Next research proposals have extended this basic model with a variety of features, such as negative authorization, role-based and task based authorization, , temporal authorization, and context-aware authorization. This weakness makes unrestricted access controls vulnerable to malicious attacks, such as Trojan horses embedded in application programs. A Trojan horse is a program with an apparent or actually very useful function, which contains some hidden functions exploiting the genuine authorizations of the invoking process.
Sophisticated Trojan horses may leak information by means of covert channels, enabling unauthorized access to data. A covert channel is a component or feature of the system that is misused to encode or represent information for illegal transmission, without breaching the stated access control policy.
A large variety of components or features can be misused to create covert channels, including the system clock, operating system inter process communication primitives, error messages, the existence of specific file names, the concurrency control mechanism, and so on. The area of compulsory access control and multilevel database systems tried to address such problems through the development of access control models based on information classification, some of which were also incorporated in commercial products. Early compulsory access control models were mainly developed for military applications and were very inflexible and suited, at best, for closed and controlled environments.
There was considerable debate among security researchers concerning how to eliminate covert channels while managing the essential properties of the relational model. In particular, the concept of poly instantiation, that is, the presence of multiple copies with different security levels of the same tuple in a relation, was developed and articulated in this period . Covert channels were also widely examined with considerable focus on the concurrency control mechanisms that, by matching transactions running at different security levels, would introduce an obvious covert channel.
However, solutions developed in the research arena to the covert channel problem were not incorporated into commercial products. This section present a review on some of the most recent and related work.
dblp: Advances in Data Base Theory
But, before we proceed, let us describe the basic components and approaches of steganography. A steganography system usually consists of three key components, named as, secret, cover media, and stego media . For a secure steganography system, four components are required, which is the key or the password. In general, the secret and the cover media can have the form of text, video, image, audio file or other media file as well. Therefore, avoid modifying those file bits that are related to an end-user leaving the cover file perfectly usable.
A large number of steganography algorithms have been developed utilizing the above all the four approaches. One of them is encryption algorithm. Encryption is divided into three different levels. Storage-level encryption amounts to encrypt data in the storage subsystem and thus protects the data at rest.
It is well suitable for encrypting files or entire directories in an operating system context. From a database point of view, storage-level encryption has the advantage to be transparent, thus avoiding any changes to existing applications. On the other side, the storage subsystem has no knowledge of database objects and structure; the encryption strategy neither to be related with user privileges, nor to data sensitivity. Database-level encryption allows securing the data as it is inserted or entered to, or retrieved from the database.
Selective encryption is possible and can be done at various granularities, such as relations, attributes, and tuples. It can even be related with some logical conditions.
- The Making of the English Working Class.
- Advanced Reliability Modeling II: Reliability Testing and Improvement: Proceedings of the 2nd Asian International Workshop (Aiwarm 2006) Busan, Korea, 24-26 August 2006.
- Database Objects in DBMS.
- Sukhoi Su-7 & Su-20?
- A Wind in Cairo.
- General Principles of Tumor Immunotherapy: Basic and Clinical Applications of Tumor Immunology.
- New Databases.
Depending on the level of combination of the encryption feature and the DBMS, the encryption process may incur some modification to applications. Encryption is thus performed within the application that initiates the data into the system; the data is sent encrypted, thus naturally stored and retrieved encrypted data , to be finally decrypted within the application. This approach has the benefit to separate encryption keys from the encrypted data stored in the database since the keys never need to leave at the application side.
Advances in Database Systems
There are many aspects to security and many applications. One essential aspect for secure communications is the cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself enough. Steganography is another technique for secured communication.
It encompasses methods of transmitting secret messages through safe cover carriers in such a manner that the very existence of the embedded messages is undetectable. Information can be hidden in audio, text, images , video, or some other digitally representative code. Steganography systems can be grouped by the type of covers  used graphics, sound, text, executables or by the techniques used to modify the covers.
AES algorithm is widely used for cryptography. This standard specifies the Rijndael algorithm , a symmetric block cipher that can process data blocks of bits, using cipher keys with lengths of , , and bits. The input, the output and the cipher key for Rijndael are each bit sequences containing , or bits with the constraint that the input and output sequences have the same length. In general the length of the input and output sequences can be any of the three allowed values but for the Advanced Encryption Standard AES the only length accepted is To secure the data using cryptography crypto module is used.
Steganography is the science of hiding information by embedding the hidden i. Steganography hides the fact that the communication does not exist. Different types of steganography are as follows : i.
Secret Key Steganography ii. Public Key Steganography IV. Because transferring of data which is present on web database securely is very important for that all the above mentioned ways are followed.
References 1. Boyens, C. Fernandez, R. Summers, and C. Wood, Database Security and Integrity.
Addison-Wesley, Feb. Griffiths and B. Database Systems, vol.
Bertino, S. Jajodia, and P. Knowledge and Data Eng. Sandhu, E. Coyne, H. Feinstein, and C. Thomas and R. Lin and S. Qian, eds. Bertino, C.
- Real-Time Database and Information Systems: Research Advances!
- Transactions on Edutainment VIII.
- An Elemental Thing.
- Immigrant Integration: A Cross-National Study (The New Americans).
Manuel G. Rumelhart, G. Hinton, and R. Smith and J. SUSAN - a new approach to low level image processing.