The thesis is devoted to the development, improvement and use of models and methods for ensuring database security.
The purpose of the thesis is to increase the efficiency of protection of databases built based on the scheme with the universal basis of relations, through the development and application of models, methods and means of ensuring their security.
In the first section of the thesis the analysis of the current state, the main problems of ensuring the security of databases (DB) and the formulation of research tasks are carried out. In particular, an analysis of approaches and achievements in the field of ensuring and assessing the security of information systems in general and databases, as their main functional component, was carried out, in particular, an analysis of formal models of access control and ensuring the integrity of data as a methodological basis for building protection systems and assessing their security. Based on the results of the analysis, disadvantages and unresolved issues related to the security of databases and its assessment have been identified, on the basis of which the tasks of the thesis research have been formulated.
In the second section, the problem of developing and justifying the database security model based on a full overlap security system and the database security assessment method is solved. Due to the extension of the Clements–Hoffman model due to the inclusion of a set of vulnerabilities of objects (which allows for a more adequate assessment of the probability of an undesirable incident (threat realization) in a two-factor model), a certain integral indicator of database security (as the inverse of the total residual risk, the constituent components of which are represented in the form of corresponding linguistic variables), the developed method for assessing the main components of security barriers and security of the database as a whole, based on the theory of fuzzy sets and risk, it becomes possible to quantify the security of the analyzed database. The first and second scientific results were obtained.
The third section solves the problem of developing and justifying data masking methods that reduce the probability of the threat of logical inference and ensure more effective hiding of the code of critically stored modules, which requires much more computational and time costs for its disclosure by an attacker than when using the existing methods provided by the developers of some modern database management systems (DBMS). The third, fourth and fifth scientific results and the first practical result were obtained.
In the fourth section, the problem of developing and substantiating a method for controlling the integrity and authenticity of permanently stored modules, based on the capabilities of blockchain technology, is solved. The sixth scientific result was obtained: for the first time a method of monitoring based on the capabilities of blockchain technology is proposed, which, unlike the known ones, allows, through the use of the created predetermined structure, rules for the formation of the primary and subsequent blocks in the blockchain chain, the organization of storage of this structure within the framework of a relational data model, methods of calculating the root of the hash tree, to strictly control the set of database programs, their integrity, authenticity with smaller volumes of data stored for this and the necessary resources processor. The second practical result was obtained.
In the fifth section the problem of substantiation and systematization of the implemented protection measures that ensure confidentiality, data integrity and permanently stored database modules with the universal basis of relations is solved. These measures are based on both general formal models of access control, data integrity, methods, means, mechanisms supported by the DBMS, on the platform of which the proposed scheme is being implemented, and on our own, developed within the framework of creating a database scheme invariant to subject areas. The third practical result was obtained.
In the sixth section an assessment of the security of a database with the universal basis of relations is carried out and a comparative analysis of the security of databases built on the traditional technology and on the basis of the universal basis of relations is provided. A comparative analysis has shown that the use of the solutions proposed in the work will increase the efficiency / effectiveness of the protection of databases built on the basis of the scheme with the universal basis of relations, more than 1.5 times relative to traditional relational databases.
