Journal of Information Technology Applications and Management

Korea Data Strategy Society (한국데이터전략학회)
권호 표지
DOI QR코드

DOI QR Code

A Non-Agent based Identification Scheme for Identifying Database Users in 3-tier System Environments

3-tier 시스템 환경에서 비 에이전트 방식의 데이터베이스 사용자 식별 방안

  • Han, Jung Sang (Dept. of Industrial Convergence Security, Graduate School of Chung-Ang University) ;
  • Shin, Dong Cheon (Dept. of Industrial Security, Chung-Ang University)
  • Received : 2018.06.07
  • Accepted : 2018.07.04
  • Published : 2018.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The changes of internet environment have made services through web application server (WAS) popular. Accordingly, technical difficulties in identifying users who access databases through WAS were incurred. In order to solve these problems, many companies adopt an agent-based approach for identifying users by installing additional software on WAS. However, this approach must submit to some disadvantages in terms of cost, maintenance, and development process. In this paper, we devise an non-agent based approach for identifying database users in 3-tier environments.

Keywords

References

  1. Baek, J. and Park, D., "A Study on Traceback by WAS Bypass Access Query Information of DataBase", Journal of Korea society of Computer and Information, Vol. 14, No. 12, 2009, pp. 181-190.
  2. Daniel Joseph Barry, Understanding Packet Loss in Network Monitoring and Analysis Appliances, Retrived from https://esj.com/Articles/2012/12/13/Understanding-Packet-Loss.aspx?Page=2.
  3. Eckerson, W. W., "Three tier client/server architectures : achieving scalability, performance, and efficiency in client/server applications", Open Information Systems, Vol. 3, 1995, pp. 46-50.
  4. Kim, H., "WhiteList SQL based database access control on web application server", Korea University, 2014.
  5. Korea Data Agency, Data Industry White Paper. 2016.
  6. Korea Financial Telecommunications and Clearins Institute, An analysis of DB security tecknology and status, 2007.
  7. Mark Lillywhite, Agent vs Aentless : WHAT TO USE AND WHEN, Retrived from https://www.snowsoftware.com/int/blog/2017/03/23/agents-vs-agentless-what-use-and-when.
  8. Song, U., and Park, K., "Homomorphic Encryption for database outsourcing", Journal of the Korea Institute of Inform, Vol. 19, No. 3, 2009, pp. 80-89.
  9. Stephen, J. B., How to choose the right server performance monitoring tools, Retrieved from, http://searchitoperations.techtar. get.com/tip/How-to-choose-the-right-server-performance-monitoring-tools.
  10. UpGuard, Agent vs Agentless and Why We Chose Agentless. Retrived from https://www.upguard.com/blog/agent-vs-agentless-and-why-we-chose-agentless.