Abstract

Today, the internet has become a 4th necessity for human after air, water and food. The internet is widely used for business. Now-a-days, billions of transactions are done online with the use of different applications. In today's world threats to security is becoming more and more sensitive issue, lots of attacks have taken place in recent years. It is observed that there are many leakages in the security of web applications. Five attacks out of top ten attacks are done using Structured Query Language (SQL). Database attacks mostly affect on Data Theft, Data manipulation and by Pass user authentication. Our study focus is to prevent sensitive data exposure. The authors have proposed dynamic database security policy to prevent sensitive data exposure using Oracle database

References

• OWASP: https://www. owasp. org /index. php/ Top_10_2013-A1-Injection: accessed 31st May 2014
• Internet hosting statistics : http:/ /www. netcraft. com/internet-data-mining: accessed 31st May 2014
• Common Weakness Enumeration: http:// cwe. mitre. org/data/definitions/89. html : accessed 3rd June 2013
• Internet users : http://www. internetlivestats. com /internet-users: accessed 14th June 2014
• Nina Godbole, "Information Systems Security: Security Manaement, Metrics, Frameworks and Best Practices", Wiley India Pvt. Ltd, First Edition 2009
• Vulnerability Analysis: http://www. cert. org/vulnerability-analysis/publications/index. cfm:, accessed 14th June 2014
• http://www. symantec. com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018 . en-us. pdf
• Nina Godbole and Sunit Belapure, "Cyber Security: Understanding Cyber Crimes, Computer Forensic and Legal Perspective", Wiley India Pvt. Ltd, First Edition 2011
• Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 1: SQL Injection. " Page 3-27. McGraw-Hill. 2010
• Rahul Johri and Pankaj Sharma " A Survey on Web Application Vulnerabilities(SQLIA and XSS) Exploitation and Security Engine for SQL Injection", IEEE 2012
• Diallo Abdoulaye and Al-Sakib Khan Pathan, " A Survey on SQL Injection: Vulnerabilities, attacks AND Prevention Techniques", IEEE 15th International Symposiam on Consumer Electronics, 2011
• Ramya Dharam and Sajjan G Shiva, "A framework for development of Runtime Monitors", 2012 International Conference on Computer & Information Science ( ICCIS), 2012, IEEE, 978-1-4673-1938-612
• Jun Ziang Pinn and A. Fr. Zung:A NEW WATERMARKING TECHNIQUE FOR SECURE DATABASE, International Journal of Computer Engineering & Applications, Vol. I, No. I
• Dr. Anwar Pasha Abdul Gafoor Deshmukh, Dr. Riyazuddin Qureshi: Transparent Data Encryption- Solution for Security of Database Contents, International Journal of Advanced Computer Science and Applications, Vol. 2, No. 3, March 2011, page 25
• Samba Sesay, Zongkai Yang, Jingwen Chen, Du Xu, "A Secure Database Encryption Scheme", Second IEEE Consumer Communications and Networking Conference (CCNC), 3-6 Jan. 2005, pp. 49- 53
• Lianzhong Liu and Jingfen Gai, "A New Lightweight Database Encryption Scheme Transparent to Applications", 6th IEEE International Conference on Industrial Informatics, 13-16 July 2008, pp. 135-140.
• Hasan Kadhem, Toshiyuki Amagasa, Hiroyuki Kitagawa, "A Novel Framework for Database Security based on Mixed Cryptography", Fourth International Conference on Internet and Web Applications and Services, 24-28 May 2009, pp. 163-170
• M. Naseem, Ibrahim M. Hussain, M. Kamran Khan, Aisha Ajmal, "An Optimum Modified Bit Plane Splicing LSB Algorithm for Secret Data Hiding", International Journal of Computer Applications, Vol. 29, No. 12, 2011. Foundation of Computer Science, New York, USA, pp. 36-43
• Wen-Chung Kuo, Dong-Jin Jiang, Yu-Chih Huang, "A Reversible Data Hiding Scheme Based on Block Division", Congress on Image and Signal Processing, Vol. 1, 27-30 May 2008, pp. 365-369
• S Rizvi, A Mendelzon, S Sudarshan, Prasan Roy, "Extending query rewriting techniques for fine-grained access control", Proceedings of the ACM SIGMOD international conference on Management of data, 2004, pp. 551–562.
• Q Wang, T Yu, N Li, J Lobo, E Bertino, "On the Correctness Criteria of Fine Grained Access Control in Relational Databases", Proceedings of the 33rd international conference on Very large data bases, 2007, pp. 555-566.
• S Chaudhuri, T Dutta, S. Sudarshan, "Fine Grained Authorization Through Predicated Grants", IEEE 23rd International Conference on Data Engineering, 15-20 April 2007, pp. 1174-1183.
• Hong Zhu and Kevin Lü, "Fine-Grained Access Control for Database Management Systems", Data Management. Data, Data Everywhere, vol. 4587, 2007, pp. 215-223
• Zheng Zhang and Alberto O. Mendelzon, "Authorization Views and Conditional Query Containment", International Conference on Database Theory, vol. 3363, 2005, pp. 259-273
• Internet and social network penetration worldwide: http://wearesocial. net/tag/stats/ visited on 25th July 2014.
• DBMS_RLS :docs. oracle. com: visited on 25th July 2014