Method of query return data analysis for early warning indicators of possible security exposures
First Claim
Patent Images
1. A method of providing security with respect to data, comprising:
- receiving a query issued against a database by a user; and
determining whether a security violation pattern exists based on;
(i) pre-execution comparative analysis of the query with respect to at least one other previously issued query from the user; and
(ii) post-execution comparative analysis of results returned from execution of the query and results returned from execution of the at least one other previously issued query.
1 Assignment
0 Petitions
Accused Products
Abstract
System, method and article of manufacture for securing data. Queries are analyzed to detect security violation efforts. In one embodiment, algorithms for detecting selected security violation patterns are implemented. Generally, patterns may be detected prior to execution of a query and following execution of a query. Illustrative patterns include union query analysis, pare down analysis, non-overlapping and others.
37 Citations
46 Claims
-
1. A method of providing security with respect to data, comprising:
-
receiving a query issued against a database by a user; and
determining whether a security violation pattern exists based on;
(i) pre-execution comparative analysis of the query with respect to at least one other previously issued query from the user; and
(ii) post-execution comparative analysis of results returned from execution of the query and results returned from execution of the at least one other previously issued query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of providing security with respect to data, comprising:
-
receiving a plurality of queries from a user;
executing the plurality of queries against a database;
receiving a subsequent query issued against the database by the user; and
based on the plurality of queries and the subsequent query, programmatically determining whether a user effort to access an unauthorized amount of data from the database is identifiable, wherein programatically determining comprises detecting that common query conditions of the subsequent query and the plurality of queries are configured to return at least partially non-overlapping results.
-
-
15. A method of providing security with respect to data, comprising:
-
receiving a plurality of queries from a user;
executing the plurality of queries against a database;
receiving a subsequent query issued against the database by the user;
executing the subsequent query; and
based on the plurality of queries and the subsequent query, programmatically determining whether a user effort to bypass security constraints preventing unique identification of individuals is identifiable. - View Dependent Claims (16, 17)
-
-
18. A method of providing security to data having a particular physical data representation, comprising:
-
providing a query specification comprising a plurality of logical fields for defining abstract queries;
providing mapping rules which map the plurality of logical fields to physical entities of the data;
providing security rules;
receiving an abstract query issued against the data by a user, wherein the abstract query is defined according to the query specification and is configured with at least one logical field value; and
analyzing the abstract query with respect to the at least one previously received abstract query from the user to detect an existence of security violation activity prompting invocation of a security rule. - View Dependent Claims (19, 20, 21)
-
-
22. A computer-readable medium containing instructions which, when executed, perform a security violation identification operation, comprising:
-
receiving a query issued against a database by a user; and
determining whether a security violation pattern exists based on (i) pre-execution comparative analysis of the query with respect to at least one other previously issued query from the user; and
(ii) post-execution comparative analysis of results returned from execution of the query and results returned from execution of the at least one other previously issued query. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable medium containing security validation instructions which, when executed, performs a security validation operation comprising:
-
receiving a plurality of plurality queries from a user;
executing the plurality of queries against a database;
receiving a subsequent query issued against the database by the user; and
based on the plurality of queries and the subsequent query, programmatically determining whether a user effort to access an unauthorized amount of data from the database is identifiable, wherein programatically determining comprises detecting that common query conditions of the subsequent query and the plurality of queries are configured to return at least partially non-overlapping results.
-
-
36. A computer-readable medium containing security validation instructions which, when executed, performs a security validation operation comprising:
-
receiving a plurality of queries from a user;
executing the plurality of queries against a database;
receiving a subsequent query issued against the database by the user;
executing the subsequent query; and
based on the plurality of queries and the subsequent query, programmatically determining whether a user effort to bypass security constraints preventing unique identification of individuals is identifiable. - View Dependent Claims (37, 38)
-
-
39. A computer-readable medium, comprising information stored thereon, the information comprising:
-
a query specification comprising a plurality of logical fields for defining abstract queries;
a plurality of mapping rules which map the plurality of logical fields to physical entities of data;
a plurality of security rules;
a runtime component executable to perform a security violation activity detection operation in response to receiving an abstract query issued against the data by a user, wherein the abstract query is defined according to the query specification and is configured with at least one logical field value, the security violation activity detection operation comprising;
analyzing the abstract query with respect to at least one previously received abstract query from the user to detect an existence of security violation activity prompting invocation of a security rule. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46)
-
Specification