Security Assessment Model for Database Relational Designs

Abstract

The increasing number of data breaches has led many organizations to focus on securing their IT infrastructures and application architectures. However, the main causes of many of the latest attacks are not associated with these two architectures. The damage caused by most of the recent attacks could have been minimized if more attention was given to enhancing the security of all components of the database architecture. The existing enterprise database architecture frameworks do not consider this issue a priority; hence, it has received minimal attention. The enterprise database architecture is the most important architecture because it is responsible for defining how all types of data, whether security-critical or not, are stored and accessed. This paper focuses on addressing the lack of a complete solution to help enterprise system architects to address the security of their organizations from early stages. The novelty of this approach is that it specifies how to modify the required artifacts by the enterprise database architecture to address security-critical data. The approach also defines a number of security measurements that help enterprise architects in measuring the security of the organization database based on those artifacts. These metrics are developed based on the results of a cybersecurity experiment conducted on 100 randomly selected open-source websites. The paper's contributions also consist of the definition of a number of security refactoring rules that specify how to modify current enterprise databases to make them more secure. This paper uses an existing relational diagram for a health clinic database to illustrate the application of the model to an existing database. The validity and applicability of these metrics and refactoring rules are proved using an experiment conducted on a number of security-related databases.