A Review of Database Security Concepts, Risks, and Problems

Currently, data production is as quick as possible; however, databases are collections of well-organized data that can be accessed, maintained, and updated quickly. Database systems are critical to your company because they convey data about sales transactions, product inventories, customer profiles, and marketing activities. To accomplish data manipulation and maintenance activities the Database Management System considered. Databases differ because their conclusions based on countless rules about what an invulnerable database constitutes. As a result, database protection seekers encounter difficulties in terms of a fantastic figure selection to maintain their database security. The main goal of this study is to identify the risk and how we can secure databases, encrypt sensitive data, modify system databases, and update database systems, as well as to evaluate some of the methods to handle these problems in security databases. However, because information plays such an important role in any organization, understanding the security risk and preventing it from occurring in any database system require a high level of knowledge. As a result, through this paper, all necessary information for any organization has been explained; in addition, also a new technological tool that plays an essential role in database security was discussed.

Database protection model based on security system with full overlap

Security is one of the most important characteristics of the quality of information systems in general and databases, as their main component, in particular. Therefore, the presence of an information protection system, as a complex of software, technical, cryptographic, organizational and other methods, means and measures that ensure the integrity, confidentiality, authenticity and availability of information in conditions of exposure to natural or artificial threats, is an integral feature of almost any modern information system and database. At the same time, in order to be able to verify the conclusions about the degree of security, it must be measured in some way. The paper considers a database security model based on a full overlap security model (a covered security system), which is traditionally considered the basis for a formal description of security systems. Thanks to expanding the Clements-Hoffman model by including a set of vulnerabilities (as a separately objectively existing category necessary to describe a weakness of an asset or control that can be exploited by one or more threats), which makes it possible to assess more adequately the likelihood of an unwanted incident (threat realization) in a two-factor model (in which one of the factors reflects the motivational component of the threat, and the second takes into account the existing vulnerabilities); a defined integral indicator of database security (as a value inverse to the total residual risk, the constituent components of which are represented in the form of the corresponding linguistic variables); the developed technique for assessing the main components of security barriers and the security of the database as a whole, based on the theory of fuzzy sets and risk, it becomes possible to use the developed model to conduct a quantitative assessment of the security of the analyzed database.

DATABASE PROTECTION BASED ON WEB APPLICATION FIREWALL

Web applications are increasingly being used in activities such as reading news, paying bills, and shopping online. As these services grow, you can see an increase in the number and extent of attacks on them, such as: theft of personal information, bank data and other cases of cybercrime. All of the above is a consequence of the openness of information in the database. Web application security is highly dependent on database security. Client request data is usually retrieved by a set of requests that request the application user. If the data entered by the user is not scanned very carefully, you can collect a whole host of types of attacks that use web applications to create security threats to the database. Unfortunately, due to time constraints, web application programmers usually focus on the functionality of web applications, but only few worry about security. This article provides methods for detecting anomalies using a database firewall. The methods of penetration and types of hacks are investigated. A database firewall is proposed that can block known and unknown attacks on Web applications. This software can work in various ways depending on the configuration. There are almost no false positives, and the overhead of performance is relatively small. The developed database firewall is designed to protect against attacks on web application databases. It works as a proxy, which means that requests for SQL expressions received from the client will first be sent to the developed firewall, rather than to the database server itself. The firewall analyzes the request: requests that are considered strange are blocked by the firewall and an empty result is returned to the client.

Kreative Maschinen und Urheberrecht

The interdisciplinary analysis examines machine learning (ML) frameworks used in AI development and gives practical answers to copyright issues arising in this matter. A special focus lies on database protection of ML models. Furthermore, the thesis offers an opinion on text and data mining restrictions in the AI context. Regarding the production of potentially copyrightable works by means of ML, the author discusses the issue of copyright attribution, suggests a solution, and proposes a flow chart to identify the author in various scenarios. In view of a potentially increasing autonomy of AI, an introduction to the interconnection of the concepts of intelligence, creativity and Computational Creativity is provided.

Data Mining Under the Directive on Copyright and Related Rights in the Digital Single Market: Are European Database Protection Rules Still Threatening the Development of Artificial Intelligence?

This paper explores how the existing European rules on the legal and contractual protection of databases limit the re-use of non-personal data by start-ups and SMEs for the purpose of developing artificial intelligence in the European Union. This analysis aims to determine whether the recent initiatives on data mining and data sharing are adequate to ensure an appropriate level of data re-usability for that purpose. In turn, this paper argues that additional reforms are needed to establish a more balanced European framework on the legal and contractual protection of databases. Therefore, it contemplates the introduction of data user rights, which would facilitate the access and re-use of non-personal data by the enterprises in question.

Intrusion Detection Systems for Mitigating SQL Injection Attacks

Databases are widely used by organizations to store business-critical information, which makes them one of the most attractive targets for security attacks. SQL Injection is the most common attack to webpages with dynamic content. To mitigate it, organizations use Intrusion Detection Systems (IDS) as part of the security infrastructure, to detect this type of attack. However, the authors observe a gap between the comprehensive state-of-the-art in detecting SQL Injection attacks and the state-of-practice regarding existing tools capable of detecting such attacks. The majority of IDS implementations provide little or no protection against SQL Injection attacks, with exceptions like the tools Bro and ModSecurity. In this article, the authors compare these tools using the CSIC dataset in order to examine the state-of-practice in database protection from SQL Injection attacks, identifying the main characteristics and implementation details needed for IDSs to successfully detect such attacks. The experiments indicate that signature-based IDS provide the greatest coverage against SQL Injection.

IT ASPECTS OF MUSEUM OPERATIONS

In the current technological environment, operation of every institution, museum included, requires the use of IT networks, among them the internet. This results from the fact that museums have their respective websites and web addresses. Regardless of the technological aspects, the use of the internet by museums has to bear in mind legal requirements resulting in particular from the Act on Access to Public Information, this including the BIP page, namely that of the Bulletin of Public Information that allows to provide access to this kind of information within the range as defined in the above Act. The requirements of the accessibility of digital websites of public museums taking into account the needs of disabled citizens is specified by the Act on Accessibility of the Websites and Mobile Applications of Public Sector Bodies. Some of the provisions of the Act with respect to websites published before 23 September 2018 will come into force as of 23 September 2020. In the discussed context it also legal provisions related to IT assets that are of importance; these contain computer software and electronic databases. The legal status of these assets is specified in the provisions of the Act on Copyright and Related Rights (see its Arts. 3 and 7) as well as of the Act on Database Protection. Apart from the above, which, however, do not exhaust the whole range of the topic-related issues, it is also important to tackle the question of the digitizing of the assets (collections) that museums have at their disposal, in particular museum objects and images of people that constitute personal rights, which are digitized and disseminated online. Apart from the Act on Museums, particularly its Art. 25a, it is the Act on Copyright and Related Rights as well as the Civil Code that through the general provisions on the protection of personal rights, these also including images of people, give the prescriptive context to the problem.