ORGANIZATION OF INFORMATION SYSTEM PROTECTION BASED ON DATABASE SERVERS

Abstract

Methods for increasing the security of database servers when working in a corporate network are analyzed and the
database is used as the basis of an enterprise security system. The widespread use of databases and a significant amount of
information accumulated in them from various subject areas, standardized tools for their management systems, leads to the need
to set the task of protecting both databases themselves and their management systems. The work focuses on modeling the
protection system specifically for relational databases, considering the protection of other components of the information system
as necessary. The concept is introduced and the justification for the need to use a secure database is given. Methods and
algorithms for protecting relational database information are developed using the proposed mathematical model of a secure
database. Suggestions are made regarding the use of the developed mathematical models and the configuration of the
information protection system. The presented methods allow building secure information systems based on database servers
and integrating the information protection systems of these servers with the information protection systems of other corporate
services to ensure comprehensive protection of enterprise data. The implementation of a secure database blocks the main threats
to the confidentiality and integrity of information in a relational database, providing an audit of the required detail. Methods and
algorithms have also been developed to implement an improved model of forced access control for relational database users,
and to conduct an audit of secure database users. These mechanisms ensure rapid adaptation of the database information
protection system to changes in security policy and a reduction in computing resources. The mechanisms for protecting database
servers when working in a corporate network have been studied and the use of a secure database as the core of an enterprise
security system has been proposed.
Keywords: secure database, unauthorized access, information system, security policy, information protection system,
database management system.

References
1. Доценко С.І. Організація та системи управління базами даних: Підручник. Харків: УкрДУЗТ, 2023. –
117 сторінок, 92 рисунки, 3 таблиці.
2. Пасічник В.В. та ін. Глобальні інформаційні системи та технології: Моделі ефективного аналізу,
обробки та захисту даних. Монографія / В.В. Пасічник, П.І. Жежнич, Р.Б. Кравець, А.М. Пелещишин, Д.О.
Тарасов. Львів: Видавництво Львівської політехніки, 2006. 348 сторінок. ISBN: 966-553-578-1.2. Chris J.
Date. SQL and Relational Theory: How to Write Accurate SQL Code. Symbol-Plus, Series: High Tech. ISBN 978-5-
93286-173-8, 978-0-596-52306-0; 2010.
3. Murach’s SQL Server 2019 for Developers by Bryan Syverson and Joel Murach 19 chapters, 674 pages, 291
illustrations Published April 2020. ISBN 978-1-943872-57-2.
4. Dotsenko S.I. Organization and Database Management Systems: Textbook. Kharkiv: UkrDUZT, 2023. – 117
pages, 92 figures, 3 tables.
5. Formal models of information security systems for relational databases. Modern Information Technologies
and Innovation Methodologies of Education in Professional Training Methodology Theory Experience Problems, 218-
221. //URL: https://vspu.net/sit/index.php/ sit/article/view/2887(accessed: 2021).
6. Ivanov, T.; Pergolesi, M. The impact of columnar file formats on SQL-on-hadoop engine performance: A
study on ORC and Parquet. Concurr. Comput. Pract. Exp. 2019, 32, e5523.
7. Dmytro Matveev, Daria Fedorenko. "The Problem of Personal Data Protection on the Internet" //
ΛΌГOΣ.ONLINE: International scientific e-journal 2019. No. 4. 63. URL: https://ojs.ukrlogos.in.ua/index.php/2663-
4139/article/view/530/545. EOI 10.11232/2663-4139.04.40 (accessed: 24.04.2021).
8. Peter P. Chen. "Entity-Relationship Modeling: Historical Events, Future Trends, and Lessons Learned."
URL: http://bit.csc.lsu.edu/~chen/pdf/Chen_Pioneers.pdf (accessed: 20.04.2021).
9. Managing Claims and Authorization with the Identity Model. https://learn.microsoft.com/ enus/dotnet/framework/wcf/feature-details/managing-claims-and-authorization-with-the-identity-model (accessed:
06.01.2023).
10. Security Testing: SQL Injections. https://training.qatestlab.com/blog/technical-articles/ security-testing-sqlinjection (accessed: 02.04.2020).
11. Popadyuk V. V. "Encryption in SQL SERVER Databases" // Cybersecurity in the Modern World: Materials
of the II All-Ukrainian Scientific and Practical Conference (Odesa, November 20, 2020).
12. Basic Security Practices for SQLite: Safeguarding Your Data. https://dev.to/stephenc222/ basic-securitypractices-for-sqlite-safeguarding-your-data-23lh (accessed: 03.02.24).