Evaluating security of data access statements
First Claim
1. An apparatus for evaluating data access statements with respect to database security and protecting, an automated database, comprising:
- a plurality of processors;
a non-transitory computer readable storage medium (CRSM) coupled to the plurality of processors; and
computer code, stored on the CRSM and executed on the plurality of processors, the code comprising for;
evaluating a criticality of two or more SQL statements, each statement from a different session of two or more sessions accessing a database, from a first computing system, a database implemented on a data server;
generating, on the data server, a critical item set based upon the evaluated criticality of the two or more SQL statements from the two or more sessions, each element in the critical item set indicating one or more SQL statements contained in a session of the two or more sessions,extracting at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements;
calculating criticality of each of the at least one association rule;
evaluating a session based upon a criticality of at least one association rule;
terminating, by the data server, the session based upon a result of the evaluating;
ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and
specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.
38 Citations
17 Claims
-
1. An apparatus for evaluating data access statements with respect to database security and protecting, an automated database, comprising:
-
a plurality of processors; a non-transitory computer readable storage medium (CRSM) coupled to the plurality of processors; and computer code, stored on the CRSM and executed on the plurality of processors, the code comprising for; evaluating a criticality of two or more SQL statements, each statement from a different session of two or more sessions accessing a database, from a first computing system, a database implemented on a data server; generating, on the data server, a critical item set based upon the evaluated criticality of the two or more SQL statements from the two or more sessions, each element in the critical item set indicating one or more SQL statements contained in a session of the two or more sessions, extracting at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements; calculating criticality of each of the at least one association rule; evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. - View Dependent Claims (2, 3, 4)
-
-
5. An computer program product for evaluating data access statements with respect to database security and protecting an automated database, the computer program product comprising a non-transitory computer-readable storage medium having program code embodied therewith, the program code executable by a plurality of processors to perform a method comprising:
-
evaluating, by the plurality of processors, criticality of multiple Structured Query Language (SQL) statements contained in two or more sessions accessing, from a first computing system, a database implemented on a data server; generating, on the data server, a critical item set from the two or more sessions, each element in the critical item set indicating two or more SQL statements, each statement from a different session of the two or more sessions; extracting, by the plurality of processors, at least one association rule from the critical item set, each of the at least one association rule indicating a sequence of SQL statements; calculating, by the plurality of processors, criticality of each of the at least one association rule; evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rule; and specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. - View Dependent Claims (6, 7, 8)
-
-
9. A method for evaluating data access statements with respect to database security, comprising:
-
evaluating criticality of multiple Structured Query Language (SQL) statements contained in multiple sessions accessing, from a first computing system, a database implemented on a data server; generating, on the data server, a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session of the multiple sessions; extracting at least one association rule from the critical item set, each of the at least association rule indicating, a sequence of SQL statements; calculating criticality of each of the at least one association rule; evaluating a session based upon a criticality of at least one association rule; terminating, by the data server, the session based upon a result of the evaluating; ranking, by the data server, at least two association rules by the criticality of each of the at least two association rules; and specifying, by the data server, a security policy corresponding to each of the at least two association rules according to the ranking. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification