1 / 12

An investigation into the security features offered by Oracle 10g Enterprise Edition

An investigation into the security features offered by Oracle 10g Enterprise Edition. Author: Keletso Nyathi Supervisor: Mr John Ebden Computer Science Department. Project objectives. To study and evaluate the security features on the 10g Enterprise Edition of Oracle

kay
Download Presentation

An investigation into the security features offered by Oracle 10g Enterprise Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An investigation into the security features offered by Oracle 10g Enterprise Edition Author: Keletso Nyathi Supervisor: Mr John Ebden Computer Science Department

  2. Project objectives • To study and evaluate the security features on the 10g Enterprise Edition of Oracle • To draw out a conclusion about how secure Oracle databases are. • To suggest possible solutions to database security problems.

  3. Introduction • A database is an integrated aggregation of data usually organised to reflect logical or functional relationships among data elements. • Databases have to be protected from illegal users. • Poor database security is a lead contributor to incidents of identity theft. • My project aims at evaluating the security provided by databases against hackers and trying to come up with possible solutions.

  4. Background Information • Databases have been made available on the Internet to provide fast querying by users. • The growth of e-commerce has led to increased risks of indirect attack on databases. • Recently David Litchfield claims to have found a new class of attack on Oracle called “Dangling Cursor snarfing” that he uses to hack into the system. • Meanwhile Oracle claims that this class of attack is trivial and highly impractical.

  5. Oracle Database current releases

  6. Cont…

  7. Cont…

  8. Literature Survey. • A paper by David Litchfield entitled “Dangling Cursor Snarfing: A new class of Attack in Oracle”. • Another paper by David Litchfield entitled “Which Database is more secure? Oracle vs. Microsoft”. • Security course offered by Barry Irwin. • Documentation from Oracle about its security. • Database security as well as hacking techniques from the Internet. • Projects from previous years.

  9. Intended Approach • Investigate David Litchfield’s claim against Oracle Database • Investigate some of the security features claimed by Oracle. • For each security feature, I will carry out tests to hack into the database. • Record findings and try to come up with possible solutions in case of failure. • Finally evaluate my findings and draw out a conclusion about the overall security offered by Oracle.

  10. Timeline

  11. Expected outcomes and possible extensions • Derive a conclusion about how secure Oracle is. • If possible, make informed security suggestions for databases. • Acquire a deep understanding of the weaknesses in database security ………………………………………………………………………………………………… • This project can also be carried forward into comparing Oracle against other databases e.g. SQL Server and some open source databases. • Its results might be a clue into finding an effective way to improve database security.

  12. Thank you Questions and answers

More Related