Encyclopedia of Database Systems

2018 Edition
| Editors: Ling Liu, M. Tamer Özsu

Database Security

  • Elena FerrariEmail author
Reference work entry
DOI: https://doi.org/10.1007/978-1-4614-8265-9_111


Database protection


Database security is a discipline that seeks to protect data stored into a DBMS from intrusions, improper modifications, theft, and unauthorized disclosures. This is realized through a set of security services, which meet the security requirements of both the system and the data sources. Security services are implemented through particular processes, which are called security mechanisms.

Historical Background

Research in database security has its root in operating system security [ 6], whereas its developments follow those in DBMSs. Database security has many branches, whose main historical developments are summarized in what follows:
  • Access control. In the 1970s, as part of the research on System R at IBM Almaden Research Center, there was a lot of work on access control for relational DBMSs [2]. About the same time, some early work on Multilevel Secure Database Management Systems (MLS/DBMSs) was reported, whereas much of the development on...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Air Force Studies Board and Committee on Multilevel data management security. Multilevel data management security. Washington, DC: National Academy; 1983.Google Scholar
  2. 2.
    Bertino E, Sandhu RS. Database security: concepts, approaches, and challenges. IEEE Trans Depend Secure Comput. 2005;2(1):2–19.CrossRefGoogle Scholar
  3. 3.
    Bertino E, Laggieri D, Terzi E. Securing DBMS: characterizing and detecting query flood. In: Proceedings of the 9th Information Security Conference; 2004. p. 195–206.Google Scholar
  4. 4.
    Brainard J, Juels A, Rivest RL, Szydlo M, Yung M. Fourth-factor authentication: somebody you know. In: Proceedings of the 13th ACM Conference on Computer and Communications Security; 2006.Google Scholar
  5. 5.
    Carminati B, Ferrari E, Thuraisingham BM. Access control for web data: models and policy languages. Ann Telecommun. 2006;61(3–4):245–66.CrossRefGoogle Scholar
  6. 6.
    Castano S, Fugini MG, Martella G, Samarati P. Database security. Reading: Addison-Wesley; 1995.Google Scholar
  7. 7.
    Colombo P, Ferrari E. Enforcement of purpose based access control within relational database management systems. IEEE Trans Knowl Data Eng. 2014;26(11):2703–16.CrossRefGoogle Scholar
  8. 8.
    Damiani ML, Bertino E. Access control systems for geo-spatial data and applications. In: Belussi A, Catania B, Clementini E, Ferrari E, editors. Modelling and management of geographical data over distributed architectures. Springer; 2007. p. 189–214.Google Scholar
  9. 9.
    Ferraiolo DF, Sandhu RS, Gavrila SI, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur. 2001;4(3):224–74.CrossRefGoogle Scholar
  10. 10.
    Ferrari E, Thuraisingham BM. Secure database systems. In: Diaz O, Piattini M, editors. Advanced databases: technology and design. London: Artech House; 2000.Google Scholar
  11. 11.
    Grandison T, LeFevre K. Hippocratic database. In: Encyclopedia of cryptography and security. 2nd ed. Springer; 2010.Google Scholar
  12. 12.
    Orso A. SQL injection attacks. Encyclopedia of cryptography and security. Springer; 2011.Google Scholar
  13. 13.
    Pang H, Tan KL. Verifying completeness of relational query answers from online servers. ACM Trans Inf Syst Secur. 2008;11(2): article no. 5.CrossRefGoogle Scholar
  14. 14.
    Pfleeger CP, Pfleeger SL. Security in computing. 3rd ed. Upper Saddle River: Prentice-Hall; 2002.zbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.DiSTAUniversity of InsubriaVareseItaly

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DiSTAUniv. of InsubriaVareseItaly