PROBLEMS OF INFORMATION PROTECTION IN MODERN DATABASES. ANNOTATION
Abstract
The purpose of the article is to study the existing problems in ensuring the protection of databases in information systems. Methodology of research. Methods of logical generalization and scientific abstraction were used to achieve this goal. Results. The urgency of ensuring the protection of all modern corporate systems from unauthorized access has been confirmed. In the process of analyzing security problems, database protection models are considered. It is also noted that there are two groups of methods of information protection in database management systems: the first – protection of records and fields of database tables; password protection; encryption; separation of access rights to database objects, the second – methods to ensure the integrity of table relationships; built–in data control tools; methods of organizing the sharing of database objects in the network. Both positive and negative aspects of key methods of combating unauthorized access to databases are revealed. The main security models that ensure the confidentiality of information are studied, as well as the procedures for identification of persons, their authentication and authorization in databases are considered. The stages of evolution of information protection in database management systems (DBMS) are considered. Modern complex problems of theoretical and practical character at creation of system of protection of databases are allocated. It is proved that the role model of database protection is the most acceptable for use in modern DBMS. Measures have been formulated to build affordable server security systems that specialize in processing large data sets. Findings. It is determined that the prospects of further research in the direction of creating reliable database protection systems are harmonization and improvement of existing methods of information environment protection by developing methods of unification of protection mechanisms, systematization of DBMS vulnerabilities and formalization of modern data protection models. The practical significance of the research results. The use in practice of the proposed security models will increase the effectiveness of measures to ensure the protection of databases in information systems.
References
Чернухина Н.В., Матвиюк В.М. Основные аспекты информационной безопасности при работе в компьютерных сетях. Новые парадигмы общественного развития: экономические, социальные, философские, политические, правовые, общенаучные тенденции и закономерности: материалы междунар. науч.-практ. конф. (Новосибирск–Тихорецк–Саратов, 28 декабря 2015 года). Новосибирск, 2016. С. 122–123.
Ерохин В.В., Погонышева Д.А., Степченко И.Г. Безопасность информационных систем: учебное пособие. Москва, 2015. 184 с.
Смирнов С.Н. Безопасность систем баз данных. Москва, 2007. 352 с.
Кузнецов С.Д. Базы данных: учебник. Москва, 2012. 496 с.
Полтавцева М.А., Зегжда Д.П., Супрун А.Ф. Безопасность баз данных: учеб. пособие. Санкт–Петербург, 2015. 125 с.
Горбачевская Е.Н., Катьянов А.Ю., Краснов С.С. Информационная безопасность средствами СУБД Oracle. Вестник ВУиТ. Тольятти. 2015. № 2 (24). С. 72–85.
Турхановская К.А., Орлова Ю.А. Нечеткая модель для логического вывода при определении класса защищенности информационных систем управления предприятием. Известия Волгоградского государственного технического университета. Волгоград. 2016. № 7 (186). С. 110–115.
Филько С.В., Филько И.В. Информационная безопасность ERP–систем. Учет, анализ, аудит: проблемы теории и практики. Красноярск. 2016. Вып. 17. С. 115–119.
Филько С.В., Филько И.В. Анализ подходов к оценке рисков информационной безопасности в корпоративных информационных системах. Учет, анализ, аудит: проблемы теории и практики. Красноярск. 2016. Вып. 17. С. 120–124.
Скандал! Цифра? Дія… Юридична газета online. URL:https://yur–gazeta.com/publications/practice/informaciyne–pravo–telekomunikaciyi/skandal–cifra–diya.html (дата звернення 18.10.2021).
Chernuhina N.V., Matviyuk V.M. (2016). Osnovnyie aspektyi informatsionnoy bezopasnosti pri rabote v kompyuternyih setyah [The main aspects of information security when working in computer networks]. Novyie paradigmyi obschestvennogo razvitiya: ekonomicheskie, sotsialnyie, filosofskie, politicheskie, pravovyie, obschenauchnyie tendentsii i zakonomernosti: materialyi mezhdunarodnoy nauchno–prakticheskoy konferentsii – New paradigms of social development: economic, social, philosophical, political, legal, general scientific trends and patterns: materials of the international. scientific–practical conf. Novosibirsk (pp. 122–123) [in Russian].
Erohin V.V., Pogonyisheva D.A., Stepchenko I.G. (2015). Bezopasnost informatsionnyih sistem [Information Systems Security]. Moscow [in Russian]
Smirnov S.N. (2007). Bezopasnost sistem baz dannyih [Database systems security]. Moscow [in Russian].
Kuznetsov S.D. (2012). Bazyi dannyih [Databases]. Moscow [in Russian].
Poltavtseva M.A., Zegzhda D.P., Suprun A.F. (2015). Bezopasnost baz dannyih [Database Security]. St. Petersburg [in Russian].
Gorbachevskaya E.N., Katyanov A.Yu., Krasnov S.S. (2015). Informatsionnaya bezopasnost sredstvami SUBD Oracle [Information security of Oracle DBMS]. Vestnik VUiT – VUiT Bulletin, 2 (24), 72–85 [in Russian].
Turhanovskaya K.A., Orlova Yu.A. (2016). Nechetkaya model dlya logicheskogo vyivoda pri opredelenii klassa zaschischennosti informatsionnyih sistem upravleniya predpriyatiem [Fuzzy model for logical inference when determining the security class of enterprise management information systems]. Izvestiya Volgogradskogo gosudarstvennogo tehnicheskogo universiteta – Bulletin of the Volgograd State Technical University, 7 (186), 110–115 [in Russian].
Filko S.V., Filko I.V. (2016). Informatsionnaya bezopasnost ERP – sistem [Information security ERP]. Uchet , analiz , audit : problemyi teorii i praktiki – Accounting, analysis, audit: problems of theory and practice, 17, 115–119 [in Russian].
Filko S.V., Filko I.V. (2016). Analiz podhodov k otsenke riskov informatsionnoy bezopasnosti v korporativnyih informatsionnyih sistemah [Analysis of approaches to assessing information security risks in corporate information systems]. Uchet , analiz , audit : problemyi teorii i praktiki – Accounting, analysis, audit: problems of theory and practice, 17. 120–124 [in Russian].
Skandal! Tsifra? DIya… [Scandal! Digit? Action…]. Yuridichna gazeta online – Legal newspaper online. Retrieved from https://yur–gazeta.com /publications /practice/ informaciyne–pravo– telekomunikaciyi / skandal–cifra–diya.html (accessed 18 October 2021) [in Ukrainian].
