US20060259950A1 - Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior - Google Patents

Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior Download PDF

Info

Publication number
US20060259950A1
US20060259950A1 US11/357,741 US35774106A US2006259950A1 US 20060259950 A1 US20060259950 A1 US 20060259950A1 US 35774106 A US35774106 A US 35774106A US 2006259950 A1 US2006259950 A1 US 2006259950A1
Authority
US
United States
Prior art keywords
user
data
access
query
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/357,741
Inventor
Ulf Mattsson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Protegrity Corp
Original Assignee
Protegrity Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Protegrity Corp filed Critical Protegrity Corp
Priority to US11/357,741 priority Critical patent/US20060259950A1/en
Assigned to PROTEGRITY CORPORATION reassignment PROTEGRITY CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MATTSSON, ULF
Publication of US20060259950A1 publication Critical patent/US20060259950A1/en
Priority to US13/778,060 priority patent/US8701191B2/en
Priority to US14/181,825 priority patent/US8935787B2/en
Priority to US14/564,103 priority patent/US10552622B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/16Protection against loss of memory contents
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the disclosure is directed to software for interacting with a database, and in particular, to software for interacting with databases that include encrypted data.
  • a method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.
  • the method includes one or more of the following features.
  • the data-at-rest system is a database system.
  • the method further includes modifying the protection of data at one of the multiple system layers. The step of modifying is performed based on a result of the link intrusion prevention analysis.
  • the privacy policy includes access control information.
  • the privacy policy includes intrusion detection information.
  • the privacy policy includes cryptographic information.
  • a method for controlling access to a database system includes assigning a first access criterion and a second access criterion to a user role, receiving a query from a user, the user having an access history, determining that the user matches the user role, comparing, in a first system layer, the access history to the first access criterion, and comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.
  • the method includes one or more of the following features.
  • the first access criterion comprises a privacy policy.
  • the method further includes learning a value for the first access criterion.
  • the method further includes selecting a response to the query, wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query. Selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.
  • a method for accessing data includes in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter, in the first system layer, comparing the counter to a first threshold, transmitting a second request to a second system layer, the second request being based on the first request.
  • the method includes one or more of the following features.
  • the method further includes comparing the counter to a second threshold.
  • the counter includes a scorecard.
  • the method further includes determining that the counter exceeds a third threshold, and alerting a system administrator.
  • the method further includes, in the first system layer, transmitting a notification to the second system layer to deny the second request.
  • FIGS. 1, 3 and 6 are block diagrams of database systems.
  • FIGS. 2A, 2B , 2 C, 4 A, 4 B, and 5 are flow charts.
  • a method and system for overcoming the foregoing difficulties provides for the introduction of a privacy policy with enforcement points that span multiple system layers.
  • the privacy policy is coupled with link intrusion prevention analysis between multiple system layers.
  • the scope, both in data and in time, for enforcing data privacy and encryption is then dynamically optimized between multiple system layers.
  • multiple system layers includes application database sessions, table data access, table space access, and database file level access.
  • transaction is intended to include queries.
  • data at rest is intended to include all forms of stored data.
  • a “data-at-rest system” includes any system for storing data.
  • selected rules control the amount of data that is exposed, and the time window for exposure of unencrypted data.
  • a policy underlying the selected rules defines the extent to which data privacy is to be enforced for particular data. This extent, which includes the extent of the particular data exposed and the duration of such exposure, is determined on the basis of the sensitivity of the particular data.
  • Dynamic control over the extent and duration of unencrypted-data exposure required to satisfy a user transaction is provided by linking the intrusion detection point (“IDP”), the policy enforcement point (“PEP”), the audit generation point (“AGP”), and the data-at-rest encryption point (“DEP”). These scopes are controlled by an operational sensitivity class defined in the policy.
  • the operational sensitivity class defines what rules to check and when to do so by linking the IDP, the PEP, the AGP, and the DEP.
  • a scorecard is provided to accumulate violation attempts. On the basis of the number of violation attempts, session statistics, and data access statistics spanning multiple system layers, one can determine whether a threshold indicative of an attack has been reached.
  • a system as described above enhances the ability to detect advanced attacks on data as well as instances of data misuse.
  • the system also reduces the extent to which data is exposed and outside the control of the security/encryption system, both in terms of the amount of data being exposed and the duration of such exposure.
  • the system enables effective performance optimization and offloading of cryptographic operations.
  • a user 115 communicates through a client 114 , which interacts with an application server 113 .
  • the application server 113 communicates with a PEP 101 to request authorization and to transmit auditing data.
  • the application server 113 also passes queries along to a database 107 , which itself communicates with the PEP 101 to request authorization.
  • the database process 107 also communicates with a DEP 103 to request decryption.
  • the DEP 103 utilizes a hardware security module (“HSM”) 105 and a software security module (“SSM”) 106 .
  • HSM hardware security module
  • SSM software security module
  • the database process 107 transmits requests to its buffer 110 , which (through a process overseeing the buffer) sends audit information to the PEP 101 .
  • the buffer process then transmits requests to a file system file 108 , which also communicates with the DEP 103 to request that a file be decrypted.
  • the PEP 101 communicates directly with the DEP 103 to provide authorization for other components to decrypt files.
  • the PEP 101 interacts with the AGP 104 to store audit information.
  • the PEP 101 calls the IDP 102 to provide information used in determining whether a given query should be allowed.
  • the IDP 102 tells the PEP 101 that a given query should either be allowed, blocked, or allowed but with an alert sent to the system administrator. It performs this task with the aid of intrusion detection rules 112 and a scorecard 111 associated with each user.
  • the DEP 103 can be optimized to perform at a layer that allows granularity (e.g., operations on a table cell vs. a table vs. an entire database vs. an entire file system) in compliance with a privacy policy.
  • the DEP 103 can then dynamically dispatch an operation to be performed, either by a hardware security module (“HSM”) 105 or by a software encryption engine 106 , or a combination thereof.
  • HSM hardware security module
  • the DEP 103 can operate on an in-memory database or on a disk.
  • Operations on different levels of granularity may be achieved, in the depicted example, by associating the DEP 103 with multiple layers of the database hierarchy.
  • the DEP 103 is connected to The database process 107 and the data store (file system) layer 108 .
  • An encryption request originating at the database layer 302 permits the DEP 103 to encrypt data in an individual row, column, or cell. (It might also, however, permit a database administrator to decrypt data for which the administrator lacks authorization.)
  • an encryption request originating at the file system layer 108 permits the DEP 103 to encrypt data in an individual file system file, thereby preventing a database administrator from accessing sensitive data.
  • the DEP 103 can, under certain conditions, dynamically re-route a decryption request from a software security module 106 to a hardware security module 105 .
  • Exemplary conditions include having a message size larger than a predetermined size. This dynamic re-routing optimizes performance and offloads cryptographic operations.
  • the PEP 101 can carry out any combination of the following options: issuing a security alert, blocking access to selected data, disabling one or more users, and disabling a request.
  • FIGS. 1 and 2 A- 2 C illustrate one example of the operation of a system including a PEP 101 , an IDP 102 , a DEP 103 , and an AGP 104 .
  • a database user 115 initiates a transaction through a client 114 , such as a web browser (step 201 ).
  • the client 114 sends a request to an application server 113 , e.g., a web server (step 202 ).
  • the application server 113 initiates an authentication request with the PEP 101 (step 203 ).
  • the PEP 101 in conjunction with the IDP 102 , verifies the user's authorization, as described in more detail below in connection with FIGS. 5A and 5B (step 204 ). If the user is not authorized (step 205 ), the PEP blocks the query (step 213 ). If the user is authorized, then the application server 113 sends auditing information to the PEP 101 (step 206 ), which the PEP 101 transmits to the AGP 104 (step 207 ). Audit information includes the database user ID, the date and time, the SQL query and other action details, the originating machine name or IP address, and the database name.
  • the application server 113 then sends a request to a database 107 (step 208 ).
  • the database process 107 again seeks authorization from the PEP 101 (step 209 ).
  • the PEP 101 again in conjunction with the IDP 102 verifies the user's authorization as described in connection with FIGS. 5A and 5B (step 210 ). If authorization is granted (step 211 ), the PEP 101 transmits the authorization to the database process 107 as well as to the DEP 103 (step 212 ).
  • the authorization to the DEP 103 indicates that The database process 107 is permitted to access decryption keys associated with columns to which the user 115 has access. If authorization is refused, the PEP 101 blocks the query (step 213 ) and The database process 107 returns an error (step 214 ), which the client 114 propagates to the user 115 (step 215 ).
  • a database process 107 accesses a file 108 in the file system, through the database's buffer 110 to read the relevant data (step 216 ).
  • a computer process overseeing the buffer 110 sends additional audit information to the PEP 101 (step 217 ), which the PEP 101 transmits to the AGP 104 (step 218 ).
  • the database file 108 is encrypted (step 219 )
  • the file system requests that the DEP 103 decrypt the file (step 220 ).
  • the DEP 103 decrypts the file using a hardware security module (“HSM”) 105 and/or a software decryption engine 106 (step 222 ), and returns the requested contents (step 223 ).
  • HSM hardware security module
  • the database process 107 then checks to see if any of the requested information is in an encrypted column (step 224 ). If so, the process overseeing the database process 107 requests that the DEP 103 decrypt the relevant columns (step 225 ). The DEP performs the requested decryption using the HSM 105 and/or the software decryption engine 106 (step 226 ), and returns the decrypted results (step 227 ).
  • the database process 107 extracts the relevant information (step 228 ) and returns it to the application server 113 (step 229 ).
  • the application server 113 returns a result to the client 114 (step 230 ), which displays a result to the user 115 (step 231 ).
  • a PEP 101 connected to the database server utilizes the identity of the application user (in addition to or instead of the database user) as a factor in determining whether a given request is authorized.
  • the PEP 101 does this by communicating with an application user mapping table located within the application server's security system 312 .
  • the table contains a mapping associating the application user with the database user. Real time mapping data provides information about which application user is using the database connection at any given time.
  • the mapping table is stored in a database table.
  • the mapping table is stored in a file.
  • the table, or simply the identity of the application user is transmitted by the application server to the database server during the session.
  • security components are connected to three levels: the web or application server 301 ; the database 302 ; and the data store or file system 303 . Services on these three levels communicate across multiple channels: the data request channel 304 ; the session information channel 305 ; and the directory information channel 306 .
  • user A 309 is logged in to an application.
  • the application requests data, as user B 310 , over the data request channel 304 , from the database.
  • the database is running as user C 311 on a server, and requests data, over another data request channel, from the data store (e.g., the file system).
  • mapping table which associates user A 309 (the application user) with user B 310 (the database user), is maintained. This information may be communicated, via a separate session information channel 305 , to the database's security system 307 .
  • Examples of further details of the operation of the PEP 101 , the IDP 102 , and the DEP 103 are provided below.
  • the boundaries of the functions performed by the IDP 102 , the PEP 101 , the AGP 104 , and the DEP 103 are not fixed; some functions may be combined in a single component, or allocated differently between components.
  • FIG. 4A explains in further detail an example of operation of the PEP 101 (see FIG. 2 , steps 204 and 210 ).
  • the PEP 101 receives a request for authorization (step 401 ).
  • the PEP 101 retrieves the user's identity and corresponding group, as described below in connection with FIG. 4B (step 402 ).
  • the PEP 101 determines whether the user or group is authorized to access the requested data, for example, by consulting a privacy policy or access control list (step 403 ). If the user or group is unauthorized to access the requested data, the PEP 101 skips to step 410 .
  • the PEP 101 then retrieves session variables (including the time of day, day of week, IP address from which the user is logged in, the user's geographic location, the user's identity, the user's group, the user's client's software, etc.), and stores these variables as the user's “role” (step 404 ).
  • the PEP 101 then communicates with the IDP 102 to determine whether the query is valid for the user's role (step 405 ). The IDP makes this determination in a process exemplified by FIG. 5 .
  • the PEP 101 determines whether the IDP 102 allowed the query (step 406 ). If the IDP 102 rejects the query, the PEP 101 skips to step 410 .
  • the PEP 101 checks to see whether the IDP 102 indicated that an alert was to be sent to the system administrator (step 407 ). If so, the PEP alerts the administrator (step 408 ). In either event, the PEP 101 authorizes the query (step 409 ). If the query was not allowed, the PEP 101 denies authorization for the query (step 410 ).
  • FIG. 4B describes how, in some examples, the database's security system 307 retrieves the user's identity and corresponding group in step 402 .
  • the PEP 101 in the database's security system 307 opens a session information channel 305 to the application server 301 (step 451 ).
  • the PEP 101 requests, from a mapping table in the application's security system 312 , the application user corresponding to the current database user (for example, user B 310 ) (step 452 ).
  • the application server responds, for example, that the corresponding user is user A 309 (step 453 ).
  • the PEP 101 opens a separate directory information channel 306 back to the application server 301 (step 454 ).
  • the PEP 101 requests the group mapping for user A 309 (step 455 ).
  • the application server 301 indicates that user A 309 is a member of group X (step 456 ).
  • FIG. 4B describes the process by which the PEP 101 in the database's security system 307 retrieves information from the application server 301 .
  • the PEP 101 in the data store's security system 308 requests the identity of the database user (i.e., user B 310 ) from the PEP 101 in the database security system 307 over the session information channel 305 .
  • the PEP 101 in the data store's security system 308 may also ascertain the database user's group over the directory information channel 306 .
  • the PEP 101 in the data store's security system 308 can identify the application user by requesting the information from the PEP 101 in the database's security system 307 , which then relays the query to the application server's mapping table 311 .
  • the PEP 101 in the data store's security system 308 can ascertain the application user's group, by requesting the information from the PEP 101 in the database's security system 307 , which then relays the query to the mapping table 311 in the application server.
  • a database's security system 307 (for example, through its PEP 101 ) notifies other layers to indicate that a severe attack has occurred.
  • the IDP 102 in the application server's security system 312 receives this notification and subsequently blocks all access attempts that would otherwise have only triggered an alert to the system administrator.
  • the DEP 103 in the data store's security system 308 receives this notification and blocks all subsequent requests to decrypt data.
  • a PEP 101 detects that authorized access to credit card information at the database level exceeds normal usage, but not is not at a critical level.
  • the PEP 101 modifies a privacy policy to instruct the application server's security system 312 to block further access attempts.
  • the PEP 101 in the application server's security system 312 detects multiple hacking attempts from multiple locations.
  • the security system 312 modifies a privacy policy to block requests at the application server 312 level, increase file security at the data store's security system 308 , and prevent the data store's security system 308 as well as the database's security system 307 from decrypting sensitive data.
  • the IDP 102 has a learning mode and an enforcement mode.
  • learning mode the IDP 102 acquires information about users of the system, including the typical time of day and day of week during which they access the system, the resources they usually access, their physical location or IP address, and the volume of data they usually access.
  • the IDP 102 maintains a Bayesian network to associate authorized accesses with these variables. In other examples, other types of learning may be used.
  • enforcement mode it denies access to a user when the time or day of access, the resources accessed, the user's location or IP address, or the volume of data requested exceeds a learned threshold or differs from learned values.
  • the IDP 102 optionally alerts a system administrator when any of these criteria exceeds a learned threshold or differs from learned values.
  • the IDP 102 accepts user logins only during certain times of day, or only on certain days of the week, or only from certain physical locations. In some examples, the IDP 102 learns how these criteria should be restricted. In other examples, the system administrator manually enters restrictions. In some examples, the system administrator manually changes restrictions, for example, to temporarily allow a particular user to log in from a distant location when the user is on vacation.
  • the IDP 102 restricts the volume of data a user may access in a given day. In one example, the IDP 102 permits a user to access only a predetermined number of rows per day from a given table. In another example, the IDP 102 permits a user to issue only a predetermined number of queries per day in a given table. In other examples, the user is restricted to a given volume of data over the entire database, rather than in specific tables. In some examples, the IDP 102 uses a counter to maintain information about the volume of data a user has accessed by means of a counter.
  • an IDP 102 restricts access based on the user's role.
  • a user's role may be based on his or her identity, the time of day, the day of week, the IP address being used, the country or geographic region from which the request originates, etc.
  • an IDP 102 located in the database server sets a maximum number of rows per day accessible to users in a given role. Some examples restrict the number of rows a user in a given role may insert, or the number of rows a user in a given role may modify, or the number of rows a user in a given role may delete. In some examples, these values are learned while the IDP 102 is in learning mode.
  • Some examples permit the IDP 102 and/or the PEP 101 to communicate with a trusted component running on an authorized client to further assist in user authentication.
  • the IDP 102 utilizes one or more of the following criteria to decide whether to permit access, block access, or alert the administrator: session authorization (i.e., the user's identity); session authentication (i.e., the resources a user is entitled to access); session encryption; password integrity; database software integrity; application data integrity; database metadata integrity; security software integrity; time of day of access; and signature rules (i.e., pattern matching and content analysis to detect any known attack signature using, e.g., Snort® network intrusion detection software).
  • session authorization i.e., the user's identity
  • session authentication i.e., the resources a user is entitled to access
  • session encryption i.e., the resources a user is entitled to access
  • password integrity i.e., the resources a user is entitled to access
  • database software integrity i.e., application data integrity; database metadata integrity; security software integrity; time of day of access
  • signature rules i.e., pattern matching and content analysis to detect any known attack signature using, e.g
  • the IDP 102 triggers an alert whenever a particular user accesses an abnormally high volume of data.
  • the PEP 101 analyzes an audit log to ascertain whether unusual activity is occurring. If so, the IDP 102 can disallow further accesses by the current user, and/or send an alert to a system administrator.
  • the IDP 102 receives a request for authorization from the PEP 101 (step 501 ).
  • the request includes information about the user's role (see FIG. 4A , step 404 ).
  • the request also includes a query the user seeks to execute.
  • the IDP 102 next retrieves the user's scorecard 111 (including variables tracking a user's total volume of access in a given time period, e.g., total number of rows accessed in a day, total kilobytes of data downloaded in a day, etc.) (step 502 ).
  • the IDP 102 checks to see if it is in learning mode (step 503 ). If it is, then the IDP 102 updates a Bayesian network to learn that the query is authorized for this user role (step 504 ). Next, the IDP 102 adds data from the current query to the user's scorecard 111 (step 505 ). Finally, the IDP 102 transmits authorization to the PEP 101 (step 506 ).
  • the IDP 102 calculates the probability that the query is allowed for the user's role (step 507 ). If this probability is below a predetermined threshold a (step 508 ), then the IDP 102 tells the PEP 101 to block the query (step 509 ). If, instead, the probability is between the threshold a and a predetermined threshold b, where b>a (step 510 ), then the IDP 102 adds the data from the current query to the scorecard 111 (step 511 ), allows the query, and tells the PEP 101 to send an alert to a system administrator (step 512 ). If the probability is greater than the threshold b, the IDP 102 simply allows the query (step 513 ).
  • the IDP 102 maintains a set of i thresholds t i . For each interval [t i , t i+1 ), a different action k i is defined. If the probability that the query is allowed is within the interval [t i , t i+1 ), then the action k i is performed.
  • the IDP 102 increments the value on the scorecard 111 in response to accesses, or attempted accesses, to sensitive resources.
  • sensitive resources include access to prespecified applications and prespecified network addresses.
  • the IDP 102 increments the value of the scorecard by a greater amount in response to a failed or disallowed attempt to access the sensitive resource.
  • FIG. 7 depicts an example of interaction between a DEP 601 connected to a database 603 and a DEP 602 connected to a file system 604 .
  • a DEP 601 connected to a database 603
  • a DEP 602 connected to a file system 604 .
  • two columns are encrypted, but the table itself is not.
  • authorization is handled entirely by the database's DEP 601 .
  • a second example view 606 one column is encrypted, and the table is encrypted as well.
  • the database's DEP 601 provides the decryption key for the column, while the file system's DEP 602 provides the decryption key for the table.
  • a database administrator would be precluded from accessing secure data due to the table-level encryption.
  • no columns are individually encrypted; but the table is encrypted.
  • the file system's DEP 602 provides the decryption key.
  • a PEP 101 when a PEP 101 determines that a given query is to be blocked, it performs one or more of the following tasks: disconnecting the user; denying access to cryptographic keys; writing a record in a log file; and sending an error return code, coupled with no data, back to the requesting application.
  • the PEP 101 includes a machine and program authorization (MPA) component.
  • MPA machine and program authorization
  • This component prevent or restrict users with valid login names and passwords from connecting to the database unless they access the database from a machine that has been preauthorized. Machines are authorized if they have an authorized IP address, and additionally, if they are able to specify both the port on which the database server is listening and the name of the database.
  • the PEP 101 , IDP 102 , DEP 103 , and AGP 104 are part of the ProtegrityTM Secure Data server, which is available from Protegrity Corporation of Stamford, Conn.

Abstract

A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.

Description

    RELATED APPLICATION
  • This application claims priority from co-pending provisional U.S. Application Ser. No. 60/654,181, filed Feb. 18, 2005. This application also claims priority from copending U.S. application Ser. No. 10/034,996, filed Dec. 28, 2001.
  • FIELD OF DISCLOSURE
  • The disclosure is directed to software for interacting with a database, and in particular, to software for interacting with databases that include encrypted data.
  • BACKGROUND
  • It is difficult to detect advanced attacks on data and data misuse by monitoring only one system layer. It is likewise difficult to attain acceptable performance in using external policy driven encryption systems.
  • One difficulty arises because large amounts of encrypted data are exposed when providing an efficient search on encrypted data. In addition, large amounts of sensitive data are exposed when using effective performance optimization to offload cryptographic operations. This results in exposure of data in memory or disk, outside of the control of the security/encryption system.
  • SUMMARY
  • In general, in some aspects, a method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.
  • In some implementations, the method includes one or more of the following features. The data-at-rest system is a database system. The method further includes modifying the protection of data at one of the multiple system layers. The step of modifying is performed based on a result of the link intrusion prevention analysis. The privacy policy includes access control information. The privacy policy includes intrusion detection information. The privacy policy includes cryptographic information.
  • In general, in some aspects, a method for controlling access to a database system includes assigning a first access criterion and a second access criterion to a user role, receiving a query from a user, the user having an access history, determining that the user matches the user role, comparing, in a first system layer, the access history to the first access criterion, and comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.
  • In some implementations, the method includes one or more of the following features. The first access criterion comprises a privacy policy. The method further includes learning a value for the first access criterion. The method further includes selecting a response to the query, wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query. Selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.
  • In general, in some aspects, a method for accessing data includes in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter, in the first system layer, comparing the counter to a first threshold, transmitting a second request to a second system layer, the second request being based on the first request.
  • In some implementations, the method includes one or more of the following features. The method further includes comparing the counter to a second threshold. The counter includes a scorecard. The method further includes determining that the counter exceeds a third threshold, and alerting a system administrator. The method further includes, in the first system layer, transmitting a notification to the second system layer to deny the second request.
  • Other general aspects include other combinations of the aspects and features described above and other aspects and features expressed as methods, apparatus, systems, program products, and in other ways.
  • Advantages and features will become apparent from the following description and claims.
  • DESCRIPTION OF DRAWINGS
  • FIGS. 1, 3 and 6 are block diagrams of database systems.
  • FIGS. 2A, 2B, 2C, 4A, 4B, and 5 are flow charts.
  • DETAILED DESCRIPTION
  • The system described herein is intended to be integrated into that described in copending U.S. application Ser. No. 10/034,996, filed Dec. 28, 2001, and entitled METHOD FOR INTRUSION DETECTION IN A DATABASE SYSTEM, the contents of which are herein incorporated by reference.
  • A method and system for overcoming the foregoing difficulties provides for the introduction of a privacy policy with enforcement points that span multiple system layers.
  • The privacy policy is coupled with link intrusion prevention analysis between multiple system layers. The scope, both in data and in time, for enforcing data privacy and encryption is then dynamically optimized between multiple system layers.
  • As used herein, multiple system layers includes application database sessions, table data access, table space access, and database file level access. The term “transaction” is intended to include queries. The term “data at rest” is intended to include all forms of stored data. A “data-at-rest system” includes any system for storing data.
  • In a system for overcoming the foregoing difficulties, selected rules control the amount of data that is exposed, and the time window for exposure of unencrypted data. A policy underlying the selected rules defines the extent to which data privacy is to be enforced for particular data. This extent, which includes the extent of the particular data exposed and the duration of such exposure, is determined on the basis of the sensitivity of the particular data.
  • Dynamic control over the extent and duration of unencrypted-data exposure required to satisfy a user transaction is provided by linking the intrusion detection point (“IDP”), the policy enforcement point (“PEP”), the audit generation point (“AGP”), and the data-at-rest encryption point (“DEP”). These scopes are controlled by an operational sensitivity class defined in the policy. The operational sensitivity class defines what rules to check and when to do so by linking the IDP, the PEP, the AGP, and the DEP.
  • At the intrusion detection point, a scorecard is provided to accumulate violation attempts. On the basis of the number of violation attempts, session statistics, and data access statistics spanning multiple system layers, one can determine whether a threshold indicative of an attack has been reached.
  • A system as described above enhances the ability to detect advanced attacks on data as well as instances of data misuse. The system also reduces the extent to which data is exposed and outside the control of the security/encryption system, both in terms of the amount of data being exposed and the duration of such exposure. In addition, the system enables effective performance optimization and offloading of cryptographic operations.
  • In an exemplary security system 116, depicted in FIG. 1, a user 115 communicates through a client 114, which interacts with an application server 113. The application server 113 communicates with a PEP 101 to request authorization and to transmit auditing data. The application server 113 also passes queries along to a database 107, which itself communicates with the PEP 101 to request authorization. The database process 107 also communicates with a DEP 103 to request decryption. The DEP 103, in turn, utilizes a hardware security module (“HSM”) 105 and a software security module (“SSM”) 106.
  • The database process 107 transmits requests to its buffer 110, which (through a process overseeing the buffer) sends audit information to the PEP 101. The buffer process then transmits requests to a file system file 108, which also communicates with the DEP 103 to request that a file be decrypted.
  • The PEP 101 communicates directly with the DEP 103 to provide authorization for other components to decrypt files. The PEP 101 interacts with the AGP 104 to store audit information. The PEP 101 calls the IDP 102 to provide information used in determining whether a given query should be allowed. In response, the IDP 102 tells the PEP 101 that a given query should either be allowed, blocked, or allowed but with an alert sent to the system administrator. It performs this task with the aid of intrusion detection rules 112 and a scorecard 111 associated with each user.
  • The DEP 103 can be optimized to perform at a layer that allows granularity (e.g., operations on a table cell vs. a table vs. an entire database vs. an entire file system) in compliance with a privacy policy. The DEP 103 can then dynamically dispatch an operation to be performed, either by a hardware security module (“HSM”) 105 or by a software encryption engine 106, or a combination thereof. The DEP 103 can operate on an in-memory database or on a disk.
  • Operations on different levels of granularity may be achieved, in the depicted example, by associating the DEP 103 with multiple layers of the database hierarchy. The DEP 103 is connected to The database process 107 and the data store (file system) layer 108. An encryption request originating at the database layer 302 permits the DEP 103 to encrypt data in an individual row, column, or cell. (It might also, however, permit a database administrator to decrypt data for which the administrator lacks authorization.) In some embodiments, an encryption request originating at the file system layer 108 permits the DEP 103 to encrypt data in an individual file system file, thereby preventing a database administrator from accessing sensitive data.
  • If permitted by the privacy policy, the DEP 103 can, under certain conditions, dynamically re-route a decryption request from a software security module 106 to a hardware security module 105. Exemplary conditions include having a message size larger than a predetermined size. This dynamic re-routing optimizes performance and offloads cryptographic operations.
  • Upon detecting an attack, the PEP 101 can carry out any combination of the following options: issuing a security alert, blocking access to selected data, disabling one or more users, and disabling a request.
  • FIGS. 1 and 2A-2C illustrate one example of the operation of a system including a PEP 101, an IDP 102, a DEP 103, and an AGP 104. In this example, a database user 115 initiates a transaction through a client 114, such as a web browser (step 201). The client 114 sends a request to an application server 113, e.g., a web server (step 202).
  • The application server 113 initiates an authentication request with the PEP 101 (step 203). The PEP 101, in conjunction with the IDP 102, verifies the user's authorization, as described in more detail below in connection with FIGS. 5A and 5B (step 204). If the user is not authorized (step 205), the PEP blocks the query (step 213). If the user is authorized, then the application server 113 sends auditing information to the PEP 101 (step 206), which the PEP 101 transmits to the AGP 104 (step 207). Audit information includes the database user ID, the date and time, the SQL query and other action details, the originating machine name or IP address, and the database name.
  • The application server 113 then sends a request to a database 107 (step 208). The database process 107 again seeks authorization from the PEP 101 (step 209). The PEP 101 again in conjunction with the IDP 102 verifies the user's authorization as described in connection with FIGS. 5A and 5B (step 210). If authorization is granted (step 211), the PEP 101 transmits the authorization to the database process 107 as well as to the DEP 103 (step 212). The authorization to the DEP 103 indicates that The database process 107 is permitted to access decryption keys associated with columns to which the user 115 has access. If authorization is refused, the PEP 101 blocks the query (step 213) and The database process 107 returns an error (step 214), which the client 114 propagates to the user 115 (step 215).
  • If the PEP 101 grants authorization, a database process 107 accesses a file 108 in the file system, through the database's buffer 110 to read the relevant data (step 216). A computer process overseeing the buffer 110 sends additional audit information to the PEP 101 (step 217), which the PEP 101 transmits to the AGP 104 (step 218). If the database file 108 is encrypted (step 219), the file system requests that the DEP 103 decrypt the file (step 220). If the DEP 103 has been previously authorized by the PEP 101 in step 212 (step 221), then the DEP 103 decrypts the file using a hardware security module (“HSM”) 105 and/or a software decryption engine 106 (step 222), and returns the requested contents (step 223).
  • The database process 107 then checks to see if any of the requested information is in an encrypted column (step 224). If so, the process overseeing the database process 107 requests that the DEP 103 decrypt the relevant columns (step 225). The DEP performs the requested decryption using the HSM 105 and/or the software decryption engine 106 (step 226), and returns the decrypted results (step 227).
  • The database process 107 extracts the relevant information (step 228) and returns it to the application server 113 (step 229). The application server 113 returns a result to the client 114 (step 230), which displays a result to the user 115 (step 231).
  • Often, many application users will share a single database user. In some examples, a PEP 101 connected to the database server utilizes the identity of the application user (in addition to or instead of the database user) as a factor in determining whether a given request is authorized. The PEP 101 does this by communicating with an application user mapping table located within the application server's security system 312. The table contains a mapping associating the application user with the database user. Real time mapping data provides information about which application user is using the database connection at any given time. In some examples, the mapping table is stored in a database table. In other examples, the mapping table is stored in a file. In still other examples, the table, or simply the identity of the application user, is transmitted by the application server to the database server during the session.
  • As illustrated in FIG. 3, in some examples, security components are connected to three levels: the web or application server 301; the database 302; and the data store or file system 303. Services on these three levels communicate across multiple channels: the data request channel 304; the session information channel 305; and the directory information channel 306. In the depicted example, user A 309 is logged in to an application. The application requests data, as user B 310, over the data request channel 304, from the database. The database is running as user C 311 on a server, and requests data, over another data request channel, from the data store (e.g., the file system).
  • Meanwhile, on the application server 301, a mapping table, which associates user A 309 (the application user) with user B 310 (the database user), is maintained. This information may be communicated, via a separate session information channel 305, to the database's security system 307.
  • Examples of further details of the operation of the PEP 101, the IDP 102, and the DEP 103 are provided below. The boundaries of the functions performed by the IDP 102, the PEP 101, the AGP 104, and the DEP 103 are not fixed; some functions may be combined in a single component, or allocated differently between components.
  • A. PEP
  • FIG. 4A explains in further detail an example of operation of the PEP 101 (see FIG. 2, steps 204 and 210). First, the PEP 101 receives a request for authorization (step 401). The PEP 101 then retrieves the user's identity and corresponding group, as described below in connection with FIG. 4B (step 402). The PEP 101 then determines whether the user or group is authorized to access the requested data, for example, by consulting a privacy policy or access control list (step 403). If the user or group is unauthorized to access the requested data, the PEP 101 skips to step 410.
  • If the user or group is authorized, the PEP 101 then retrieves session variables (including the time of day, day of week, IP address from which the user is logged in, the user's geographic location, the user's identity, the user's group, the user's client's software, etc.), and stores these variables as the user's “role” (step 404). The PEP 101 then communicates with the IDP 102 to determine whether the query is valid for the user's role (step 405). The IDP makes this determination in a process exemplified by FIG. 5. The PEP 101 determines whether the IDP 102 allowed the query (step 406). If the IDP 102 rejects the query, the PEP 101 skips to step 410.
  • If the query was allowed, the PEP 101 checks to see whether the IDP 102 indicated that an alert was to be sent to the system administrator (step 407). If so, the PEP alerts the administrator (step 408). In either event, the PEP 101 authorizes the query (step 409). If the query was not allowed, the PEP 101 denies authorization for the query (step 410).
  • FIG. 4B describes how, in some examples, the database's security system 307 retrieves the user's identity and corresponding group in step 402. First, the PEP 101 in the database's security system 307 opens a session information channel 305 to the application server 301 (step 451). Next, the PEP 101 requests, from a mapping table in the application's security system 312, the application user corresponding to the current database user (for example, user B 310) (step 452). The application server responds, for example, that the corresponding user is user A 309 (step 453).
  • Next, the PEP 101 opens a separate directory information channel 306 back to the application server 301 (step 454). On the directory information channel 306, the PEP 101 requests the group mapping for user A 309 (step 455). In a typical response, the application server 301 indicates that user A 309 is a member of group X (step 456).
  • FIG. 4B describes the process by which the PEP 101 in the database's security system 307 retrieves information from the application server 301. In some examples, the PEP 101 in the data store's security system 308 requests the identity of the database user (i.e., user B 310) from the PEP 101 in the database security system 307 over the session information channel 305. The PEP 101 in the data store's security system 308 may also ascertain the database user's group over the directory information channel 306.
  • In some examples, the PEP 101 in the data store's security system 308 can identify the application user by requesting the information from the PEP 101 in the database's security system 307, which then relays the query to the application server's mapping table 311. Similarly, in some examples, the PEP 101 in the data store's security system 308 can ascertain the application user's group, by requesting the information from the PEP 101 in the database's security system 307, which then relays the query to the mapping table 311 in the application server.
  • In some practices, a database's security system 307 (for example, through its PEP 101) notifies other layers to indicate that a severe attack has occurred. In some practices, the IDP 102 in the application server's security system 312 receives this notification and subsequently blocks all access attempts that would otherwise have only triggered an alert to the system administrator. In some practices, the DEP 103 in the data store's security system 308 receives this notification and blocks all subsequent requests to decrypt data.
  • One example of these practices is provided where a PEP 101 detects that authorized access to credit card information at the database level exceeds normal usage, but not is not at a critical level. The PEP 101, in this example, modifies a privacy policy to instruct the application server's security system 312 to block further access attempts. In another example, the PEP 101 in the application server's security system 312 detects multiple hacking attempts from multiple locations. The security system 312 modifies a privacy policy to block requests at the application server 312 level, increase file security at the data store's security system 308, and prevent the data store's security system 308 as well as the database's security system 307 from decrypting sensitive data.
  • B. IDP
  • In some embodiments, the IDP 102 has a learning mode and an enforcement mode. In learning mode, the IDP 102 acquires information about users of the system, including the typical time of day and day of week during which they access the system, the resources they usually access, their physical location or IP address, and the volume of data they usually access. In some examples, the IDP 102 maintains a Bayesian network to associate authorized accesses with these variables. In other examples, other types of learning may be used. When the IDP 102 is in enforcement mode, it denies access to a user when the time or day of access, the resources accessed, the user's location or IP address, or the volume of data requested exceeds a learned threshold or differs from learned values. The IDP 102 optionally alerts a system administrator when any of these criteria exceeds a learned threshold or differs from learned values.
  • In some embodiments, the IDP 102 accepts user logins only during certain times of day, or only on certain days of the week, or only from certain physical locations. In some examples, the IDP 102 learns how these criteria should be restricted. In other examples, the system administrator manually enters restrictions. In some examples, the system administrator manually changes restrictions, for example, to temporarily allow a particular user to log in from a distant location when the user is on vacation.
  • In some embodiments, the IDP 102 restricts the volume of data a user may access in a given day. In one example, the IDP 102 permits a user to access only a predetermined number of rows per day from a given table. In another example, the IDP 102 permits a user to issue only a predetermined number of queries per day in a given table. In other examples, the user is restricted to a given volume of data over the entire database, rather than in specific tables. In some examples, the IDP 102 uses a counter to maintain information about the volume of data a user has accessed by means of a counter.
  • In some examples, an IDP 102 restricts access based on the user's role. A user's role may be based on his or her identity, the time of day, the day of week, the IP address being used, the country or geographic region from which the request originates, etc. In some examples, an IDP 102 located in the database server sets a maximum number of rows per day accessible to users in a given role. Some examples restrict the number of rows a user in a given role may insert, or the number of rows a user in a given role may modify, or the number of rows a user in a given role may delete. In some examples, these values are learned while the IDP 102 is in learning mode.
  • Some examples permit the IDP 102 and/or the PEP 101 to communicate with a trusted component running on an authorized client to further assist in user authentication.
  • In some examples, the IDP 102 utilizes one or more of the following criteria to decide whether to permit access, block access, or alert the administrator: session authorization (i.e., the user's identity); session authentication (i.e., the resources a user is entitled to access); session encryption; password integrity; database software integrity; application data integrity; database metadata integrity; security software integrity; time of day of access; and signature rules (i.e., pattern matching and content analysis to detect any known attack signature using, e.g., Snort® network intrusion detection software). To verify data or software integrity, a hash value is stored and verified against periodically.
  • In some examples, the IDP 102 triggers an alert whenever a particular user accesses an abnormally high volume of data. When this alert is triggered, the PEP 101 analyzes an audit log to ascertain whether unusual activity is occurring. If so, the IDP 102 can disallow further accesses by the current user, and/or send an alert to a system administrator.
  • An example of the operation of the IDP 102 will now be described with reference to FIG. 5. First, the IDP 102 receives a request for authorization from the PEP 101 (step 501). The request includes information about the user's role (see FIG. 4A, step 404). The request also includes a query the user seeks to execute. The IDP 102 next retrieves the user's scorecard 111 (including variables tracking a user's total volume of access in a given time period, e.g., total number of rows accessed in a day, total kilobytes of data downloaded in a day, etc.) (step 502).
  • Next, the IDP 102 checks to see if it is in learning mode (step 503). If it is, then the IDP 102 updates a Bayesian network to learn that the query is authorized for this user role (step 504). Next, the IDP 102 adds data from the current query to the user's scorecard 111 (step 505). Finally, the IDP 102 transmits authorization to the PEP 101 (step 506).
  • If the IDP is not in learning mode, then the IDP 102 calculates the probability that the query is allowed for the user's role (step 507). If this probability is below a predetermined threshold a (step 508), then the IDP 102 tells the PEP 101 to block the query (step 509). If, instead, the probability is between the threshold a and a predetermined threshold b, where b>a (step 510), then the IDP 102 adds the data from the current query to the scorecard 111 (step 511), allows the query, and tells the PEP 101 to send an alert to a system administrator (step 512). If the probability is greater than the threshold b, the IDP 102 simply allows the query (step 513).
  • More generally, in some examples, the IDP 102 maintains a set of i thresholds ti. For each interval [ti, ti+1), a different action ki is defined. If the probability that the query is allowed is within the interval [ti, ti+1), then the action ki is performed.
  • In some examples, the IDP 102 increments the value on the scorecard 111 in response to accesses, or attempted accesses, to sensitive resources. In some examples, sensitive resources include access to prespecified applications and prespecified network addresses. In other examples, the IDP 102 increments the value of the scorecard by a greater amount in response to a failed or disallowed attempt to access the sensitive resource.
  • C. DEP
  • FIG. 7 depicts an example of interaction between a DEP 601 connected to a database 603 and a DEP 602 connected to a file system 604. In one example view 605, two columns are encrypted, but the table itself is not. In this example, authorization is handled entirely by the database's DEP 601. In a second example view 606, one column is encrypted, and the table is encrypted as well. In this example, the database's DEP 601 provides the decryption key for the column, while the file system's DEP 602 provides the decryption key for the table. In this example, a database administrator would be precluded from accessing secure data due to the table-level encryption. In the third example view 607, no columns are individually encrypted; but the table is encrypted. In this example, the file system's DEP 602 provides the decryption key.
  • In some examples, when a PEP 101 determines that a given query is to be blocked, it performs one or more of the following tasks: disconnecting the user; denying access to cryptographic keys; writing a record in a log file; and sending an error return code, coupled with no data, back to the requesting application.
  • In some examples, the PEP 101 includes a machine and program authorization (MPA) component. This component prevent or restrict users with valid login names and passwords from connecting to the database unless they access the database from a machine that has been preauthorized. Machines are authorized if they have an authorized IP address, and additionally, if they are able to specify both the port on which the database server is listening and the name of the database.
  • In some examples, the PEP 101, IDP 102, DEP 103, and AGP 104 are part of the Protegrity™ Secure Data server, which is available from Protegrity Corporation of Stamford, Conn.
  • It is to be understood that while the invention has been described in conjunction with the detailed description thereof, the foregoing description is intended to illustrate and not limit the scope of the invention, which is defined by the scope of the appended claims.

Claims (20)

1. A method for controlling data access in a data-at-rest system, the method comprising:
executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;
introducing a privacy policy at enforcement points that span multiple system layers; and
dynamically altering the privacy policy.
2. The method of claim 1, wherein the data-at-rest system is a database system.
3. The method of claim 1, further comprising modifying the protection of data at one of the multiple system layers.
4. The method of claim 3, wherein the step of modifying is performed based on a result of the link intrusion prevention analysis.
5. The method of claim 1, wherein the privacy policy comprises access control information.
6. The method of claim 1, wherein the privacy policy comprises intrusion detection information.
7. The method of claim 1, wherein the privacy policy comprises cryptographic information.
8. A computer-readable medium containing instructions for causing a computer to perform the method of claim 1.
9. A method for controlling access to a database system, the method comprising:
assigning a first access criterion and a second access criterion to a user role;
receiving a query from a user, the user having an access history;
determining that the user matches the user role;
comparing, in a first system layer, the access history to the first access criterion; and
comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.
10. The method of claim 9, wherein the first access criterion comprises a privacy policy.
11. The method of claim 9, further comprising learning a value for the first access criterion.
12. The method of claim 9, further comprising selecting a response to the query,
wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query.
13. The method of claim 12, wherein selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.
14. A computer-readable medium containing instructions for causing a computer to perform the method of claim 9.
15. A method for accessing data, the method comprising:
in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter;
in the first system layer, comparing the counter to a first threshold; and
transmitting a second request to a second system layer, the second request being based on the first request.
16. The method of claim 14, further comprising comparing the counter to a second threshold.
17. The method of claim 14, wherein the counter comprises a scorecard.
18. The method of claim 14, further comprising:
determining that the counter exceeds a third threshold; and
alerting a system administrator.
19. The method of claim 14, further comprising:
in the first system layer, transmitting a notification to the second system layer to deny the second request.
20. A system comprising:
a computer-readable medium as recited in claim 14; and
a computer in data communication with the computer-readable medium.
US11/357,741 2005-02-18 2006-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior Abandoned US20060259950A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US11/357,741 US20060259950A1 (en) 2005-02-18 2006-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US13/778,060 US8701191B2 (en) 2005-02-18 2013-02-26 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/181,825 US8935787B2 (en) 2005-02-18 2014-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/564,103 US10552622B2 (en) 2005-02-18 2014-12-09 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US65418105P 2005-02-18 2005-02-18
US11/357,741 US20060259950A1 (en) 2005-02-18 2006-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/778,060 Division US8701191B2 (en) 2005-02-18 2013-02-26 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Publications (1)

Publication Number Publication Date
US20060259950A1 true US20060259950A1 (en) 2006-11-16

Family

ID=36917160

Family Applications (5)

Application Number Title Priority Date Filing Date
US11/357,741 Abandoned US20060259950A1 (en) 2005-02-18 2006-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US11/884,592 Abandoned US20090025057A1 (en) 2005-02-18 2006-02-21 Multi-Layer System for Privacy Enforcement and Monitoring of Suspicious Data Access Behavior
US13/778,060 Active US8701191B2 (en) 2005-02-18 2013-02-26 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/181,825 Active US8935787B2 (en) 2005-02-18 2014-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/564,103 Active 2027-01-07 US10552622B2 (en) 2005-02-18 2014-12-09 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Family Applications After (4)

Application Number Title Priority Date Filing Date
US11/884,592 Abandoned US20090025057A1 (en) 2005-02-18 2006-02-21 Multi-Layer System for Privacy Enforcement and Monitoring of Suspicious Data Access Behavior
US13/778,060 Active US8701191B2 (en) 2005-02-18 2013-02-26 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/181,825 Active US8935787B2 (en) 2005-02-18 2014-02-17 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
US14/564,103 Active 2027-01-07 US10552622B2 (en) 2005-02-18 2014-12-09 Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

Country Status (4)

Country Link
US (5) US20060259950A1 (en)
KR (1) KR20070114725A (en)
GB (1) GB2438133A (en)
WO (1) WO2006089277A2 (en)

Cited By (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080196104A1 (en) * 2007-02-09 2008-08-14 George Tuvell Off-line mms malware scanning system and method
US20080270372A1 (en) * 2007-02-08 2008-10-30 International Business Machines Corporation System And Method For Verifying The Integrity And Completeness Of Records
WO2008104965A3 (en) * 2007-02-26 2009-05-07 Secure Islands Technologies Lt A system and method for automatic data protection in a computer network
US20100095367A1 (en) * 2008-10-09 2010-04-15 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
US20110231924A1 (en) * 2010-03-16 2011-09-22 Devdhar Rakendu Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device
US8112800B1 (en) 2007-11-08 2012-02-07 Juniper Networks, Inc. Multi-layered application classification and decoding
US20120054293A1 (en) * 2005-06-30 2012-03-01 Nimrod Diamant Internet protocol (ip) address sharing and platform dynamic host configuration protocol (dhcp) mediator
US8291495B1 (en) * 2007-08-08 2012-10-16 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US20120266218A1 (en) * 2008-04-02 2012-10-18 Protegrity Corporation Differential Encryption Utilizing Trust Modes
US20130174211A1 (en) * 2011-12-30 2013-07-04 Nokia Corporation Method And Apparatus Providing Privacy Setting And Monitoring User Interface
US8509071B1 (en) 2010-10-06 2013-08-13 Juniper Networks, Inc. Multi-dimensional traffic management
US8856923B1 (en) * 2012-06-29 2014-10-07 Emc Corporation Similarity-based fraud detection in adaptive authentication systems
US20150006882A1 (en) * 2013-06-28 2015-01-01 Ssh Communications Security Oyj Self-service portal for provisioning passwordless access
US9081986B2 (en) 2012-05-07 2015-07-14 Nokia Technologies Oy Method and apparatus for user information exchange
US9277364B2 (en) 2012-06-25 2016-03-01 Nokia Technologies Oy Methods and apparatus for reporting location privacy
US9319396B2 (en) 2013-07-08 2016-04-19 Ssh Communications Security Oyj Trust relationships in a computerized system
US20160162313A1 (en) * 2014-12-09 2016-06-09 The Boeing Company Systems and methods for securing virtual machines
US9398043B1 (en) 2009-03-24 2016-07-19 Juniper Networks, Inc. Applying fine-grain policy action to encapsulated network attacks
US9515999B2 (en) 2011-12-21 2016-12-06 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
US20170187723A1 (en) * 2013-02-01 2017-06-29 Vidder, Inc. Securing Communication over a Network Using Dynamically Assigned Proxy Servers
US9722987B2 (en) 2015-03-13 2017-08-01 Ssh Communications Security Oyj Access relationships in a computer system
US10003458B2 (en) 2011-12-21 2018-06-19 Ssh Communications Security Corp. User key management for the secure shell (SSH)
US10075416B2 (en) 2015-12-30 2018-09-11 Juniper Networks, Inc. Network session data sharing
US10250560B2 (en) * 2013-09-27 2019-04-02 Soosan Int Co., Ltd. Network security method and device using IP address
US10262153B2 (en) * 2017-07-26 2019-04-16 Forcepoint, LLC Privacy protection during insider threat monitoring
US10347286B2 (en) 2013-07-25 2019-07-09 Ssh Communications Security Oyj Displaying session audit logs
US20190273820A1 (en) * 2017-11-20 2019-09-05 International Business Machines Corporation Non-verbal sensitive data authentication
US10530786B2 (en) 2017-05-15 2020-01-07 Forcepoint Llc Managing access to user profile information via a distributed transaction database
US10542013B2 (en) 2017-05-15 2020-01-21 Forcepoint Llc User behavior profile in a blockchain
US10554480B2 (en) 2017-05-11 2020-02-04 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US10592978B1 (en) * 2012-06-29 2020-03-17 EMC IP Holding Company LLC Methods and apparatus for risk-based authentication between two servers on behalf of a user
US20200097677A1 (en) * 2018-09-20 2020-03-26 Idera, Inc. Database Access, Monitoring, and Control System and Method for Reacting to Susppicious Database Activities
US20200134218A1 (en) * 2018-10-30 2020-04-30 International Business Machines Corporation Storage unification with security management
US10666657B1 (en) 2016-12-07 2020-05-26 Amazon Technologies, Inc. Token-based access control and grouping
US10673862B1 (en) * 2016-12-07 2020-06-02 Amazon Technologies, Inc. Token-based access tracking and revocation
US10715514B1 (en) * 2016-12-07 2020-07-14 Amazon Technologies, Inc. Token-based credential renewal service
US10853496B2 (en) 2019-04-26 2020-12-01 Forcepoint, LLC Adaptive trust profile behavioral fingerprint
US10862927B2 (en) 2017-05-15 2020-12-08 Forcepoint, LLC Dividing events into sessions during adaptive trust profile operations
US10915644B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Collecting data for centralized use in an adaptive trust profile event via an endpoint
US10917423B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Intelligently differentiating between different types of states and attributes when using an adaptive trust profile
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US10999297B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Using expected behavior of an entity when prepopulating an adaptive trust profile
US11188667B2 (en) * 2017-10-30 2021-11-30 International Business Machines Corporation Monitoring and preventing unauthorized data access
US11245708B2 (en) 2008-07-23 2022-02-08 Mcafee, Llc Model-based system, method, and computer program product for detecting at least potentially unwanted activity associated with confidential data
US11698981B2 (en) * 2019-06-14 2023-07-11 Mongodb, Inc. Systems and methods for client-side and field-level encryption with dynamic schema databases

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7171560B2 (en) 1998-06-22 2007-01-30 Semtek Solutions, Inc. Method and apparatus for securing and authenticating encoded data and documents containing such data
US7506812B2 (en) 2004-09-07 2009-03-24 Semtek Innovative Solutions Corporation Transparently securing data for transmission on financial networks
US8826449B2 (en) * 2007-09-27 2014-09-02 Protegrity Corporation Data security in a disconnected environment
US8769275B2 (en) 2006-10-17 2014-07-01 Verifone, Inc. Batch settlement transactions system and method
US9123042B2 (en) * 2006-10-17 2015-09-01 Verifone, Inc. Pin block replacement
US9361617B2 (en) 2008-06-17 2016-06-07 Verifone, Inc. Variable-length cipher system and method
US20080288403A1 (en) * 2007-05-18 2008-11-20 Clay Von Mueller Pin encryption device security
US8082294B2 (en) * 2007-06-27 2011-12-20 Concept Solutions, Llc Methods and systems for providing web applications
US8355982B2 (en) 2007-08-16 2013-01-15 Verifone, Inc. Metrics systems and methods for token transactions
US20130144653A1 (en) * 2008-08-05 2013-06-06 Net.Orange, Inc. System and method for visualizing patient treatment history in a network environment
US20130166317A1 (en) * 2008-08-05 2013-06-27 Net.Orange, Inc. System and method for visualizing patient treatment measures in a network environment
US8144940B2 (en) 2008-08-07 2012-03-27 Clay Von Mueller System and method for authentication of data
US9537717B2 (en) * 2009-04-20 2017-01-03 Hewlett Packard Enterprise Development Lp Policy enforcement point provisioning
US8251283B1 (en) 2009-05-08 2012-08-28 Oberon Labs, LLC Token authentication using spatial characteristics
BRPI1009078A2 (en) * 2009-06-01 2019-09-24 Koninl Philips Electronics Nv method for dynamically determining a client device's access rights to a medical record and system for dynamically determining a client device's access rights to a medical record
US8489685B2 (en) 2009-07-17 2013-07-16 Aryaka Networks, Inc. Application acceleration as a service system and method
US20120222083A1 (en) * 2011-02-28 2012-08-30 Nokia Corporation Method and apparatus for enforcing data privacy
US10165007B2 (en) 2011-09-15 2018-12-25 Microsoft Technology Licensing, Llc Securing data usage in computing devices
US8911507B1 (en) * 2011-11-22 2014-12-16 Symantec Corporation Systems and methods for mitigating mobile device loss
US9087209B2 (en) * 2012-09-26 2015-07-21 Protegrity Corporation Database access control
US9009469B2 (en) * 2013-01-15 2015-04-14 Sap Se Systems and methods for securing data in a cloud computing environment using in-memory techniques and secret key encryption
RU2546585C2 (en) 2013-08-07 2015-04-10 Закрытое акционерное общество "Лаборатория Касперского" System and method of providing application access rights to computer files
CN104598778B (en) * 2013-10-30 2018-03-23 中国移动通信集团江苏有限公司 Authority dispatching method and device
US9959285B2 (en) 2014-08-08 2018-05-01 International Business Machines Corporation Restricting sensitive query results in information management platforms
US9792454B2 (en) 2015-01-16 2017-10-17 Protegrity Corporation Record level data security
US9935931B2 (en) * 2015-09-28 2018-04-03 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Authorizing user access to resource by determining whether other, authorized users have indicated that the user should be permitted access
US10216954B2 (en) 2016-06-27 2019-02-26 International Business Machines Corporation Privacy detection of a mobile application program
US11675524B2 (en) 2020-08-17 2023-06-13 Crystal Group, Inc. Isolated hardware data sanitize system and method
CN112906048B (en) * 2021-02-09 2023-01-03 上海凯馨信息科技有限公司 Secret state data access protection method for db2 data

Citations (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5265221A (en) * 1989-03-20 1993-11-23 Tandem Computers Access restriction facility method and apparatus
US5271007A (en) * 1990-12-25 1993-12-14 Fuji Xerox Co., Ltd. Network system having controlled access to available resources
US5278901A (en) * 1992-04-30 1994-01-11 International Business Machines Corporation Pattern-oriented intrusion-detection system and method
US5283830A (en) * 1991-12-17 1994-02-01 International Computers Limited Security mechanism for a computer system
US5572652A (en) * 1994-04-04 1996-11-05 The United States Of America As Represented By The Secretary Of The Navy System and method for monitoring and controlling one or more computer sites
US5748884A (en) * 1996-06-13 1998-05-05 Mci Corporation Autonotification system for notifying recipients of detected events in a network environment
US5751949A (en) * 1995-05-23 1998-05-12 Mci Corporation Data security system and method
US6003084A (en) * 1996-09-13 1999-12-14 Secure Computing Corporation Secure network proxy for connecting entities
US20010052014A1 (en) * 2000-05-31 2001-12-13 Sheymov Victor I. Systems and methods for distributed network protection
US20020007461A1 (en) * 1998-09-03 2002-01-17 Greg B. Garrison System and method for restricting unauthorized access to a database
US20020019931A1 (en) * 2000-05-17 2002-02-14 Rainor Prinoth Security service layer
US20020023227A1 (en) * 2000-08-18 2002-02-21 Sheymov Victor I. Systems and methods for distributed network protection
US20020066038A1 (en) * 2000-11-29 2002-05-30 Ulf Mattsson Method and a system for preventing impersonation of a database user
US6405318B1 (en) * 1999-03-12 2002-06-11 Psionic Software, Inc. Intrusion detection system
US20020078209A1 (en) * 2000-12-15 2002-06-20 Luosheng Peng Apparatus and methods for intelligently providing applications and data on a mobile device system
US20020112185A1 (en) * 2000-07-10 2002-08-15 Hodges Jeffrey D. Intrusion threat detection
US20020174352A1 (en) * 1996-06-20 2002-11-21 Anonymity Protection In Sweden Ab Data security system for a database
US6513060B1 (en) * 1998-08-27 2003-01-28 Internetseer.Com Corp. System and method for monitoring informational resources
US20030101355A1 (en) * 2001-11-23 2003-05-29 Ulf Mattsson Method for intrusion detection in a database system
US20030145232A1 (en) * 2002-01-31 2003-07-31 Poletto Massimiliano Antonio Denial of service attacks characterization
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US6754664B1 (en) * 1999-07-02 2004-06-22 Microsoft Corporation Schema-based computer system health monitoring
US20040139448A1 (en) * 2003-01-14 2004-07-15 Hope Clifford C. Interative escalation in an event management system
US6766368B1 (en) * 2000-05-23 2004-07-20 Verizon Laboratories Inc. System and method for providing an internet-based correlation service
US20040181667A1 (en) * 2003-03-13 2004-09-16 Venters Carl Vernon Secure streaming container
US20040267893A1 (en) * 2003-06-30 2004-12-30 Wei Lin Fuzzy logic voting method and system for classifying E-mail using inputs from multiple spam classifiers
US20050015626A1 (en) * 2003-07-15 2005-01-20 Chasin C. Scott System and method for identifying and filtering junk e-mail messages or spam based on URL content
US20050086529A1 (en) * 2003-10-21 2005-04-21 Yair Buchsbaum Detection of misuse or abuse of data by authorized access to database
US20050108521A1 (en) * 2003-07-07 2005-05-19 Silhavy James W. Multi-platform single sign-on database driver
US20050114711A1 (en) * 1999-12-02 2005-05-26 Lambertus Hesselink Managed peer-to-peer applications, systems and methods for distributed data access and storage
US6910135B1 (en) * 1999-07-07 2005-06-21 Verizon Corporate Services Group Inc. Method and apparatus for an intruder detection reporting and response system
US20050257266A1 (en) * 2003-06-11 2005-11-17 Cook Randall R Intrustion protection system utilizing layers and triggers
US20060179296A1 (en) * 2004-10-15 2006-08-10 Protegrity Corporation Cooperative processing and escalation in a multi-node application-layer security system and method
US20060253906A1 (en) * 2004-12-06 2006-11-09 Rubin Shai A Systems and methods for testing and evaluating an intrusion detection system
US20090178144A1 (en) * 2000-11-13 2009-07-09 Redlich Ron M Data Security System and with territorial, geographic and triggering event protocol
US7610375B2 (en) * 2004-10-28 2009-10-27 Cisco Technology, Inc. Intrusion detection in a data center environment
US7779422B1 (en) * 2005-10-05 2010-08-17 Mcafee, Inc. System, method, and computer program product for compatibility among hooking applications

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9003112D0 (en) 1990-02-12 1990-04-11 Int Computers Ltd Access control mechanism
US5610981A (en) * 1992-06-04 1997-03-11 Integrated Technologies Of America, Inc. Preboot protection for a data security system with anti-intrusion capability
US5699514A (en) * 1995-12-26 1997-12-16 Lucent Technologies Inc. Access control system with lockout
US8914410B2 (en) * 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US6460141B1 (en) * 1998-10-28 2002-10-01 Rsa Security Inc. Security and access management system for web-enabled and non-web-enabled applications and content on a computer network
JP2000148276A (en) 1998-11-05 2000-05-26 Fujitsu Ltd Device and method for monitoring security and securithy monitoring program recording medium
US7240368B1 (en) * 1999-04-14 2007-07-03 Verizon Corporate Services Group Inc. Intrusion and misuse deterrence system employing a virtual network
SE9904094D0 (en) * 1999-11-12 1999-11-12 Protegrity Research & Dev Method for reencryption of a database
US20020053020A1 (en) * 2000-06-30 2002-05-02 Raytheon Company Secure compartmented mode knowledge management portal
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US7058821B1 (en) * 2001-01-17 2006-06-06 Ipolicy Networks, Inc. System and method for detection of intrusion attacks on packets transmitted on a network
US7185364B2 (en) * 2001-03-21 2007-02-27 Oracle International Corporation Access system interface
US7313822B2 (en) * 2001-03-16 2007-12-25 Protegrity Corporation Application-layer security method and system
US7174566B2 (en) * 2002-02-01 2007-02-06 Intel Corporation Integrated network intrusion detection
EP1339199A1 (en) * 2002-02-22 2003-08-27 Hewlett-Packard Company Dynamic user authentication
US7096498B2 (en) * 2002-03-08 2006-08-22 Cipher Trust, Inc. Systems and methods for message threat management
WO2003083660A1 (en) * 2002-03-29 2003-10-09 Global Dataguard, Inc. Adaptive behavioral intrusion detection systems and methods
US20030221130A1 (en) * 2002-05-22 2003-11-27 Henry Steven G. Digital distribution of validation indicia
US7266702B2 (en) * 2002-10-21 2007-09-04 Solid Information Technology Oy Method and system for managing security material and services in a distributed database system
US7325002B2 (en) * 2003-04-04 2008-01-29 Juniper Networks, Inc. Detection of network security breaches based on analysis of network record logs
US7895649B1 (en) * 2003-04-04 2011-02-22 Raytheon Company Dynamic rule generation for an enterprise intrusion detection system
WO2004107130A2 (en) * 2003-05-28 2004-12-09 Caymas Systems, Inc. Multilayer access control security system
US20070050777A1 (en) * 2003-06-09 2007-03-01 Hutchinson Thomas W Duration of alerts and scanning of large data stores
US8775468B2 (en) * 2003-08-29 2014-07-08 International Business Machines Corporation Method and system for providing path-level access control for structured documents stored in a database
US9191215B2 (en) * 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US7506371B1 (en) * 2004-01-22 2009-03-17 Guardium, Inc. System and methods for adaptive behavior based access control
US7774485B2 (en) * 2004-05-21 2010-08-10 Bea Systems, Inc. Dynamic service composition and orchestration
US9934388B2 (en) * 2004-06-01 2018-04-03 Ben-Gurion University Of The Negev Research And Development Authority Method and system for database encryption
EP1757006A2 (en) * 2004-06-01 2007-02-28 Ben-Gurion University of the Negev Research and Development Authority Structure preserving database encryption method and system
US20060026273A1 (en) * 2004-08-02 2006-02-02 Forescout Inc. System and method for detection of reconnaissance activity in networks
US8161538B2 (en) * 2004-09-13 2012-04-17 Cisco Technology, Inc. Stateful application firewall
US7478429B2 (en) * 2004-10-01 2009-01-13 Prolexic Technologies, Inc. Network overload detection and mitigation system and method
US7874000B1 (en) * 2004-11-22 2011-01-18 Symantec Corporation Reducing false positives generated by a database intrusion detection system
US8800045B2 (en) * 2011-02-11 2014-08-05 Achilles Guard, Inc. Security countermeasure management platform
US9763081B2 (en) * 2013-11-21 2017-09-12 Apple Inc. System and method for policy control functions management mechanism

Patent Citations (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5265221A (en) * 1989-03-20 1993-11-23 Tandem Computers Access restriction facility method and apparatus
US5271007A (en) * 1990-12-25 1993-12-14 Fuji Xerox Co., Ltd. Network system having controlled access to available resources
US5283830A (en) * 1991-12-17 1994-02-01 International Computers Limited Security mechanism for a computer system
US5278901A (en) * 1992-04-30 1994-01-11 International Business Machines Corporation Pattern-oriented intrusion-detection system and method
US5572652A (en) * 1994-04-04 1996-11-05 The United States Of America As Represented By The Secretary Of The Navy System and method for monitoring and controlling one or more computer sites
US5751949A (en) * 1995-05-23 1998-05-12 Mci Corporation Data security system and method
US5748884A (en) * 1996-06-13 1998-05-05 Mci Corporation Autonotification system for notifying recipients of detected events in a network environment
US20020174352A1 (en) * 1996-06-20 2002-11-21 Anonymity Protection In Sweden Ab Data security system for a database
US6003084A (en) * 1996-09-13 1999-12-14 Secure Computing Corporation Secure network proxy for connecting entities
US6513060B1 (en) * 1998-08-27 2003-01-28 Internetseer.Com Corp. System and method for monitoring informational resources
US20020007461A1 (en) * 1998-09-03 2002-01-17 Greg B. Garrison System and method for restricting unauthorized access to a database
US6405318B1 (en) * 1999-03-12 2002-06-11 Psionic Software, Inc. Intrusion detection system
US6754664B1 (en) * 1999-07-02 2004-06-22 Microsoft Corporation Schema-based computer system health monitoring
US6910135B1 (en) * 1999-07-07 2005-06-21 Verizon Corporate Services Group Inc. Method and apparatus for an intruder detection reporting and response system
US6647400B1 (en) * 1999-08-30 2003-11-11 Symantec Corporation System and method for analyzing filesystems to detect intrusions
US20050114711A1 (en) * 1999-12-02 2005-05-26 Lambertus Hesselink Managed peer-to-peer applications, systems and methods for distributed data access and storage
US20020019931A1 (en) * 2000-05-17 2002-02-14 Rainor Prinoth Security service layer
US6766368B1 (en) * 2000-05-23 2004-07-20 Verizon Laboratories Inc. System and method for providing an internet-based correlation service
US20010052014A1 (en) * 2000-05-31 2001-12-13 Sheymov Victor I. Systems and methods for distributed network protection
US20020112185A1 (en) * 2000-07-10 2002-08-15 Hodges Jeffrey D. Intrusion threat detection
US20020023227A1 (en) * 2000-08-18 2002-02-21 Sheymov Victor I. Systems and methods for distributed network protection
US20090178144A1 (en) * 2000-11-13 2009-07-09 Redlich Ron M Data Security System and with territorial, geographic and triggering event protocol
US20020066038A1 (en) * 2000-11-29 2002-05-30 Ulf Mattsson Method and a system for preventing impersonation of a database user
US20020078209A1 (en) * 2000-12-15 2002-06-20 Luosheng Peng Apparatus and methods for intelligently providing applications and data on a mobile device system
US7120933B2 (en) * 2001-11-23 2006-10-10 Protegrity Corporation Method for intrusion detection in a database system
US20030101355A1 (en) * 2001-11-23 2003-05-29 Ulf Mattsson Method for intrusion detection in a database system
US20070101425A1 (en) * 2001-11-23 2007-05-03 Protegrity Corporation Method for intrusion detection in a database system
US20030145232A1 (en) * 2002-01-31 2003-07-31 Poletto Massimiliano Antonio Denial of service attacks characterization
US20040139448A1 (en) * 2003-01-14 2004-07-15 Hope Clifford C. Interative escalation in an event management system
US20040181667A1 (en) * 2003-03-13 2004-09-16 Venters Carl Vernon Secure streaming container
US20050257266A1 (en) * 2003-06-11 2005-11-17 Cook Randall R Intrustion protection system utilizing layers and triggers
US20040267893A1 (en) * 2003-06-30 2004-12-30 Wei Lin Fuzzy logic voting method and system for classifying E-mail using inputs from multiple spam classifiers
US20050108521A1 (en) * 2003-07-07 2005-05-19 Silhavy James W. Multi-platform single sign-on database driver
US20050015626A1 (en) * 2003-07-15 2005-01-20 Chasin C. Scott System and method for identifying and filtering junk e-mail messages or spam based on URL content
US20050086529A1 (en) * 2003-10-21 2005-04-21 Yair Buchsbaum Detection of misuse or abuse of data by authorized access to database
US20060179296A1 (en) * 2004-10-15 2006-08-10 Protegrity Corporation Cooperative processing and escalation in a multi-node application-layer security system and method
US7539857B2 (en) * 2004-10-15 2009-05-26 Protegrity Usa, Inc. Cooperative processing and escalation in a multi-node application-layer security system and method
US7610375B2 (en) * 2004-10-28 2009-10-27 Cisco Technology, Inc. Intrusion detection in a data center environment
US20060253906A1 (en) * 2004-12-06 2006-11-09 Rubin Shai A Systems and methods for testing and evaluating an intrusion detection system
US7779422B1 (en) * 2005-10-05 2010-08-17 Mcafee, Inc. System, method, and computer program product for compatibility among hooking applications

Cited By (106)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120054293A1 (en) * 2005-06-30 2012-03-01 Nimrod Diamant Internet protocol (ip) address sharing and platform dynamic host configuration protocol (dhcp) mediator
US8477649B2 (en) * 2005-06-30 2013-07-02 Intel Corporation Internet protocol (IP) address sharing and platform dynamic host configuration protocol (DHCP) mediator
US8055635B2 (en) * 2007-02-08 2011-11-08 International Business Machines Corporation System and method for verifying the integrity and completeness of records
US20080270372A1 (en) * 2007-02-08 2008-10-30 International Business Machines Corporation System And Method For Verifying The Integrity And Completeness Of Records
US20080196104A1 (en) * 2007-02-09 2008-08-14 George Tuvell Off-line mms malware scanning system and method
US20100146600A1 (en) * 2007-02-26 2010-06-10 Secure Islands Technologies Ltd System and method for automatic data protection in a computer network
US10367851B2 (en) 2007-02-26 2019-07-30 Microsoft Israel Research And Development (2002) Ltd System and method for automatic data protection in a computer network
US9218500B2 (en) * 2007-02-26 2015-12-22 Secure Islands Technologies Ltd. System and method for automatic data protection in a computer network
WO2008104965A3 (en) * 2007-02-26 2009-05-07 Secure Islands Technologies Lt A system and method for automatic data protection in a computer network
US9838432B2 (en) 2007-02-26 2017-12-05 Secure Islands Technologies Ltd System and method for automatic data protection in a computer network
US9712490B1 (en) 2007-08-08 2017-07-18 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US10033696B1 (en) 2007-08-08 2018-07-24 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US8291495B1 (en) * 2007-08-08 2012-10-16 Juniper Networks, Inc. Identifying applications for intrusion detection systems
US8112800B1 (en) 2007-11-08 2012-02-07 Juniper Networks, Inc. Multi-layered application classification and decoding
US8789180B1 (en) 2007-11-08 2014-07-22 Juniper Networks, Inc. Multi-layered application classification and decoding
US9485216B1 (en) 2007-11-08 2016-11-01 Juniper Networks, Inc. Multi-layered application classification and decoding
US9860210B1 (en) 2007-11-08 2018-01-02 Juniper Networks, Inc. Multi-layered application classification and decoding
US20120266218A1 (en) * 2008-04-02 2012-10-18 Protegrity Corporation Differential Encryption Utilizing Trust Modes
US8769272B2 (en) * 2008-04-02 2014-07-01 Protegrity Corporation Differential encryption utilizing trust modes
US11245708B2 (en) 2008-07-23 2022-02-08 Mcafee, Llc Model-based system, method, and computer program product for detecting at least potentially unwanted activity associated with confidential data
US8572717B2 (en) 2008-10-09 2013-10-29 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
US20100095367A1 (en) * 2008-10-09 2010-04-15 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
US9258329B2 (en) 2008-10-09 2016-02-09 Juniper Networks, Inc. Dynamic access control policy with port restrictions for a network security appliance
US9398043B1 (en) 2009-03-24 2016-07-19 Juniper Networks, Inc. Applying fine-grain policy action to encapsulated network attacks
WO2011115856A3 (en) * 2010-03-16 2012-02-02 Genband Us, Llc Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device
US8307418B2 (en) * 2010-03-16 2012-11-06 Genband Inc. Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device
WO2011115856A2 (en) * 2010-03-16 2011-09-22 Genband Us, Llc Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device
US20110231924A1 (en) * 2010-03-16 2011-09-22 Devdhar Rakendu Methods, systems, and computer readable media for providing application layer firewall and integrated deep packet inspection functions for providing early intrusion detection and intrusion prevention at an edge networking device
US8509071B1 (en) 2010-10-06 2013-08-13 Juniper Networks, Inc. Multi-dimensional traffic management
US10812530B2 (en) 2011-12-21 2020-10-20 Ssh Communications Security Oyj Extracting information in a computer system
US10693916B2 (en) 2011-12-21 2020-06-23 Ssh Communications Security Oyj Restrictions on use of a key
US10277632B2 (en) 2011-12-21 2019-04-30 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
US9515999B2 (en) 2011-12-21 2016-12-06 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
US10708307B2 (en) 2011-12-21 2020-07-07 Ssh Communications Security Oyj Notifications in a computer system
US20170163689A1 (en) * 2011-12-21 2017-06-08 Ssh Communications Security Oyj Managing relationships in a computer system
US10003458B2 (en) 2011-12-21 2018-06-19 Ssh Communications Security Corp. User key management for the secure shell (SSH)
US9998497B2 (en) * 2011-12-21 2018-06-12 Ssh Communications Security Oyj Managing relationships in a computer system
US10530814B2 (en) 2011-12-21 2020-01-07 Ssh Communications Security Oyj Managing authenticators in a computer system
US9832177B2 (en) 2011-12-21 2017-11-28 SSH Communication Security OYJ Managing credentials in a computer system
US20130174211A1 (en) * 2011-12-30 2013-07-04 Nokia Corporation Method And Apparatus Providing Privacy Setting And Monitoring User Interface
US8646032B2 (en) * 2011-12-30 2014-02-04 Nokia Corporation Method and apparatus providing privacy setting and monitoring user interface
US9081986B2 (en) 2012-05-07 2015-07-14 Nokia Technologies Oy Method and apparatus for user information exchange
US9277364B2 (en) 2012-06-25 2016-03-01 Nokia Technologies Oy Methods and apparatus for reporting location privacy
US10592978B1 (en) * 2012-06-29 2020-03-17 EMC IP Holding Company LLC Methods and apparatus for risk-based authentication between two servers on behalf of a user
US8856923B1 (en) * 2012-06-29 2014-10-07 Emc Corporation Similarity-based fraud detection in adaptive authentication systems
US20170187723A1 (en) * 2013-02-01 2017-06-29 Vidder, Inc. Securing Communication over a Network Using Dynamically Assigned Proxy Servers
US10652226B2 (en) * 2013-02-01 2020-05-12 Verizon Patent And Licensing Inc. Securing communication over a network using dynamically assigned proxy servers
US10681023B2 (en) * 2013-06-28 2020-06-09 Ssh Communications Security Oyj Self-service portal for provisioning passwordless access
US20150006882A1 (en) * 2013-06-28 2015-01-01 Ssh Communications Security Oyj Self-service portal for provisioning passwordless access
US9319396B2 (en) 2013-07-08 2016-04-19 Ssh Communications Security Oyj Trust relationships in a computerized system
US11277414B2 (en) * 2013-07-08 2022-03-15 Ssh Communications Security Oyj Trust relationships in a computerized system
US20160226841A1 (en) * 2013-07-08 2016-08-04 Ssh Communications Security Oyj Trust relationships in a computerized system
US9602478B2 (en) * 2013-07-08 2017-03-21 Ssh Communications Security Oyj Trust relationships in a computerized system
US10009354B2 (en) 2013-07-08 2018-06-26 Ssh Communications Security Oyj Trust relationships in a computerized system
US10616237B2 (en) 2013-07-08 2020-04-07 Ssh Communications Security Oyj Trust relationships in a computerized system
US10880314B2 (en) 2013-07-08 2020-12-29 Ssh Communications Security Oyj Trust relationships in a computerized system
US10347286B2 (en) 2013-07-25 2019-07-09 Ssh Communications Security Oyj Displaying session audit logs
US10250560B2 (en) * 2013-09-27 2019-04-02 Soosan Int Co., Ltd. Network security method and device using IP address
US20160162313A1 (en) * 2014-12-09 2016-06-09 The Boeing Company Systems and methods for securing virtual machines
US10558484B2 (en) * 2014-12-09 2020-02-11 The Boeing Company Systems and methods for securing virtual machines
US9817686B2 (en) * 2014-12-09 2017-11-14 The Boeing Company Systems and methods for securing virtual machines
US20180032366A1 (en) * 2014-12-09 2018-02-01 The Boeing Company Systems and methods for securing virtual machines
US10523674B2 (en) 2015-03-13 2019-12-31 Ssh Communications Security Oyj Access relationship in a computer system
US9722987B2 (en) 2015-03-13 2017-08-01 Ssh Communications Security Oyj Access relationships in a computer system
US10075416B2 (en) 2015-12-30 2018-09-11 Juniper Networks, Inc. Network session data sharing
US11329989B2 (en) 2016-12-07 2022-05-10 Amazon Technologies, Inc. Token-based access control and grouping
US10715514B1 (en) * 2016-12-07 2020-07-14 Amazon Technologies, Inc. Token-based credential renewal service
US10666657B1 (en) 2016-12-07 2020-05-26 Amazon Technologies, Inc. Token-based access control and grouping
US10673862B1 (en) * 2016-12-07 2020-06-02 Amazon Technologies, Inc. Token-based access tracking and revocation
US10873497B2 (en) 2017-05-11 2020-12-22 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US10554480B2 (en) 2017-05-11 2020-02-04 Verizon Patent And Licensing Inc. Systems and methods for maintaining communication links
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US11677756B2 (en) 2017-05-15 2023-06-13 Forcepoint Llc Risk adaptive protection
US10798109B2 (en) 2017-05-15 2020-10-06 Forcepoint Llc Adaptive trust profile reference architecture
US10542013B2 (en) 2017-05-15 2020-01-21 Forcepoint Llc User behavior profile in a blockchain
US10834098B2 (en) 2017-05-15 2020-11-10 Forcepoint, LLC Using a story when generating inferences using an adaptive trust profile
US10999297B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Using expected behavior of an entity when prepopulating an adaptive trust profile
US10855693B2 (en) 2017-05-15 2020-12-01 Forcepoint, LLC Using an adaptive trust profile to generate inferences
US10943019B2 (en) 2017-05-15 2021-03-09 Forcepoint, LLC Adaptive trust profile endpoint
US10855692B2 (en) 2017-05-15 2020-12-01 Forcepoint, LLC Adaptive trust profile endpoint
US10862927B2 (en) 2017-05-15 2020-12-08 Forcepoint, LLC Dividing events into sessions during adaptive trust profile operations
US10530786B2 (en) 2017-05-15 2020-01-07 Forcepoint Llc Managing access to user profile information via a distributed transaction database
US11025646B2 (en) 2017-05-15 2021-06-01 Forcepoint, LLC Risk adaptive protection
US10915644B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Collecting data for centralized use in an adaptive trust profile event via an endpoint
US10917423B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Intelligently differentiating between different types of states and attributes when using an adaptive trust profile
US10915643B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Adaptive trust profile endpoint architecture
US10944762B2 (en) 2017-05-15 2021-03-09 Forcepoint, LLC Managing blockchain access to user information
US11757902B2 (en) 2017-05-15 2023-09-12 Forcepoint Llc Adaptive trust profile reference architecture
US11463453B2 (en) 2017-05-15 2022-10-04 Forcepoint, LLC Using a story when generating inferences using an adaptive trust profile
US10834097B2 (en) 2017-05-15 2020-11-10 Forcepoint, LLC Adaptive trust profile components
US10262153B2 (en) * 2017-07-26 2019-04-16 Forcepoint, LLC Privacy protection during insider threat monitoring
US10318729B2 (en) 2017-07-26 2019-06-11 Forcepoint, LLC Privacy protection during insider threat monitoring
US10733323B2 (en) 2017-07-26 2020-08-04 Forcepoint Llc Privacy protection during insider threat monitoring
US11188667B2 (en) * 2017-10-30 2021-11-30 International Business Machines Corporation Monitoring and preventing unauthorized data access
US11012555B2 (en) 2017-11-20 2021-05-18 International Business Machines Corporation Non-verbal sensitive data authentication
US11012556B2 (en) * 2017-11-20 2021-05-18 International Business Machines Corporation Non-verbal sensitive data authentication
US20190273820A1 (en) * 2017-11-20 2019-09-05 International Business Machines Corporation Non-verbal sensitive data authentication
US11818282B2 (en) 2017-11-20 2023-11-14 International Business Machines Corporation Non-verbal sensitive data authentication
US20200097677A1 (en) * 2018-09-20 2020-03-26 Idera, Inc. Database Access, Monitoring, and Control System and Method for Reacting to Susppicious Database Activities
US11593505B2 (en) * 2018-09-20 2023-02-28 Idera, Inc. Database access, monitoring, and control system and method for reacting to suspicious database activities
US11017108B2 (en) * 2018-10-30 2021-05-25 International Business Machines Corporation Storage unification with security management
US20200134218A1 (en) * 2018-10-30 2020-04-30 International Business Machines Corporation Storage unification with security management
US11163884B2 (en) 2019-04-26 2021-11-02 Forcepoint Llc Privacy and the adaptive trust profile
US10997295B2 (en) 2019-04-26 2021-05-04 Forcepoint, LLC Adaptive trust profile reference architecture
US10853496B2 (en) 2019-04-26 2020-12-01 Forcepoint, LLC Adaptive trust profile behavioral fingerprint
US11698981B2 (en) * 2019-06-14 2023-07-11 Mongodb, Inc. Systems and methods for client-side and field-level encryption with dynamic schema databases

Also Published As

Publication number Publication date
US20140165202A1 (en) 2014-06-12
US20090025057A1 (en) 2009-01-22
US8935787B2 (en) 2015-01-13
WO2006089277A3 (en) 2007-08-23
US20150096049A1 (en) 2015-04-02
US8701191B2 (en) 2014-04-15
US20130174215A1 (en) 2013-07-04
GB2438133A (en) 2007-11-14
WO2006089277A2 (en) 2006-08-24
US10552622B2 (en) 2020-02-04
GB0716647D0 (en) 2007-10-10
KR20070114725A (en) 2007-12-04

Similar Documents

Publication Publication Date Title
US8935787B2 (en) Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
USRE47443E1 (en) Document security system that permits external users to gain access to secured files
US8613102B2 (en) Method and system for providing document retention using cryptography
US9379895B2 (en) HTTP authentication and authorization management
US11880490B2 (en) Context-based access control and revocation for data governance and loss mitigation
US20070300306A1 (en) Method and system for providing granular data access control for server-client applications
US9374339B2 (en) Authentication of remote host via closed ports
US20140109179A1 (en) Multiple server access management
US8347359B2 (en) Encryption sentinel system and method
US9118617B1 (en) Methods and apparatus for adapting the protection level for protected content
US20120137375A1 (en) Security systems and methods to reduce data leaks in enterprise networks
US11483147B2 (en) Intelligent encryption based on user and data properties
WO2008109661A2 (en) Method and system for securely caching authentication elements
KR101373542B1 (en) System for Privacy Protection which uses Logical Network Division Method based on Virtualization
WO2007071501A1 (en) A method for cascading access management systems
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
US10609001B2 (en) Using cryptography and application gateway to eliminate malicious data access and data exfiltration
Shulman et al. Top ten database security threats
US20210234868A1 (en) Sleeper keys
KR20060058546A (en) Method and apparatus for providing database encryption and access control
US20210367934A1 (en) Secure system and method for preventing cross-site credential reuse
US11102005B2 (en) Intelligent decryption based on user and data profiling
CN113647051A (en) System and method for secure electronic data transfer
US20230195887A1 (en) Secure System and Method for Detecting Credential Stuffing Attacks
JP2004102524A (en) Security system and security method for database

Legal Events

Date Code Title Description
AS Assignment

Owner name: PROTEGRITY CORPORATION, CAYMAN ISLANDS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MATTSSON, ULF;REEL/FRAME:018104/0863

Effective date: 20060705

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION