System and method for securing database activity

US 8,683,220 B2
Filed: 09/29/2011
Issued: 03/25/2014
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity;

validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and

evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example embodiment that includes detecting database activity associated with a statement having a signature, validating the signature; and evaluating the statement as a signed statement if the signature is valid. In more particular embodiments, the signature may include a unique script identifier and a hash function of a shared key. In yet other embodiments, validating the signature may include checking a session variable and comparing the statement to a list of signed statements.

6 Citations

20 Claims

1. A method, comprising:
- detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity;
  
  validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and
  
  evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the signature comprises a unique script identifier.
  - 3. The method of claim 1, wherein the signature comprises a hash function of a shared key.
  - 4. The method of claim 1, wherein the signature is embedded in a comment portion of the statement.
  - 5. The method of claim 1, wherein validating the signature comprises extracting a first signature hash from the signature, calculating a second signature hash based on the signature, and comparing the first signature hash to the second signature hash.
  - 6. The method of claim 1, wherein the signature comprises a unique script identifier and validating the signature comprises comparing the statement to valid statements associated with the unique script identifier.
  - 7. The method of claim 1, wherein validating the signature comprises extracting a script identifier from a session variable and comparing the statement to a list of valid statements associated with the script identifier.

8. Logic encoded in one or more non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
- detecting database activity by a database activity monitor (DAM) that is collocated with a database server for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity;
  
  validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and
  
  evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The encoded logic of claim 8, wherein the signature comprises a unique script identifier.
  - 10. The encoded logic of claim 8, wherein the signature comprises a hash function of a shared key.
  - 11. The encoded logic of claim 8, wherein the signature is embedded in a comment portion of the statement.
  - 12. The encoded logic of claim 8, wherein validating the signature comprises extracting a first signature hash from the signature, calculating a second signature hash based on the signature, and comparing the first signature hash to the second signature hash.
  - 13. The encoded logic of claim 8, wherein the signature comprises a unique script identifier and validating the signature comprises comparing the statement to valid statements associated with the unique script identifier.
  - 14. The encoded logic of claim 8, wherein validating the signature comprises extracting a script identifier from a session variable and comparing the statement to a list of valid statements associated with the script identifier.

15. An apparatus, comprising:
- a database activity monitor agent;
  
  a signature module; and
  
  one or more processors operable to execute instructions associated with the database activity monitor agent and the signature module such that the apparatus is configured for;
  
  detecting database activity by the database activity monitor agent that is collocated with the apparatus for which it performs monitoring, wherein the database activity includes an attempt to execute a statement in a script, and wherein the statement includes a plurality of instructions for executing the database activity;
  
  validating a signature by parsing the statement to determine whether the statement includes the signature, wherein an association is generated between the signature and the statement in order to distinguish authorized database activity from unauthorized database activity, and wherein different rules are defined for handling the authorized database activity and the unauthorized database activity; and
  
  evaluating the statement as a signed statement if the signature is valid, wherein the signed statement is indicative of a planned, preapproved database activity that has been authorized.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the signature comprises a unique script identifier.
  - 17. The apparatus of claim 15, wherein the signature comprises a hash function of a shared key.
  - 18. The apparatus of claim 15, wherein the signature is embedded in a comment portion of the statement.
  - 19. The apparatus of claim 15, wherein validating the signature comprises extracting a first signature hash from the signature, calculating a second signature hash based on the signature, and comparing the first signature hash to the second signature hash.
  - 20. The apparatus of claim 15, wherein the signature comprises a unique script identifier and validating the signature comprises comparing the statement to valid statements associated with the unique script identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Lichtenstadt, Aviad, Lichtman, Guy, Markovich, Slavik
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US13/248,121
Publication Number

US 20130246796A1
Time in Patent Office

908 Days
Field of Search

713/176, 713/180, 713/187, 713/189, 726/22, 726/26
US Class Current

713/189
CPC Class Codes

G06F 21/6227 where protection concerns t...

System and method for securing database activity

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for securing database activity

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others