System and method for securing database activity
First Claim
Patent Images
1. A method, comprising:
- detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity;
validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and
evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment that includes detecting database activity associated with a statement having a signature, validating the signature; and evaluating the statement as a signed statement if the signature is valid. In more particular embodiments, the signature may include a unique script identifier and a hash function of a shared key. In yet other embodiments, validating the signature may include checking a session variable and comparing the statement to a list of signed statements.
6 Citations
20 Claims
-
1. A method, comprising:
-
detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity; validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Logic encoded in one or more non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity; validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a database activity monitor agent; a signature module; and one or more processors operable to execute instructions associated with the database activity monitor agent and the signature module such that the apparatus is configured for; detecting database activity by the database activity monitor agent that is collocated with the apparatus for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity; validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification