Developing an Allocation Framework for Information Security Systems

Shimaa Mohamed, Abdel Nasser Zaied, Walid Khedr


Databases hold a critical concentration of sensitive information and become available on the internet to facilitate access, and as a result, databases are vulnerable and become the target of hackers. Today the security of database system become one of the most urgent tasks in database research, so to protect database system from attacking and compromised through authorized users who abuse or misuse data and unauthorized users who made unprivileged access. In this paper most of database vulnerabilities and threats which may face database system are reviewed and allocated proposed security techniques to protect database system from these threats to reduce risk of attacking database system.


Database Threats; Database Threats components; Security Techniques; Allocation Techniques; SQL Injection

Full Text:



Sabrina. D. C. V, Pierangela. S, Sushil. J, 1999, "Database Security", "European Community within the FASTER Project in the Fifth (EC) Framework Programme under contract IST-1999-11791", pp. 1-21

Nedhal A. Al and Dana. Al, 2013, "Database Security Threats: A Survey Study", "International Conference on Computer Science and Information Technology (CSIT)", pp.60-64

Saurabh. K and Siddhaling. U, 2012, "Review of Attacks on Databases and Database Security Techniques", "International Journal of Emerging Technology and Advanced Engineering", pp.253-263

Erez. S, Ronen. V, Ehud. G and Yuval. E, 2014," Implementing a database encryption solution, design and implementation issues", "computers & security", pp. 33 – 50

Ponemon Institute, 2014, "2014 Cost of Data Breach Study: Global Analysis / Research Report", "IBM - Ponemon Institute LLC", pp.1-28

Imperva’s Application Defense Center, 2013, "Top Ten Database Security Threats" "Data Security for the Data Center", pp.1-11

Imperva’s Application Defense Center, 2014, "Top Ten Database Security Threats" "Data Security for the Data Center", pp.1-9

OWASP, 2013, "The Ten Most Critical Web Application Security Risks", "the Open Web Application Security Project - OWASP", pp. 1-22

Amichai. Sh, 2006, "Top Ten Database Security Threats", "CTO Imperva, Inc.", pp.1-14

Shivnandan. S and Rakesh. K. R, 2014, "A Review Report on Security Threats on Database", "(IJCSIT) International Journal of Computer Science and Information Technologies, pp. 3215 – 3219

Abdul Razzaq, Ali. H, Nasir. H and Farooq. A, 2009, "Multi-Layered Defense against Web Application Attacks", "Sixth International Conference on Information Technology: New Generations", pp.492-497

Andrew. B, Dan. B and Palash. N, 2007, "Exposing Private Information by Timing Web Applications", "the International World Wide Web Conference Committee (IW3C2)", pp.1-8

Crispin. C, Perry. W, Calton. P, Steve. B and Jonathan. W, 1999, " Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade", "IEEE, and Proceedings of DARPA Information Survivability Conference and Expo (DISCEX)", pp.1-11

James. C. F, Vitaly. O, Nish. B and Niels. H, 2005, " Buffer Overflow Attacks: Detect, Exploit, Prevent ", "Syngress, Inc.", pp.1-521

Damballa, Inc., 2010, "Advanced Persistent Threats (APTs)", available at "" 9/1/2015

Sam. M, 2014, "Advanced Persistent Threat – APT", available at "" 9/1/2015

Steven. J. M, 2007, "Technical Report: Covert channel vulnerabilities in anonymity systems", "UCAM-CL-TR-706 / ISSN 1476-2986", pp.1-140

Mark. T, 2012, "Top 10 Database Vulnerabilities and Misconfigurations", "APPLICATION SECURITY, Inc.", available at "" 1/1/2014

Salvador. M, 2000, " Inference Attacks to Statistical Databases: Data Suppression, Concealing Controls and Other Security Trends", Aleph Zero online magazine, number 23", pp.1-12


Lech. J. J and Lingyan.R. F, 2010, "Social Engineering-Based Attacks: Model and New Zealand Perspective", "IEEE, International Muliconference on Computer Science and Information Technology", pp.847-853

Jim. R, 2012, "The Ongoing Malware Threat: How Malware Infects Websites and Harms Businesses — and What You Can Do to Stop It", "Symantec Corporation - VeriSign, Inc, pp.1-11

John. H, 2006, "Rootkit threats", "NGS – New Generation Software", pp.18-19

Iqra. B, Farooque. A, and Abdul Wahab. M, 2012, "Database Security and Encryption: A Survey Study ","International Journal of Computer Applications (0975 – 888)", pp.28-34

Kevin. K, 2006, "Cryptography in the Database: The last line of Defense", "USA, Symantec Corporation", pp.4-11

Ray. H, 2001, "PKI and Digital Certification Infrastructure", "9th IEEE International Conference on Networks (ICON.01)", pp. 234 – 239

Gang. Ch, Ke. Ch, and Jinxiang. D, 2006, "A Database Encryption Scheme for Enhanced Security and Easy Sharing", "10th International Conference on Computer Supported Cooperative Work in Design", pp. 1-6

William. S, (2011), "Cryptography and Network Security Principles and Practices, Fifth Edition", "publishing as Prentice Hall", pp. 1-900

Elisa. B, and Ravi. S, 2005, "Database Security—Concepts, Approaches, and Challenges ", "IEEE Transactions on Dependable and Secure Computing", pp. 2-19

Jason. D, 2004, "Defeating Overflow Attacks", "SANS Institute InfoSec Reading Room", pp. 1-30

Joel. S, 2003, "Testing and comparing vulnerability analysis tools", "TechTarget", available at "" 2/5/2015

Yue. Z, Serge. E, Lorrie. C and Jason. H, 2006, " Phinding Phish: Evaluating Anti-Phishing Tools", " Carnegie Mellon University / Human-Computer Interaction Institute by an authorized administrator of Research Showcase ", pp. 1-17

Forrest. S, 2015, "Anti-Malware", "webopedia", available at "" 2/5/2015

Sophos Ltd., "2015", available at, 1/6/2015

Alka. J and Sweta. J, 2010, "Database Intrusion Prevention cum Detection System with Appropriate Response", "International Journal of Information Technology and Knowledge Management", pp. 651-656

Ionx Solutions LLP, 2015, "Verisys product", available at 30/4/2015

Mark. N, Avivah. L and Paul. E. P, 2009, "Pattern Discovery with Security Monitoring and Fraud Detection Technologies", "Gartner Inc.", pp. 1-10

Entrust, Inc., 2007, "Understanding Digital Certificates & Secure Sockets Layer: A Fundamental Requirement for Internet Transactions", "Entrust, Securing Digital Identities & Information", pp. 1-11

Lululemon Black Friday cheap nfl jerseys Lululemon factory Outlet ny Black Friday discount tiffany outlet wholesale soccer jerseys online oakley black friday cheap nhl jerseys china cheap nfl jerseys north face black friday sale cheap nfl jerseys online Jordans Black Friday Sale 2015 Cheap Moncler Cyber Monday moncler outlet cheap soccer jerseys moncler outlet black friday cheap authentic nfl jerseys north face cyber monday Louboutin Black Friday canada wholesale cheap nfl jerseys lululemon cyber monday 2015 cheap nfl jerseys from china 2015 Cheap Moncler Black Friday Sale Moncler Cyber Monday 2015 cheap jerseys Lululemon Cyber Monday Sale jordans cyber monday deals 2015 cheap nike nfl jerseys Black Friday deals Lululemon 2015 jordan black friday 2015 Moncler Jackets Black Friday Sale 2015 Louboutin Pas Cher Black Friday 2015 Canada Lululemon north face black friday cheap wholesale soccer jerseys