Abstract
Obtaining convincing evidence of database security, as the basic corporate resource, is extremely important. However, in order to verify the conclusions about the degree of security, it must be measured. To solve this challenge, the authors of the paper enhanced the Clements–Hoffman model, determined the integral security metric and, on this basis, developed a technique for evaluating the security of relational databases. The essence of improving the Clements–Hoffmann model is to expand it by including a set of object vulnerabilities. Vulnerability is considered as a separate objectively existing category. This makes it possible to evaluate both the likelihood of an unwanted incident and the database security as a whole more adequately. The technique for evaluating the main components of the security barriers and the database security as a whole, proposed by the authors, is based on the theory of fuzzy sets and risk. As an integral metric of database security, the reciprocal of the total residual risk is used, the constituent components of which are presented in the form of certain linguistic variables. In accordance with the developed technique, the authors presented the results of a quantitative evaluation of the effectiveness of the protection of databases built on the basis of the schema with the universal basis of relations and designed in accordance with the traditional technology of relational databases.
Highlights
IntroductionSecurity is one of the most important characteristics of the quality of the information systems (IS) as a whole [3], and databases (DBs), as their main component, in particular
This study proposes a new Security Metrics Objective Segments (SMOS) model to enable the design of security metrics taxonomies
It is easy to see that with known values of the probability of an undesirable incident Pl = Pti · Pγψ, the amount of damage Ll, the degree of corresponding security measure resistance Rl, it is possible to evaluate the database security using
Summary
Security is one of the most important characteristics of the quality of the IS as a whole [3], and databases (DBs), as their main component, in particular. In this regard, the presence of an information protection system, as a complex of software, technical, cryptographic, organizational and other methods, means and measures that ensure the integrity, confidentiality, authenticity and availability of information in conditions of exposure to threats of a natural or artificial nature, has become an integral feature of any modern IS and databases. In order to be able to verify the conclusions about the security level, it must be measured in some way
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
