System and methods for selective local database access restriction
First Claim
1. A method of providing nonintrusive database security comprising:
- identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from the local server, the local server in direct communication with the database;
enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts via the access medium, identifying further comprising identifying access mediums for all access permutations on a particular local server; and
enumerating comprising collectively covering all access permutations through which access attempts emanate on the particular local server;
identifying local access attempts to the database via the enumerated access mediums, the local access attempts employing a local client for database access, the local client defined by a local process independent of a disposition of an initiating user query device, the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection;
applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums; and
restricting the identified local access attempt, restricting further comprising performing at least one of preventing the access attempt and reporting the access attempt for further analysis.
3 Assignments
0 Petitions
Accused Products
Abstract
A nonintrusive database access monitoring mechanism employs a hybrid approach that disallows, or blocks, the access mediums which are not feasible to intercept or analyze, as well as intercepting and analyzing access mediums for which interception and interrogation is available. Accordingly, various configurations provide the hybrid coverage approach to identifying access mediums, and either block or intercept the access attempts. In this manner, access mediums, such as interprocess communication (IPC) system calls, which may be efficiently intercepted and analyzed are captured and substantively processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to analyze such access attempts.
-
Citations
40 Claims
-
1. A method of providing nonintrusive database security comprising:
-
identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts via the access medium, identifying further comprising identifying access mediums for all access permutations on a particular local server; and
enumerating comprising collectively covering all access permutations through which access attempts emanate on the particular local server;identifying local access attempts to the database via the enumerated access mediums, the local access attempts employing a local client for database access, the local client defined by a local process independent of a disposition of an initiating user query device, the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection; applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums; and restricting the identified local access attempt, restricting further comprising performing at least one of preventing the access attempt and reporting the access attempt for further analysis. - View Dependent Claims (2, 3, 4, 5, 6, 31, 32, 34, 35, 36, 37, 38, 39, 40)
-
-
7. (canceled)
-
8. (canceled)
-
9. A method for preventing unauthorized access to a database comprising:
-
identifying a plurality of access mediums to a protected database, the identified access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; enumerating access mediums responsive to an interrogative process, the interrogative process operable to intercept access attempts via the enumerated access mediums; generating an access medium repository indicative of, for each of the enumerated access mediums, those which the interrogative process is operable to intercept and analyze access attempts via the respective access medium, wherein the access mediums are local access mediums emanating from a local server in direct communication with the database, the local access mediums defined by interprocess communication mechanisms emanating and terminating on the local server such that the local access mediums include access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection; and blocking access from access mediums nonresponsive to an interrogative process by prohibiting activity via the nonresponsive access mediums. - View Dependent Claims (11, 12, 13, 15, 16, 18, 19)
-
-
10. (canceled)
-
14. (canceled)
-
17. (canceled)
-
20. A method of tracking database access comprising:
-
enumerating access mediums providing local access to a database via a local server, the enumerated access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; determining, for each of the enumerated access mediums, whether access attempts are interceptable for each particular access medium, determining further comprising identifying access mediums for all access permutations on a particular local server; and
enumerating comprising collectively covering all access permutations through which access attempts emanate on the local server;identifying local access attempts to the database via the enumerated access mediums, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection; collecting, for each of the interceptable access attempts, the access attempt; and preventing access for each of the access mediums which are not interceptable, preventing further comprising performing at least one of preventing the access attempt and reporting the access attempt for further analysis.
-
-
21. A server for monitoring database access comprising:
-
a processor; a memory coupled to the processor; a first process for intercepting database access attempts; a second process for preventing database access attempts, the first process and the second process executable in the memory by the processor; an enumeration of available access mediums, each of the enumerated access mediums responsive to at least one of the first process and the second process, further comprising access mediums for all access permutations on a particular local server; and
the enumeration collectively covering all access permutations through which access attempts emanate on the particular local server, the enumerated access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; andan access controller for identifying local access attempts via the local access mediums and employing the enumeration to determine applicability of the first and second process, and further for invoking at least one of the first and second processes for scrutinizing the local access attempt, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server, the access controller further restricting the identified access attempt, restricting further comprising performing at least one of preventing the local access attempt and reporting the local access attempt for further analysis, the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A computer program product having a computer readable storage medium operable to store computer program logic embodied in computer program code encoded thereon that, when executed by a processor, cause the computer to perform a method for providing local database security, the method comprising:
-
identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from the local server, the local server in direct communication with a database;
enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts via the access medium, identifying further comprising identifying access mediums for all access permutations on a particular local server; and
enumerating comprising collectively covering all access permutations through which access attempts emanate on the local server, the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection;identifying local access attempts to the database via the enumerated access mediums, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server; applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums, applying the enumerated access control mechanism to the access attempts further including; collecting access attempts and either blocking or recording the access attempts; and transmitting the recorded access attempts to a collector operable to analyze the collected access attempts.
-
-
27. (canceled)
-
28. (canceled)
-
29. A method of providing nonintrusive database security comprising:
-
identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts via the access medium, each access medium having a corresponding prevention measure; generating, from a configuration file, an access matrix having an entry for each of a combination of operating systems and local access mediums, the access matrix indicating the prevention measure to be invoked for each combination, the local access mediums defined by interprocess communication mechanisms emanating and terminating on the local server, the local access mediums including access mediums undetectable by remote parsing or stream based interrogation of an incoming network connection; indexing the access matrix based on the local access medium and the operating system; and applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums.
-
-
30. (canceled)
-
33. (canceled)
Specification