Browse Prior Art Database

Enhanced application security via time constrained functionality

IP.com Disclosure Number: IPCOM000234628D
Publication Date: 2014-Jan-23
Document File: 4 page(s) / 73K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method for implementing time lock functionality in a database system DBMS. The DBMS is updated to include a time access module. The time access module implements the policy to control specific database commands as they arrive into the engine via the coordinator agent. The coordinator agent consults with the time control policy to determine if the request command may be executed at that given point in time. Based on the time control policy the coordinator agent will either allow or reject the command to proceed further into the engine. The time access module implements time lock commands on one or more database commands.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 50% of the total text.

Page 01 of 4

Enhanced application security via time constrained functionality

Background


In todays ever complex IT reliant society the level/type and sophistication of hackers and undesirable access is ever expanding. Organisations not only need to protect against external threats but also from internal sources. Depending on the nature and origin of such unwanted activity there are certain activities that may be expected. For example in an RDBMS context, the hacker may try to escalate a users permissions, create a user for their own use to create a backdoor to the database, remove audit entries to cover their tracks, backup the database in question for removal which could lead to significant issues for the organisation, if denial of service is the objective they may try and drop tables, triggers, stored procedures, etc.. This could lead to not only IP loss but to compromised business confidence in the compromised organisation/ possibility of blackmail/ injury or death depending on the nature of application/ legal action etc.

  At present organisations have a number of controls at their disposal, such as appropriate permissions on users, appropriate locking policies on data, encryption, usernames & passwords, smart cards, biometrics, etc.. However, the challenge with many of these measures is the fact that once they are compromised the perpetrator has unfettered access. They have breeched your line of defence. Our invention, adding the capability to time lock application functionality will help to add another layer of defence to prevent/limit such un-permitted rogue actions.

  Many organisations will have a well understood and defined schedule of events, for example performing a database backup every Monday morning. If the backup operation is still operable outside of this time window it can then be availed of by a hacker/internal threat to backup the database and export it for whatever reason.


Page 02 of 4

Overview

FIG. 1

    The implementation of the proposed method will be explained using the design of the algorithm in Figure 1. The database management system (DBMS) is updated to include a time access module (Time Control Policy in figure 1). The time access module implements the policy to control specific database commands as they arrive into the engine via the coordinator agent. The coordinator agent will now consult with the time control policy to determine if the requested command may be executed at that given point in time. Based on the time control policy the coordinator agent will either allow or reject the command to proceed further into the engine.

The time access module implements time lock commands on one or more database commands (e.g., RUNSTATS every week day from 18PM to 8AM, BACKUP every Monday from 6am -> 9am).

Implementation

    A time lock command allows the requester of the specific command to control the database command on a specific time schedule. A Time lock command is managed with a lock class. A lock class is associated with th...