KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Design of the MS-SQL Password Vulnerability Checking Function Using OLE Remote Connection

OLE 원격 접속 기능을 이용한 MS-SQL 패스워드 취약점 점검 기능 설계

  • 장승주 (동의대학교 컴퓨터공학과)
  • Received : 2014.08.25
  • Accepted : 2014.12.17
  • Published : 2015.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

This paper will feature designs for security vulnerability based on MS-SQL Database and OLE connectivity by checking the MS-SQL database password policy, the user account password access attempts, a user without password, and password does not be changed for a period of time. This paper uses the MS-SQL database and C++ linkage in order to use the OLE DB function. The design module should judge presence or absence of security vulnerability by checking database password policy, the user account password access attempts, a user without password, password does not be changed for a period of time. The MS-SQL database password associated with a feature, judging from the many features allows you to check for security vulnerability. This paper strengthen the security of the MS-SQL database by taking the advantage of the proposed ability.

본 논문은 MS-SQL 데이터베이스의 환경과 OLE 원격 접속 기능, C++ 환경을 바탕으로 MS-SQL 데이터베이스 암호정책과 사용자 계정 패스워드 접속 시도, 패스워드 없는 사용자 계정, 패스워드를 일정 기간 이상 변경하지 않은 경우 등에 대한 점검을 통해서 보안취약점 기능을 설계한다. MS-SQL 데이터베이스와 C++의 연동을 위해서는 OLE DB 기능을 사용한다. OLE DB 연동을 통해 계정마다 암호정책 강제 적용의 유무를 확인하고, 계정별 패스워드 접속 실패 유무, 패스워드 없는 사용자, 패스워드를 일정 기간 이상 변경하지 않은 경우 등을 종합적으로 판단하여 보안취약점 유무를 판단한다. MS-SQL 데이터베이스 패스워드 기능과 관련하여 여러 가지 기능들을 판단해서 보안취약점을 점검할 수 있도록 한다. 본 논문에서 제시하는 기능을 활용하여 MS-SQL 데이터베이스 보안을 강화하고자 한다.

Keywords

References

  1. Charlie Osborne, "The Top Ten Most Common Database Security Vulnerabilities," http://www.zdnet.com/the-top-ten-most-common-database-security-vulnerabilities-7000017320/
  2. Vulnerability Analysis Quality Assurance DB database, http://www.dqc.or.kr/guideline/6-7-0.html
  3. Jin-Seong Jeong, "A Study on the Composition of a Secure Database," 2013.
  4. SQL Server Password Policy (http://technet.microsoft.com/ko-kr/library/ms161959(v=sql.105).aspx)
  5. Tae-Young Kim, "about OLE DB," http://www.taeyo.pe.kr/lecture/9_Board2001/Board2001_02.htm
  6. Yu-Kyung Kim, Seung-Cheol Sin, Jun-Seon Ahn, Wook-Sae Lee, Eun-Young Lee, and Hwan-Su Han, "Case study of software security vulnerabilities database," Journal of Information Science, Vol.28, No.2, pp.20-31, Feb., 2010.
  7. Dong-Jin Kin, Dong-Woo Seo, Wan-Seok Lee, and Seong-Je Cho, "An Efficient Vulnerability Management System for Utilization of New Information Technologies-related Security Vulnerabilities," Korea Information Science Society Conference 2010 Korea Computer, Vol.37, No.2(B), pp.66-71, 2010.
  8. Ji-Hong Kim, Huy-Kang Kim, "Automated Attack Path Enumeration Method based on System Vulnerabilities Analysis," Institute of Information Security, Vol.22, No.5, pp.1079-1090, Oct., 2010.
  9. Hyun-A Park, Dong-Hoon Lee, and Taik-Yeong Chung, "Comperhensive Study on Security and Privacy Requirements for Retrieval System over Encrypted Database," Institute of Information Security, Vol.22, No.3, pp.621-635, 2012.
  10. Seung-Ju Jang, Sung-Jin Kim "A Study of the Specific IP Vulnerability for the Oracle System", The Comprehensive Winter Conference of Korea Information and Communications Society, pp.392-394, 2014.
  11. Woo-Seok Seo, Moon-Seog Jun, "The Management and Security Plans of a Separated Virtualization Infringement Type Learning Database Using VM(Virtual Machine)," Korea Information and Communications Society, Vol.36, No.8, pp.947-953, 2011. https://doi.org/10.7840/KICS.2011.36B.8.947
  12. Seoung-Min Lee, Joon-Seok Oh, and Jin-Young Choi, "Comparative analysis on potential error-possibility and security vulnerability in software," Korea Information Science Society Conference 2010 Korea Computer, Vol.37, No.1(D), pp.106-109, 2010.
  13. Cheon-Shik Kim, Hyoung-Joong Kim, and You-Sik Hong, "Technique of Range Query in Encrypted Database," Journal of the Institute of Electronics Engineers-CI, Vol.45, No.3, pp.22-30, May, 2008.