This is the process of transforming plain text
information using encryption algorithms (called
cipher) to make it unreadable to anyone except
those possessing special knowledge, usually
referred to as a key.
 The traditional database systems using plain
text have many threats of data corruption and
collapse of database. To avoid these threats, the
data is stored in encrypted form in the database.
5/27/2014
6
ShivnandanSingh

7. WEB-BASED DATABASE SECURITY
 Some Methods are proposed to establish security
of Web database against illegitimate intrusion.
 The data transmission from server to the client
should be in a secured way (use Secure Socket
Layer).
 Host identity of an end system should be
authenticated.
5/27/2014
7
ShivnandanSingh

8. TESTING SCHEMES FOR SQL
INJECTIONS
 SQL injection is a code injection technique that
exploits a security vulnerability occurring in the
database layer of an application.
5/27/2014
8
ShivnandanSingh

9. TESTING SCHEME TO STOP SQL INJECTIONS
IN THE BEGINNING
 Database Security Testing Scheme to detect
potential input points of SQL injection,
automatically generate test cases and find
vulnerability of databases by running these test
cases to make a simulation attack to an
application.
5/27/2014
9
ShivnandanSingh

10. CONCEPT OF NEGATIVE DATABASE TO
HELP PREVENT DATA THEFT
A framework which manipulates the original
data and stores it in a database. This framework
mainly consists of four modules
 Database catching
 Virtual database encryption
 Database Encryption algorithm
 Negative Database conversion algorithm.
5/27/2014
10
ShivnandanSingh

11. ARCHITECTURE
5/27/2014
11
ShivnandanSingh

12. DATABASE CACHING
 In our framework we are using system-derived
timestamps as keys. Thus the complexity of the
database caching algorithm O(n), when the whole
database needs to be searched for a particular
tuple.
5/27/2014
12
ShivnandanSingh

13. VIRTUAL DATABASE ENCRYPTION
 This layer depends on the timestamp generation
and the conversion of the data into ASCII values.
Thus the computation time is O(n) where n is the
length of the used password.
5/27/2014
13
ShivnandanSingh

14. AUTHENTICATION AND ACCESS
CONTROL
 Authentication is used to check properly the
identity of the user and Access Control controls
the user actions or operations. Access Control
gives different privileges to different
authenticated users.
5/27/2014
14
ShivnandanSingh

15. Questions or Comments?
5/27/2014
15
ShivnandanSingh