Selective local database access restriction
First Claim
1. A method of providing nonintrusive database security comprising:
- identifying a plurality of access mediums operable to provide local access to a database in response to access attempts from a user, the identified access mediums including local access mediums emanating from a local server, the local server in direct communication with the database;
enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts made via the access medium, and enumerating comprising covering all access attempts to the database emanating on the local server;
identifying local access attempts to the database made via the enumerated access mediums, the local access attempts employing a local client for database access, the local client defined by a local process independent of a disposition of an initiating user query device;
applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums; and
restricting the identified local access attempt made via the access medium in accordance with the enumerated control mechanism for that access medium, restricting further comprising performing at least one of preventing the access medium from making the access attempt in response to that access medium not being interceptable and reporting the access attempt made via the access medium for further analysis.
3 Assignments
0 Petitions
Accused Products
Abstract
A nonintrusive database access monitoring mechanism employs a hybrid approach that disallows, or blocks, the access mediums which are not feasible to intercept or analyze, as well as intercepting and analyzing access mediums for which interception and interrogation is available. Accordingly, various configurations provide the hybrid coverage approach to identifying access mediums, and either block or intercept the access attempts. In this manner, access mediums, such as interprocess communication (IPC) system calls, which may be efficiently intercepted and analyzed are captured and substantively processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to analyze such access attempts.
172 Citations
31 Claims
-
1. A method of providing nonintrusive database security comprising:
-
identifying a plurality of access mediums operable to provide local access to a database in response to access attempts from a user, the identified access mediums including local access mediums emanating from a local server, the local server in direct communication with the database; enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts made via the access medium, and enumerating comprising covering all access attempts to the database emanating on the local server; identifying local access attempts to the database made via the enumerated access mediums, the local access attempts employing a local client for database access, the local client defined by a local process independent of a disposition of an initiating user query device; applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums; and restricting the identified local access attempt made via the access medium in accordance with the enumerated control mechanism for that access medium, restricting further comprising performing at least one of preventing the access medium from making the access attempt in response to that access medium not being interceptable and reporting the access attempt made via the access medium for further analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for preventing unauthorized access to a database comprising:
-
identifying a plurality of access mediums to a protected database, the identified access mediums including local access mediums emanating from a local server, the local server in direct communication with the database; determining access mediums responsive to an interrogative process and enumerating access mediums responsive to the interrogative process, the interrogative process operable to intercept access attempts made via the enumerated access mediums; generating an access medium repository, wherein, for each of the enumerated access mediums, the access medium repository indicates the access mediums which the interrogative process is operable to intercept and analyze access attempts made via the respective access medium, wherein the access mediums are local access mediums emanating from a local server in direct communication with the database, the local access mediums defined by interprocess communication mechanisms emanating and terminating on the local server; and blocking access to the protected database from access mediums nonresponsive to the interrogative process by prohibiting activity conducted via the nonresponsive access mediums. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of tracking database access comprising:
-
enumerating access mediums providing local access to a database via a local server, the enumerated access mediums including local access mediums emanating from the local server, the local server in direct communication with the database; determining, for each of the enumerated access mediums, whether access attempts are interceptable for each particular access medium for retrieval and analysis of the access attempts identifying local access attempts to the database made via the enumerated access mediums, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server, collecting, for each of the interceptable access attempts, the access attempt; and preventing access to the database for each of the access mediums which are not interceptable, preventing further comprising performing at least one of preventing the access attempt and reporting the access attempt for further analysis.
-
-
25. A server for monitoring database access comprising:
-
a processor; a memory coupled to the processor; a first process for intercepting database access attempts; a second process for preventing database access attempts, the first process and the second process executable in the memory by the processor; an enumeration of available access mediums, each of the enumerated access mediums responsive to at least one of the first process and the second process to limit access attempts made on that access medium, the enumerated access mediums including local access mediums emanating from the local server, the local server in direct communication with the database, and the enumeration covering all access attempts to the database emanating on the local server; and an access controller for identifying local access attempts made via the local access mediums and employing the enumeration to determine applicability of the first and second process, and further for invoking at least one of the first and second processes for limiting the local access attempt made via the access medium, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server, the access controller further restricting the identified access attempt, restricting further comprising performing at least one of preventing the local access attempt made via the access medium in response to that access medium not being interceptable and reporting the local access attempt made via the access medium for further analysis. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A computer program product having a computer readable storage medium operable to store computer program logic embodied in computer program code encoded thereon that, when executed by a processor, cause the computer to perform a method for providing local database security, the method comprising:
-
identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from a local server, the local server in direct communication with a database; enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts made via the access medium, and enumerating comprising covering all access attempts to the database emanating on the local server; identifying local access attempts to the database via the enumerated access mediums, the local access attempts occurring via interprocess communication mechanisms emanating and terminating on the local server; applying, to each of the identified access mediums, the enumerated access control mechanism, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums, applying the enumerated access control mechanism to the access attempts further including; collecting access attempts made via the access medium and either blocking the access medium in response to that access medium not being interceptable or recording the access attempts; and transmitting the recorded access attempts to a collector operable to analyze the collected access attempts.
-
-
31. A method of providing nonintrusive database security comprising:
-
identifying a plurality of access mediums operable to provide local access to a database via access attempts from a user, the identified access mediums including local access mediums emanating from a local server, the local server in direct communication with the database; enumerating, for each of the identified access mediums, an access control mechanism operable to limit access attempts made via the access medium, each access medium having a corresponding prevention measure, and enumerating comprising covering all access attempts to the database emanating on the local server; generating, from a configuration file, an access matrix having an entry for each of a combination of operating systems and local access mediums, the access matrix indicating the corresponding prevention measure to be invoked for each combination, the local access mediums defined by interprocess communication mechanisms emanating and terminating on the local server; indexing the access matrix based on the local access medium and the operating system; and applying, to each of the identified access mediums, the enumerated access control mechanism to limit access attempts made via the access medium, each of the enumerated access control mechanisms applicable to a subset of the identified access mediums, limiting further comprising performing at least one of preventing the access attempt made via the access medium in response to that access medium not being interceptable and reporting the access attempt made via the access medium for further analysis.
-
Specification