An investigation into the security features offered by Oracle 10g Enterprise Edition Author: Keletso Nyathi Supervisor: Mr John Ebden Computer Science.

Slides:



Advertisements
Similar presentations
Distributed Data Processing
Advertisements

Kensington Oracle Edition: Open Discovery Workflow Meets Oracle 10g Professor Yike Guo.
An investigation into the security features of Oracle 10g R2 Enterprise Edition Supervisor: Mr J Ebden.
SLA-Oriented Resource Provisioning for Cloud Computing
Mapping Studies – Why and How Andy Burn. Resources The idea of employing evidence-based practices in software engineering was proposed in (Kitchenham.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Database Software File Management Systems Database Management Systems.
Systems Design, Implementation, Maintenance, and Review Security, Privacy, and Ethics Chapters 13 & 14.
Database Market By Ann Seidu, Keith McCoy, and Ty Christler.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 1-1 David M. Kroenke’s Chapter One: Introduction Part One Database Processing:
Chapter 14 The Second Component: The Database.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Passage Three Introduction to Microsoft SQL Server 2000.
SQL Server 2008 for Hosting Key Questions to Address How can SQL Server save your costs? How can SQL Server help you increase customer base? How can.
Ch 4. The Evolution of Analytic Scalability
IT – DBMS Concepts Relational Database Theory.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
Overview of SQL Server Alka Arora.
AGENDA 1.Introduction 2.Course Policy 3.What is SQL 2000 Server? 4.Client-Server Architecture and Communications 5.SQL 2000 Versions 6.SQL 2000 Server.
Ling Guo Feb 15, 2010 Database(RDBMS) Software Review Oracle RDBMS (Oracle Cooperation) 4()6 Oracle 10g Express version DB2 (IBM) IBM DB2 Express-C SQL.
These materials are prepared only for the students enrolled in the course Distributed Software Development (DSD) at the Department of Computer.
The McGraw-Hill Companies, Inc Information Technology & Management Thompson Cats-Baril Chapter 3 Content Management.
David M. Kroenke’s Chapter One: Introduction Part Two Database Processing: Fundamentals, Design, and Implementation.
Evaluation of Microsoft Windows Vista By: Richard Awusi Supervisor: John Ebden Consultants: Jill Japp and Billy Morgan.
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden Date:
BENCHMARKING DATABASES By Samy Kabangu Supervisor : Mr. John Ebden Computer Science Department Rhodes University.
Component 4: Introduction to Information and Computer Science Unit 6: Databases and SQL Lecture 2 This material was developed by Oregon Health & Science.
Tech Terminology for non-technical people Tim Bornholtz 2006 Annual Conference.
We will start soon. Feel free to ask (chat window) anything you want before we start.
Enterprise Reporting Solution
An Investigation of Oracle and SQL Server with respect to Integrity, and SQL Language standards Presented by: Paul Tarwireyi Supervisor: John Ebden.
High Performance Computing on Virtualized Environments Ganesh Thiagarajan Fall 2014 Instructor: Yuzhe(Richard) Tang Syracuse University.
Data Mining with Oracle using Classification and Clustering Algorithms Proposed and Presented by Nhamo Mdzingwa Supervisor: John Ebden.
Introduction to Computer Security PA Turnpike Commission.
COMP 208/214/215/216 – Lecture 8 Demonstrations and Portfolios.
Cryptography and Network Security (CS435) Part One (Introduction)
1 Introduction to Oracle Chapter 1. 2 Before Databases Information was kept in files: Each field describes one piece of information about student Fields.
Reactive learning Objects for Distributed e-Learning environments Patrick Duval, Agathe Merceron, Michel Scholl Computer Science Department Engineering.
6/1/2001 Supplementing Aleph Reports Using The Crystal Reports Web Component Server Presented by Bob Gerrity Head.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 21 November 2, 2004.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
Features Of SQL Server 2000: 1. Internet Integration: SQL Server 2000 works with other products to form a stable and secure data store for internet and.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Retele de senzori Curs 1 - 1st edition UNIVERSITATEA „ TRANSILVANIA ” DIN BRAŞOV FACULTATEA DE INGINERIE ELECTRICĂ ŞI ŞTIINŢA CALCULATOARELOR.
2 This document was developed prior to the product’s release to manufacturing, and as such, we cannot guarantee that all details included herein will.
Systems Analysis and Design in a Changing World, Fifth Edition
2V0-620 Real Questions with Correct Answers
Key processes Unit 1 Business skills for e-commerce
System Center Marketing
N-Tier Architecture.
Fundamentals of Information Systems, Sixth Edition
Appendix A: Guide to Using Microsoft Project 2002
Systems Analysis and Design With UML 2
Managing Multi-user Databases
CIS 515 STUDY Lessons in Excellence-- cis515study.com.
COSC 6340 Projects & Homeworks Spring 2002
Database Management System (DBMS)
Database Processing: David M. Kroenke’s Chapter One: Introduction
BENCHMARKING DATABASES
Database Processing: David M. Kroenke’s Chapter One: Introduction
Ch 4. The Evolution of Analytic Scalability
DAT381 Team Development with SQL Server 2005
Performance And Scalability In Oracle9i And SQL Server 2000
ROLE OF «electronic virtual enhanced research-engaged student teams» WEB PORTAL IN SOLUTION OF PROBLEM OF COLLABORATION INTERNATIONAL TEAMS INSIDE ONE.
McGraw-Hill Technology Education
Performance And Scalability In Oracle9i And SQL Server 2000
Presentation transcript:

An investigation into the security features offered by Oracle 10g Enterprise Edition Author: Keletso Nyathi Supervisor: Mr John Ebden Computer Science Department

Project objectives  To study and evaluate the security features on the 10g Enterprise Edition of Oracle  To draw out a conclusion about how secure Oracle databases are.  To suggest possible solutions to database security problems.

Introduction  A database is an integrated aggregation of data usually organised to reflect logical or functional relationships among data elements.  Databases have to be protected from illegal users.  Poor database security is a lead contributor to incidents of identity theft.  My project aims at evaluating the security provided by databases against hackers and trying to come up with possible solutions.

Background Information  Databases have been made available on the Internet to provide fast querying by users.  The growth of e-commerce has led to increased risks of indirect attack on databases.  Recently David Litchfield claims to have found a new class of attack on Oracle called “Dangling Cursor snarfing” that he uses to hack into the system.  Meanwhile Oracle claims that this class of attack is trivial and highly impractical.

Oracle Database current releases Standard Edition One  Ranges from a single user for a small business to distributed environments.  Limited to 2 processors Standard Edition  Supports for large machines and clustering of services with real application clusters.  Licensed to a single server with max of 4 processors Personal Edition  Single user developments and brings the whole of Oracle functionality to a personalised edition  Can run on any number of processors but restricted to single user.

Cont… Express Edition  Designed for beginners.  Can be installed on any size of machine with any number of CPUs

Cont… Enterprise Edition  Most reliable, secure data management for mission critical applications such as OLTP environments.  Query-intensive-data warehouse demanding internet applications.  Provides functionality to meet availability and scalability requirements of today’s mission- oriented applications for the enterprise.  Contains all of Oracle database components and can be further enhanced with extra packs.  Support all sizes of computers and is not limited to maximum processor count

Literature Survey.  A paper by David Litchfield entitled “Dangling Cursor Snarfing: A new class of Attack in Oracle”.  Another paper by David Litchfield entitled “Which Database is more secure? Oracle vs. Microsoft”.  Security course offered by Barry Irwin.  Documentation from Oracle about its security.  Database security as well as hacking techniques from the Internet.  Projects from previous years.

Intended Approach  Investigate David Litchfield’s claim against Oracle Database  Investigate some of the security features claimed by Oracle.  For each security feature, I will carry out tests to hack into the database.  Record findings and try to come up with possible solutions in case of failure.  Finally evaluate my findings and draw out a conclusion about the overall security offered by Oracle.

Timeline ActivityPeriod Install latest version of Oracle1 week Familiarise with Oracle and its security features4 weeks Literature review on security and hacking tests4 weeks Examine Security in the product including cursor snarfing. 12weeks Make evaluation of findings on Oracle security 6 weeks Summary of findings4 weeks Make a write up of project5 weeks

Expected outcomes and possible extensions  Derive a conclusion about how secure Oracle is.  If possible, make informed security suggestions for databases.  Acquire a deep understanding of the weaknesses in database security …………………………………………………………………………………………………  This project can also be carried forward into comparing Oracle against other databases e.g. SQL Server and some open source databases.  Its results might be a clue into finding an effective way to improve database security.

Thank you Questions and answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.