Methods of Modeling Database System Security Svitlana Rzaieva1, Dmytro Rzaiev2, Yuliya Kostyuk1, Hennadii Hulak3, and Oleksandr Shcheblanin4 1 State University Of Trade And Economics of Kyiv, 19 Kyoto str., Kyiv, 02156, Ukraine 2 Kyiv National Economic University of Kyiv, 54/1 Beresteysky prospect, Kyiv, 030 Ukraine 3 Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudriavska str., Kyiv, 04053, Ukraine 4 University Passau, 41 Innstraße, Passau, 94032, Germany Abstract Ensuring the protection of information stored in databases from unauthorized access, loss, and damages, as well as ensuring the confidentiality, integrity, and availability of data is a fundamental task of database security. The article explores the identification of potential threats and their analysis, the determination of possible consequences, and the development of protection strategies to prevent these threats. The identification of threats is closely linked to the process of threat modeling to enhance the security of databases. The article explores various threat modeling methods, such as threat analysis, scenario modeling, mathematical modeling, vulnerability analysis, risk analysis, and others. Each of these methods helps determine which threats may impact the database system and what security measures can be taken to prevent them. The article also describes a security model for a database system, including data vulnerability analysis, attack modeling, analysis of data from previous attacks, access rights analysis, determination of protective measures, and security method testing. This model serves as a tool for effectively managing risks and ensuring information security in today’s world, where cyber threats are becoming increasingly serious and widespread. Keywords 1 Database security, potential threat identification, threat modeling, vulnerability analysis. 1. Introduction emphasizing the importance of developing effective security modeling methods [1–3]. Methods for modeling the security of database High public and regulatory attention to data systems are recognized as extremely privacy protection, such as the General Data important in the modern digital world, where Protection Regulation (GDPR) in the EU, information has become one of the most imposes significant requirements on companies valuable assets for many organizations and and organizations regarding the protection of institutions. The increasing volume and personal data. This necessitates project significance of data for business and scientific developers to design and implement effective research make databases a target for various modeling and risk management methods to cyber threats. Attackers actively seek to gain ensure compliance with relevant legislation [4, access to this valuable information, making 5]. data protection a serious daily task for every The increasing level of professionalism organization. The rapid development of among cybercriminals and the complexity of technologies such as cloud computing and the attacks underscore the need for continuous Internet of Things (IoT) expands the range of improvement of security measures [6]. The attacks on database systems and creates new relevance of the article lies in the development opportunities for malicious actors, and enhancement of threat modeling methods CPITS-2024: Cybersecurity Providing in Information and Telecommunication Systems, February 28, 2024, Kyiv, Ukraine EMAIL: rzaevasl@knute.edu.ua (S. Rzaieva); rzaiev@kneu.edu.ua (D. Rzaiev); kostyuk_yu@knute.edu.ua (Y. Kostyuk); h.hulak@kubg.edu.ua (H. Hulak); oleksandr.shcheblanin@gmail.com (O. Shcheblanin) ORCID: 0000-0002-7589-2045 (S. Rzaieva); 0000-0002-7149-4971 (D. Rzaiev); 0000-0001-5423-0985 (Y. Kostyuk); 0000-0001-9131- 9233 (H. Hulak); 0009-0001-0614-6540 (O. Shcheblanin) ©️ 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings 384 for the timely detection and prevention of that is, dangerous events or situations that may attacks on database systems [7, 8]. occur and lead to loss, damage, or unauthorized access to information stored in 2. Previous Research the database. These threats can include various aspects, such as technical attacks from intruders, software bugs, improper security In [9], various threats faced by almost all settings, natural disasters, or internal threats software systems are discussed as technologies from employees. To effectively manage these evolve. These threats can originate from potential risks, it is necessary to identify them, external or internal sources, and their impact understand their possible consequences, and can be devastating. Systems may cease to develop protection strategies. function entirely, or there may be a leakage of Identifying potential threats is closely confidential information, affecting consumer related to the process of threat modeling to trust in the system provider. To prevent the improve database security. The first step in exploitation of system vulnerabilities by this process is to identify the various possible threats, the authors suggest using threat threats that may arise in the context of the modeling methods to think defensively. database. This includes analyzing external and [10] addresses security issues in enterprise internal factors that can create potential risks systems based on the MITRE Enterprise to information security. This analysis may ATT&CK matrix. This matrix focuses on include assessing potential attacks, identifying describing system assets, attack steps, defense system vulnerabilities, and assessing the mechanisms, and asset associations. The entity- possible consequences of possible threats to relationship model describes enterprise IT the confidentiality, integrity, and availability of systems as a whole, using available tools, data. allowing the simulation of attacks on instances Once identified, threats can be used to of the system model. These simulations can be create a threat model that describes their used to investigate security configurations and nature, potential attack vectors, and risk architectural changes for more effective system assessment. The threat model can then be used protection. to develop protection strategies, prioritize [11] explores traditional approaches to security measures, and establish access control threat modeling, such as Microsoft’s STRIDE, rules to help prevent or mitigate potential where Data Flow Diagrams (DFD) are used as threats. Thus, identifying potential threats and the primary input material for threat analysis. modeling them are key steps in implementing [12] discusses various threats and effective database security measures. vulnerabilities that may arise in the Threat modeling methods are approaches development, management, and maintenance of and techniques used to analyze identified different databases and database management threats and risks in the areas of security, systems. The article aims to analyze the information security, cybersecurity, and other described threats and provide the most fields. These methods help to assess what appropriate solutions for database security. threats may affect an organization, system, or project, and what measures can be taken to 3. Issues prevent or mitigate those threats. Here are some basic threat modeling techniques. Database system security includes a wide The threat analysis method includes the range of issues and aspects aimed at protecting identification of existing threats, their data stored in the database from unauthorized characteristics, and the ability to affect the access, loss, damage, confidentiality, integrity, system or organization. Standard SWOT and availability of data. Database security analysis (analysis of strengths, weaknesses, includes the identification of potential threats opportunities, and threats) and other and the development of protection measures approaches to identify threats. to prevent these threats. The scenario modeling method provides the Identification of potential threats is the creation of various scenarios based on known process of identifying and analyzing various threats and their impact. Scenarios help to possible threats, both external and internal, 385 prepare action plans for different possible threats to the database system and develop conditions. strategies for their protection. For a better Mathematical modeling is used to analyze understanding of the methods of modeling threats and their impact on systems, including database security, the authors used the tools of modeling probable threat cases, identifying the Mind Map programming platform to risks, and calculating possible losses. construct a corresponding model. This model Vulnerability analysis method—assesses consists of the following key modeling methods: existing vulnerable systems or organizations 1. Data vulnerability analysis. that can be exploited by attackers to implement 2. Database attack modeling. a threat. After identifying vulnerabilities, 3. Analysis of data on previous attacks. protection strategies are developed. 4. Database access rights analysis. The risk analysis method involves assessing 5. Determination of protective measures the likelihood of threats and the impact of and the creation of a response plan to these threats on a system or organization. As a external and internal threats. result of risk analysis, specific risks and their 6. Security methods testing. level of danger can be identified. The attack modeling method provides a simulation-type attack model. Simulation confirms what methods can be used by attackers to interfere with the system and how it can affect its operation. Creating a risk matrix, developed to systematize and compare different risks based on their probabilistic nature and impact on the system. This allows the authorized person to make decisions about the prioritization of risk management. The protection cost analysis method estimates the costs that may be associated with Figure 1: The model of database security preventing or remediating the consequences of system modeling methods is built using the threats. By taking into account the costs, the Mind Map software tool. Source: constructed authorized person can make informed by the authors themselves (screen capture) decisions about investing in security controls. Let’s delve into each modeling method in the Business impact analysis method—this model of threats. Data Vulnerability Analysis method assesses the possible consequences of involves addressing identified weaknesses in a threat and its impact on the organization’s the isolation and protection of data in the operations. Taking this impact into account, database system. The first step in data the organization can develop strategies to vulnerability analysis is identifying potential ensure business continuity. vulnerabilities in the database system, such as Monitoring and updating. Threat and risk software deficiencies, inadequate access rules, models need to be constantly updated, after or insufficient password protection. This stage which new threats are reflected, and known includes the following steps: threats can change the existing characteristics. • Conducting a system scan to identify It is also important to monitor and evaluate the vulnerabilities in the database effectiveness of protection measures to ensure configuration and software. that they are effective. • Evaluating security parameters, including Threat modeling techniques are an access rights, password policies, table important part of a risk management and and view access permissions, file settings, security strategy in today’s world, where cyber threats and other forms of threats are becoming and other database security parameters. increasingly complex and widespread. • Identifying potential threats that could be Database security modeling is an essential used to breach the database system, aspect of ensuring the security of information including external and internal attacks, as and data. It helps identify external and internal well as other threat scenarios. 386 • Assessing the impact of vulnerabilities on After simulating attacks, an assessment of the database system and their likelihood, the effectiveness of the defense measures is and identifying critical vulnerabilities conducted to identify the most effective requiring immediate resolution. current security measures for the database • Determining specific measures to address system. This helps identify problematic areas vulnerabilities, including patches, and weaknesses that need improvement. Using Results to Enhance Database Security. software updates, changes to access The final step in the attack modeling process is rights, and other measures. seeking ways to improve the protection of the • Developing a plan and setting priorities database system. Based on the obtained for implementing recommendations to results, decisions can be made regarding ensure a phased improvement in data enhancing security policies, making changes to security. software, implementing security monitoring, Attack Modeling on a database system and even increasing user awareness regarding involves the process of defining and simulating data security. potential attacks on the database system. In Attack modeling on a database system attack modeling, a model is created that occurs during the information security generates the process of system intrusion, how provisioning stage, assuming that threats can attackers may attempt to breach the system, impact the system and how these impacts can and the methods they may use. This process be prevented or mitigated. may include SQL injections, session hijacking, Data analysis of previous attacks is a password attacks, exploiting software process of studying and analyzing information vulnerabilities, and more. This approach about previous attacks or security incidents provides a deep understanding of potential that occurred in a database system or similar threats and identifies weaknesses in the organizations. This stage concludes with database system’s security. Let’s explore this obtaining valuable experience and insights process in more detail. that can be used to enhance future protection. The first step in the attack modeling process This method includes the following steps: is defining selected attacks, which means • Collecting data on previous attacks, identifying various types of attacks that may be incidents, or security events that involved in malicious attempts to breach the occurred in the database system or other database system. This may include external similar organizations. The process may attacks such as SQL injections, session hijacking, involve information from event log and password attacks, as well as insider attacks records, incident reports, investigation involving malicious actions by employees or results, etc. unauthorized users. • Analyzing typical attack scenarios, The next step in the attack modeling process is developing attack scenarios. Detailed where typical attack scenarios identified scenarios must be created for each identified in previous incidents are studied. this attack, describing how the attack may occur. includes an analysis of the methods used This includes the sequence of actions needed for by attackers to infiltrate the system, a successful attack, including SQL queries that their objectives, and goals. may be used and other critical details. • Identifying common vulnerabilities Another crucial step is assessing the impact involves the analysis of common of the attack, meaning evaluating the impact of vulnerabilities or weaknesses exploited each attack on the database system, including by attackers in previous attacks, and aspects of data confidentiality, integrity, and identifying patterns indicating specific availability. types of vulnerabilities that require Attack Simulation. At this stage, simulation attention. tools and techniques are used to reproduce attack scenarios in a controlled environment. • Studying and analyzing the scale of Specialized tools can be employed to execute damage caused by previous attacks, SQL injections or session hijacking to verify if including data loss, recovery costs, and such intrusions are possible. other consequences. this analysis helps 387 improve risk assessment and make • Continuous monitoring of user actions decisions regarding security measures. for abnormal or unusual activities. • Evaluating the effectiveness of • Analysis and response to negative implemented measures, where the actions, such as unauthorized access effectiveness of security measures attempts or data modifications. implemented as a result of previous In light of the previous two processes incidents is analyzed. studying this step (access auditing and user monitoring), the helps improve and/or rectify security database system administrator needs to flaws in the database system. constantly review access rights, periodically • Developing a security improvement checking and updating user and group access plan, which includes improvement rights to changes in the organization, role structure, and security needs. It is important to procedures, implementation of new remove or modify access rights for users who technologies and security measures, as should no longer have access to the system. well as staff training. Access rights analysis is a key component of Continuous monitoring and updating of ensuring the security of the database system, information about previous attacks should be as it allows control and tracking of user access carried out by the security service or database to data and protects the system from potential administrator. This process allows for timely internal threats. responses to new threats and keeps the The method of determining protective database system secure. measures and creating a response plan for The analysis of data from previous attacks is external and internal threats. After identifying a component of enhancing the security of threats and assessing risks, a protection plan database systems, after which problematic should be developed. Determining protective areas need to be identified and informed measures is a step in ensuring the security of decisions regarding protective measures made. the database system and answers the question, Access rights analysis in a database system “How will we protect our data and is the process of assessing and verifying the infrastructure from external and internal rights of users, user groups, and objects in threats?” databases. The assessment of access rights to Determining protective measures is a stage the database, as well as control over them, is in the risk modeling process where specific the culmination of the stage. It is crucial to measures and strategies to reduce risk are verify who has access to the database, and defined to ensure the security of the database what actions they can perform, and severely system. This stage requires careful analysis and restrict these rights. planning and may include the following actions: Identification of users and groups, which selecting database protection measures, verifies identification data such as user logins defining the responsibilities of security and passwords, roles, and groups. personnel, assessing the cost and resources of Authorization of users and groups, which protection, and developing an implementation verifies access rights to database objects, schedule for protective measures. determines the actions users can perform in The selection of database protection the database system, such as reading, writing, measures involves defining specific security deleting, or modifying data, taking into account measures and technologies that can be access levels and restrictions for different implemented to protect the database system. users and roles. This may include network protection, data Access audit of database systems, which encryption, authentication systems, and other involves configuring the audit system to log measures. access events to the database, including user Defining the responsibilities of security logins and logouts, data changes, and other personnel involves assigning responsible actions. individuals who will manage, implement, and Monitoring and analysis of users include: monitor the security measures developed by • Monitoring and analyzing audit events to the specified legislation for database security. detect suspicious or unusual activities. 388 The assessment of the cost and resources of attack methods, including SQL injections, protection involves evaluating the costs session hijacking, authentication attacks, etc. associated with the implementation of selected Vulnerability analysis involves identifying security measures. This includes the cost of vulnerabilities and weaknesses in the database technologies, processes, personnel training, system that could be exploited by attackers. and other resources. Testing and assessing the effectiveness of The development of an implementation protection involves conducting tests and schedule for protective measures is created to checks of new security measures to determine determine the timeframes for the their effectiveness and compliance with implementation plan of necessary security security requirements; addressing identified measures and the sequence of their issues and improving security measures based implementation, prioritizing security measures on test results. according to their importance and deadlines. Testing also includes evaluating responses The incident response plan is a documented to incidents, assessing the system’s protection, set of procedures and actions to ensure the and how it reacts to different incidents. This security of operations in the event of a security evaluation includes checking the functionality incident. Creating an incident response plan of the event logging system and its monitoring. involves developing a plan of action in the Based on the results of security testing, plans event of the detection of threats or security for fixes and improvements are developed to incidents, including recovery procedures and a eliminate identified vulnerabilities and enhance return to normal operation. Such a plan the security system. Continuous monitoring of includes the following elements: security measures for abnormal activities and • identification of incidents, defining what threat analysis, along with data analysis on constitutes a security incident, and the security measures, allows for ongoing response events or actions that should trigger the to new threats. activation of the response plan. Continuous Monitoring and Updates. • response procedures for incidents, Continuous monitoring and updates are including a detailed description of the extremely important aspects of ensuring the steps to be taken in the event of an security of a database system. The database incident, including contact persons to be system needs to be constantly monitored to notified and the sequence of actions to detect abnormal events and vulnerabilities. stop the incident and minimize damage. This may include monitoring event logs, • recovery plan detailing step-by-step analyzing network traffic, and other methods. actions for restoring normal operations The goal is to detect certain threats and after an incident. the improvement plan respond to them before they can cause harm. for security measures involves changing Continuous monitoring and updates ensure the security strategy, if necessary, based that the database system remains resilient to on updated risk data, in response to new threats and provides a high level of data changes in threats and technologies. security. This allows organizations to operate • training and qualification enhancement in a reliable and secure environment, reducing for personnel regarding new security the risks of data leaks and enhancing security. measures and security procedures for database systems. 4. Conclusions Security testing is a fundamental process during which various types of attacks and Security modeling methods for database intentional actions are carried out on a system systems are a crucial component of to verify its resilience and the effectiveness of contemporary practical information security. security measures, and to check its Analyzing data vulnerabilities helps identify vulnerability and stability. weak points that malicious actors could exploit Examining security methods for database for unauthorized data access or database systems involves. manipulation. Modeling attacks on the Penetration testing, where security experts database system extends this analysis, aiding attempt to enter the database using various 389 in predicting methods and strategies that and Telecommunication Systems 2923 attackers might employ. (2021) 309-317. Analyzing data from past attacks and [6] V. Grechaninov, et al., Decentralized incidents serves as a valuable source of Access Demarcation System information for studying patterns and threats Construction in Situational Center targeting database systems. Approaches to Network, in: Workshop on Cybersecurity access rights analysis assist in managing user Providing in Information and privileges and developing access restriction Telecommunication Systems II, vol. strategies for database objects. Risk modeling 3188, no. 2 (2022) 197–206. and the identification of protective measures [7] V. Astapenya, et al., Last Mile Technique help assess existing threats and formulate for Wireless Delivery System using an plans to mitigate risks and enhance the Accelerating Lens, in: 2020 IEEE security level of the database system. International Conference on Problems of Continuous monitoring and updates are Infocommunications. Science and Tech- essential since threats constantly evolve, and nology (2020). doi: 10.1109/picst51311. database systems must be prepared to detect 2020.9467886. and respond to incidents, as well as update [8] V. Astapenya, et al., Analysis of Ways and security measures to adapt to new threats. Methods of Increasing the Availability of These practices ensure reliable information Information in Distributed Information protection and support data security in the Systems, in: 2021 IEEE 8th International modern information environment. Conference on Problems of Infocommunications, Science and References Technology (2021). doi: 10.1109/ picst54195.2021.9772161. [9] N. Shevchenko, et al., Threat Modeling: A [1] I. Kuzminykh, et al., Investigation of the Summary of Available Methods, Carnegie IoT Device Lifetime with Secure Data Mellon University Software Engineering Transmission, Internet of Things, Smart Institute Pittsburgh United States (2018). Spaces, and Next Generation Networks [10] W. Xiong, et al., Cyber Security Threat and Systems, vol. 11660 (2019) 16–27. Modeling Based on the MITRE doi: 10.1007/978-3-030-30859-9_2. Enterprise ATT&CK Matrix, Softw. Syst. [2] V. Sokolov, et al., Method for Increasing Modeling 21(1) (2022) 157–177. doi: the Various Sources Data Consistency for 10.1007/s10270-021-00898-7. IoT Sensors, in: IEEE 9th International [11] V. Grechaninov, et al., Decentralized Conference on Problems of Access Demarcation System Construc- Infocommunications, Science and tion in Situational Center Network, in: Technology (PICST) (2023) 522–526. Workshop on Cybersecurity Providing in doi: 10.1109/PICST57299.2022.10238518. Information and Telecommunication [3] Z. Hu, et al., Bandwidth Research of Systems II Vol. 3188 (2022) 197–206. Wireless IoT Switches, in: IEEE 15th [12] V. Pevnev, S. Kapchynskyi. Database International Conference on Advanced Security: Threats and Preventive Trends in Radioelectronics, Telecom- Measures, Modern Inf. Syst. 2(1) (2018) munications and Computer Engineering 69–72. (2020). doi: 10.1109/tcset49122. 2020.2354922 [4] F. Kipchuk, et al., Assessing Approaches of IT Infrastructure Audit, in: IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (2021). doi: 10.1109/ picst54195.2021.9772181 [5] H. Shevchenko, et al., Information Security Risk Analysis SWOT, Cybersecurity Providing in Information 390