Systems and methods for securing customer data in a multi-tenant environment
First Claim
1. A system for securing customer data in a multi-tenant environment, the system comprising:
- one or more processors configured to;
monitor query plans of a multi-tenant database system to determine whether any query plans may be at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system; and
take an action to secure customer data in the multi-tenant environment in the event that a query plan is determined to be suspect, wherein determining whether the query plan is suspect includes determining whether the query plan satisfies one or more first criteria, wherein the first criteria includes at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system;
determine whether the suspect query plan satisfies one or more second criteria, the second criteria including whether the suspect query plan is a member of an exception class of suspect query plans;
permit the suspect query plan to be executed without raising an alert when the suspect query plan is found to satisfy the second criteria; and
raise an alert when the suspect query plan does not satisfy the second criteria.
1 Assignment
0 Petitions
Accused Products
Abstract
Network security is enhanced in a multi-tenant database network environment using a query plan detection module to continually poll the database system to locate and raise an alert for suspect query plans. Security also can be enhanced using a firewall system sitting between the application servers and the client systems that records user and organization information for each client request received, compares this with information included in a response from an application server, and verifies that the response is being sent to the appropriate user. Security also can be enhanced using a client-side firewall system with logic executing on the client system that verifies whether a response from an application server is being sent to the appropriate user system by comparing user and organization id information stored at the client with similar information in the response.
57 Citations
21 Claims
-
1. A system for securing customer data in a multi-tenant environment, the system comprising:
one or more processors configured to; monitor query plans of a multi-tenant database system to determine whether any query plans may be at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system; andtake an action to secure customer data in the multi-tenant environment in the event that a query plan is determined to be suspect, wherein determining whether the query plan is suspect includes determining whether the query plan satisfies one or more first criteria, wherein the first criteria includes at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system;determine whether the suspect query plan satisfies one or more second criteria, the second criteria including whether the suspect query plan is a member of an exception class of suspect query plans; permit the suspect query plan to be executed without raising an alert when the suspect query plan is found to satisfy the second criteria; and raise an alert when the suspect query plan does not satisfy the second criteria. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method for securing customer data in a multi-tenant environment, comprising:
-
monitoring query plans of a multi-tenant database system to determine whether any query plans may be at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system; andtaking an action to secure customer data in the multi-tenant environment in the event that a query plan is determined to be suspect, wherein determining whether the query plan is suspect includes determining whether the query plan satisfies one or more first criteria, wherein the first criteria includes at least one of;
a query plan that should never occur in a multi-tenant database system or a query plan that should only occur in a small number of identified circumstances in a multi-tenant database system;determining whether the suspect query plan satisfies one or more second criteria, the second criteria including whether the suspect query plan is a member of an exception class of suspect query plans; permitting the suspect query plan to be executed without raising an alert when the suspect query plan is found to satisfy the second criteria; and raising an alert when the suspect query plan does not satisfy the second criteria. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification