Tracking end-users in web databases

Boris Rozenberg, Yaron Gonen, Ehud Gudes, Nurit Gal-Oz, Erez Shmueli

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

When a database is accessed via a web application, users usually receive a pooled connection to the database. From a database point of view, such a connection is always established by the same user (i.e. the web application) and specific data on the end user is not available. As a consequence, users' specific transactions cannot be audited and fine-grained access control cannot be enforced at the database level. In this paper we propose a method and a system which provide the ability to track the end users in web databases. The new method can be applied to legacy web applications without requiring any changes in their existing infrastructure. Furthermore, the new users tracking ability provides a basis for native database protection mechanisms, and intrusion detection systems.

Original languageEnglish
Title of host publicationProceedings - 2011 5th International Conference on Network and System Security, NSS 2011
Pages105-112
Number of pages8
DOIs
StatePublished - 17 Nov 2011
Event2011 5th International Conference on Network and System Security, NSS 2011 - Milan, Italy
Duration: 6 Sep 20118 Sep 2011

Publication series

NameProceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Conference

Conference2011 5th International Conference on Network and System Security, NSS 2011
Country/TerritoryItaly
CityMilan
Period6/09/118/09/11

Keywords

  • DB users tracking
  • auditing
  • web users tracking

Fingerprint

Dive into the research topics of 'Tracking end-users in web databases'. Together they form a unique fingerprint.

Cite this