329 results about "Database security" patented technology

An apparatus and method to distribute applications and services in and throughout a network and to secure the network includes the functionality of a switch with the ability to apply applications and services to received data according to respective subscriber profiles. Front-end processors, or Network Processor Modules (NPMs), receive and recognize data flows from subscribers, extract profile information for the respective subscribers, utilize flow scheduling techniques to forward the data to applications processors, or Flow Processor Modules (FPMs). The FPMs utilize resident applications to process data received from the NPMs. A Control Processor Module (CPM) facilitates applications processing and maintains connections to the NPMs, FPMs, local and remote storage devices, and a Management Server (MS) module that can monitor the health and maintenance of the various modules.

Typical conventional database security scheme mechanisms are integrated in either the application or database. Maintenance of the security scheme, therefore, such as changes and modifications, impose changes to the application and/or database. Configurations of the invention employ a security filter for intercepting database streams, such as data access transactions, between an application and the a data repository, such as a relational database. A security filter deployed between the application and database inspects the stream of transactions between the application and the database. The security filter, by nonintrusively interrogating the transactions, provides a content-aware capability for seamlessly and nondestructively enforcing data level security. A security policy, codifying security requirements for the users and table of the database, employs rules concerning restricted data items. The filter intercepts transactions and determines if the transaction triggers rules of the security policy. If the transactions contain restricted data items, the security filter modifies the transaction to eliminate the restricted data items.

Typical conventional content based database security scheme mechanisms employ a predefined criteria for identifying access attempts to sensitive or prohibited data. An operator, identifies the criteria indicative of prohibited data, and the conventional content based approach scans or “sniffs” the transmissions for data items matching the predefined criteria. In many environments, however, database usage tends to follow repeated patterns of legitimate usage. Such usage patterns, if tracked, are deterministic of normal, allowable data access attempts. Similarly, deviant data access attempts may be suspect. Recording and tracking patterns of database usage allows learning of an expected baseline of normal DB activity, or application behavior. Identifying baseline divergent access attempts as deviant, unallowed behavior, allows automatic learning and implementation of behavior based access control. In this manner, data access attempts not matching previous behavior patterns are disallowed.

A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system communicatively connected to a plurality of network domains, each network domain having a level of security, the database system comprises at least one database accessible from all of the plurality of network domains, the database comprising data, each unit of data having a level of security and access control security operable to provide access to a unit of data in the database to a network domain based on the level of security of the network domain and based on the level of security of the unit of data.

A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises database objects having a level of security, factors representing a characteristic of a user of the database system, rules defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object, and a plurality of realms defining a privilege of the user relative to a schema, the database system is operable to grant or deny access to data to a user based on the factors, the rules satisfied by the factors and the attributes of the data, and the realm associated with the user.

The invention provides a vulnerability management system based on multi-engine vulnerability scanning association analysis. The vulnerability management system comprises: an asset detection managementmodule used for detecting asset information in a scanning network; a system vulnerability scanning module used for performing vulnerability scanning and analysis on a network device, an operating system, application service and a database according to the asset information, and supporting intelligent service identification; a Web vulnerability scanning module used for automatically parsing data according to the asset information, scanning the data, verifying a discovered WEB vulnerability, and recording a test data packet discovered by vulnerability scanning; a database security scanning module; a security baseline verification module; an industrial control vulnerability scanning module; an APP vulnerability scanning module; a WIFI security detection module; a report association analysismodule; and a whole-network distributed management module. The vulnerability management system provided by the invention can perform association analysis on a detection result and a compliance libraryof information security level protection to generate a level protection evaluation report that meets the specification requirements, and the security requirements of different customers are comprehensively met.

The present invention specifies database security at a row level and, optionally, at a column and table level. The systems and methods cluster one or more sets of rows with similar security characteristics and treat them as a named expression, wherein clustered data is accessed based on associated row-level security. The systems and methods specify a syntax that invokes row(s), column(s) and/or table(s) security via programming statements. Such statements include arbitrary Boolean expressions (predicates) defined over, but not restricted to table columns and/or other contextual data. These statements typically are associated with query initiators, incorporated into queries therefrom, and utilized while querying data. Rows of data that return “true” when evaluated against an aggregate of associated security expressions are said to “satisfy” the security expressions and enable access to the data stored therein. Such security expressions can be created and invoked via the Structured Query Language (SQL) database programming language.

A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of database objects, each database object having a level of security, a plurality of factors, each factor representing a characteristic of a user of the database system, at least one database session of the user in the database, the database session having a level of security, the user connected to the database with a network domain, each network domain having a level of security, wherein the database system is operable to grant or deny access to the data to a user based on the factors associated with the user, based on the level of security of the data, based on the level of security of the database session, and based on the level of security of the network domain.

The invention relates to a database security auditing method which comprises the following steps: acquiring database network communication data; parsing a database network communication protocol; carrying out self-learning digging on audit rules; detecting database risk event invasion; evaluating database user permissions; tracking the three-layer correlation of a primary user. The database security auditing method can be used for auditing and monitoring a database in real time, so that the automatic assessment, audit, protection and invasion detection operation can be realized; the method can be used for preventing, recording and tracking the complete database operation behavior so as to help an administrator to find out the internal safety problems of unauthorized use, privilege abuse, permission theft and the like of the database in time; furthermore, after the method is used, the outside attacks such as SQL (structured query language) injection and the like can be avoided.

The invention provides a database access control method on the basis of multi-strategy integration. The database access control method aims to solve widespread problems in the aspect of security access to databases of comprehensive electronic systems. The database access control method includes enabling an RBAC (role-based access control) module to judge whether roles corresponding to users have access permission corresponding to required-to-be-accessed database tables or not; denying access if the roles do not have the access permission; enabling a BLP (Bell-La Padula) module to judge operation permission of the users for fields in the required-to-be-accessed database tables if the roles have the access permission. The database access control method has the advantages that various security levels of information in databases can be assuredly effectively accessed, the security of the databases can be protected on table levels and even field levels, permission of subjective bodies and objective bodies can be effectively customized according to actual conditions, and corresponding access control strategies can be provided for the subjective bodies of the different roles.

The invention discloses an end-to-end bike sharing system and method based on blockchain. The system comprises a system administrator, a cloud server, bike owners, bike users and a blockchain network;the blockchain network contains accounts, bike smart contracts and nodes; there is no need for the bike users to download multiple different applications any more, after registration, deposits are paid to the bike smart contracts, the blockchain network does not contain third parties, and the users only need to apply to the bike smart contracts when the deposits need to be returned, so that the phenomenon of difficult deposit returning is effectively avoided; the payment process does not rely on third-party payment software, so that needed commission charge is effectively reduced. Transactioninformation is stored by the nodes in the blockchain network together, each node stores all transaction data in the network totally redundantly, and once the data in one node is tampered with, othernodes raise objections, so that a whole database is high in safety, and private security of the bike users and the bike owners can be protected.

A secure database appliance leverages database security in a consistent framework providwa consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of database objects, each database object having a level of security, a plurality of factors, each factor representing a characteristic of a user of the database system, at least one database session of the user in the database, the database session having a level of security, the user connected to the database with a network domain, each network domain having a level of security, wherein the database system is operable to grant or deny access to the data to a user based on the factors associated with the user, based on the level of security of the data, based on the level of security of the database session, and based on the level of security of the network domain.

The invention provides a database security system based on storage encryption, comprising a database encryption server, a database encryption expansion component, a safe database access interface anda management tool. A database encryption service system encrypts and decrypts all data in the database security system and intensively applies safety control and management; the database encryption expansion component connects with the database encryption service system and a database management system and calls a cipher service function of the database safety service system to encrypt and decryptroutine data; the safe database access interface provides safe and transparent database access support to an application system; the management tool is used for safety configuration management by management personnel. The database security system provides an interface standard conforming to database access, supports transparent encryption and decryption of routine data and big data object, and screens complex details realizing the security function of the database for the application system.

The invention provides a database auditing system which comprises a database statement auditing module and a database user behavior auditing module. The database statement auditing module is used for analyzing collected auditing data, obtaining an SQL statement and detecting the obtained SQL statement. The database user behavior auditing module is used for analyzing the collected auditing data, obtaining user behavior and detecting the user behavior. The invention further relates to an auditing method based on the database auditing system. According to the database auditing system and the database auditing method, universality is high, detection efficiency is high, maintenance is convenient, a rule base is updated continuously to ensure that the false detection rate is reduced, the requirements for database safety of different users can be practically met, and the system and the method have the wide application prospect in the database auditing industry.