公开(公告)号：US08495367B2

公开(公告)日：2013-07-23

申请号：US11709516

申请日：2007-02-22

申请人： Ron Ben-Natan

发明人： Ron Ben-Natan

IPC分类号： H04L29/06

CPC分类号： H04L9/3271 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/1425 ,  H04L2209/56

摘要： In a data level security environment, the data level security mechanism operates on plaintext data. Data level security operations identify a point in the information stream where plaintext data is available for interception. Typically this is a point in the processing stream just after the native DBMS decryption functionality has been invoked. A database monitor intercepts and scrutinizes data in transit between an application and a database by identifying a transition point between the encrypted and plaintext data where the cryptographic operations are invoked, and transfers control of the data in transit to a database monitor application subsequent to the availability of the data in plaintext form.

摘要翻译： 在数据级安全环境中，数据级安全机制对明文数据进行操作。 数据级安全操作标识信息流中的明文数据可用于拦截的一点。 通常，这是在调用本机DBMS解密功能之后的处理流中的一点。 数据库监视器通过识别调用加密操作的加密和明文数据之间的转换点来拦截和检查应用程序和数据库之间的传输中的数据，并在可用性之后将数据传输到数据库监视应用程序的传输控制 的数据以明文形式出现。

公开(公告)号：US20110313981A1

公开(公告)日：2011-12-22

申请号：US12817482

申请日：2010-06-17

申请人： Ron Ben-Natan

发明人： Ron Ben-Natan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F16/2455

摘要： A method, a data processing system, and a computer program product for protecting data in a database. A query to a database in a data processing system is received by a security mechanism in the data processing system that is external of the database. The query is converted to a modified query according to a security policy. The modified query is sent to the database, and a response to the modified query is returned.

摘要翻译： 一种用于保护数据库中的数据的方法，数据处理系统和计算机程序产品。 在数据处理系统中的数据库的查询由数据库外部的数据处理系统中的安全机制接收。 根据安全策略将查询转换为修改后的查询。 将修改的查询发送到数据库，并返回对修改后的查询的响应。

公开(公告)号：US07970788B2

公开(公告)日：2011-06-28

申请号：US11195387

申请日：2005-08-02

申请人： Ron Ben-Natan ,  Izar Tarandach

发明人： Ron Ben-Natan ,  Izar Tarandach

IPC分类号： G06F17/30

CPC分类号： G06F17/30306 ,  G06F21/6227 ,  G06F21/6236

摘要： A nonintrusive database access monitoring mechanism employs a hybrid approach that disallows, or blocks, the access mediums which are not feasible to intercept or analyze, as well as intercepting and analyzing access mediums for which interception and interrogation is available. Accordingly, various configurations provide the hybrid coverage approach to identifying access mediums, and either block or intercept the access attempts. In this manner, access mediums, such as interprocess communication (IPC) system calls, which may be efficiently intercepted and analyzed are captured and substantively processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to analyze such access attempts.

摘要翻译： 非侵入式数据库访问监视机制采用混合方式，其不允许或阻止不可能拦截或分析的接入介质，以及拦截和分析可用于拦截和询问的接入介质。 因此，各种配置提供了用于识别接入介质的混合覆盖方法，并且阻塞或拦截接入尝试。 以这种方式，可以有效地拦截和分析的访问介质（诸如进程间通信（IPC））系统调用被捕获并被实质地处理，而对于捕获过于繁琐或者侵入的其他访问介质被任意阻止从任何通信中避免 需要分析这种访问尝试。

公开(公告)号：US20100131512A1

公开(公告)日：2010-05-27

申请号：US11195387

申请日：2005-08-02

申请人： Ron Ben-Natan ,  Izar Tarandach

发明人： Ron Ben-Natan ,  Izar Tarandach

IPC分类号： G06F17/30

CPC分类号： G06F17/30306 ,  G06F21/6227 ,  G06F21/6236

摘要： A nonintrusive database access monitoring mechanism employs a hybrid approach that disallows, or blocks, the access mediums which are not feasible to intercept or analyze, as well as intercepting and analyzing access mediums for which interception and interrogation is available. Accordingly, various configurations provide the hybrid coverage approach to identifying access mediums, and either block or intercept the access attempts. In this manner, access mediums, such as interprocess communication (IPC) system calls, which may be efficiently intercepted and analyzed are captured and substantively processed, while other access mediums that are excessively burdensome or intrusive to capture are unselectively blocked from any communication, avoiding the need to analyze such access attempts.

摘要翻译： 非侵入式数据库访问监视机制采用混合方式，其不允许或阻止不可能拦截或分析的接入介质，以及拦截和分析可用于拦截和询问的接入介质。 因此，各种配置提供了用于识别接入介质的混合覆盖方法，并且阻塞或拦截接入尝试。 以这种方式，可以有效地拦截和分析的访问介质（诸如进程间通信（IPC））系统调用被捕获并被实质地处理，而对于捕获过于繁琐或者侵入的其他访问介质被任意阻止从任何通信中避免 需要分析这种访问尝试。

公开(公告)号：US07506371B1

公开(公告)日：2009-03-17

申请号：US10762660

申请日：2004-01-22

申请人： Ron Ben-Natan

发明人： Ron Ben-Natan

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F21/316

摘要： Typical conventional content based database security scheme mechanisms employ a predefined criteria for identifying access attempts to sensitive or prohibited data. An operator, identifies the criteria indicative of prohibited data, and the conventional content based approach scans or “sniffs” the transmissions for data items matching the predefined criteria. In many environments, however, database usage tends to follow repeated patterns of legitimate usage. Such usage patterns, if tracked, are deterministic of normal, allowable data access attempts. Similarly, deviant data access attempts may be suspect. Recording and tracking patterns of database usage allows learning of an expected baseline of normal DB activity, or application behavior. Identifying baseline divergent access attempts as deviant, unallowed behavior, allows automatic learning and implementation of behavior based access control. In this manner, data access attempts not matching previous behavior patterns are disallowed.

摘要翻译： 典型的基于常规内容的数据库安全性方案机制采用预定标准来识别对敏感或禁止数据的访问尝试。 操作者识别指示禁止数据的标准，并且常规的基于内容的方法扫描或“嗅探”符合预定标准的数据项的传输。 然而，在许多环境中，数据库使用往往遵循重复的合法使用模式。 这种使用模式（如果被跟踪）是正常的，允许的数据访问尝试的确定性。 类似地，错误的数据访问尝试可能是可疑的。 数据库使用的记录和跟踪模式允许学习正常DB活动或应用程序行为的预期基准。 将基准分歧的访问尝试识别为不正当的，不允许的行为，允许自动学习和实现基于行为的访问控制。 以这种方式，不允许不符合先前行为模式的数据访问尝试。