Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
First Claim
Patent Images
1. A method for controlling data access in a database, the method comprising:
- receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer;
performing, by a processing system, a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion;
performing, by the processing system, a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and
granting access to the requested data in response to a determination that the received data request does not comprise an application layer intrusion or a table layer intrusion.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.
47 Citations
20 Claims
-
1. A method for controlling data access in a database, the method comprising:
-
receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; performing, by a processing system, a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion; performing, by the processing system, a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise an application layer intrusion or a table layer intrusion. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium containing computer-executable instructions for controlling data access in a database, the instructions configured to, when executed, cause a computer to perform steps
comprising: -
receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; performing a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion; performing a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise an application layer intrusion or a table layer intrusion. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for controlling data access in a database, the system comprising:
-
a non-transitory computer-readable storage medium containing executable instructions configured to, when executed, perform steps comprising; receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; performing a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion; performing a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise an application layer intrusion or a table layer intrusion; and a hardware processor configured to execute the instructions. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium containing computer-executable instructions for controlling data access in a database, the instructions configured to, when executed, cause a computer to perform steps
comprising: -
receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; responsive to the received data request, performing a first intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; responsive to a determination that the received data request does not comprise a table layer intrusion, performing a second intrusion detection analysis at the file layer to determine whether the received data request comprises a file layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise a file layer intrusion.
-
-
17. A system comprising:
-
a non-transitory computer-readable storage medium containing executable instructions configured to, when executed, perform steps comprising; receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; responsive to the received data request, performing a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion; responsive to a determination that the received data request does not comprise an application layer intrusion, performing a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise a table layer intrusion; and a hardware processor configured to execute the instructions. - View Dependent Claims (18)
-
-
19. A non-transitory computer-readable storage medium containing computer-executable instructions for controlling data access in a database, the instructions configured to, when executed, cause a computer to perform steps
comprising: -
receiving a request for data at an application layer stored in a memory of a database, the database comprising the application layer, a table layer, and a file layer, and the requested data residing in one or more data files stored at the file layer; responsive to the received data request, performing a first intrusion detection analysis at the application layer to determine whether the received data request comprises an application layer intrusion; responsive to a determination that the received data request does not comprise an application layer intrusion, performing a second intrusion detection analysis at the table layer to determine whether the received data request comprises a table layer intrusion; and granting access to the requested data in response to a determination that the received data request does not comprise a table layer intrusion. - View Dependent Claims (20)
-
Specification