Abstract: A method, system, and computer program product for security auditing of database transactions are provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

Abstract: A system, and computer program product for security auditing of database transactions are provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

Abstract: A method for security auditing of database transactions is provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

Abstract: A system, and computer program product for modifying intercepted data interactions are provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.

Abstract: A method for modifying intercepted data interactions is provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.

Abstract: Hybrid database access control in external-to-database security systems is achieved by selectively operating a database server system in different security modes. During low traffic, access to the server is monitored by an agent subject to access policies (LSP) stored at an external security device (ESD). During high traffic, access is monitored by the server itself subject to access policies (DSP). The ESD translates an access policy (LSP) to an access policy (DSP) supported by the server. Thereafter the agent intercepts session login information and transmits it to the ESD, which determines an access policy is relevant to the session, updates the session login information according to database protocol rules, and sends the updated session login information to the agent. The agent releases the updated session login information to the server which allows a session based on the particular objects access rules (DSP) corresponding to the updated session login information.

Abstract: A restriction agent resides on a database client host, the database client host receiving first data from a database secured by a database access control system, the first data comprising sensitive information authorized by the database access control system for access by an authorized user requesting access to the database through a database client resident on the database client host. The restriction agent receives one or more instructions from a database access control system relative to the first data. The restriction agent enforces the one or more instructions on the database client host to restrict access to the first data to the authorized user only from among multiple users of the database client host.

Abstract: Hybrid database access control in external-to-database security systems is achieved by selectively operating a database server system in different security modes. During low traffic, access to the server is monitored by an agent subject to access policies (LSP) stored at an external security device (ESD). During high traffic, access is monitored by the server itself subject to access policies (DSP). The ESD translates an access policy (LSP) to an access policy (DSP) supported by the server. Thereafter the agent intercepts session login information and transmits it to the ESD, which determines an access policy is relevant to the session, updates the session login information according to database protocol rules, and sends the updated session login information to the agent. The agent releases the updated session login information to the server which allows a session based on the particular objects access rules (DSP) corresponding to the updated session login information.

Abstract: A database activity monitoring service, operating independent of a database server, in response to intercepting a database server response issued by the database server comprising a result set associated with a dynamic database query, extracts a first selection of data from the result set, the first selection of data identifying one or more dynamic query elements of the dynamic database query as constructed by the database server at runtime. The database activity monitoring service determines whether the one or more dynamic query elements comply with one or more security policies. The database activity monitoring service, in response to determining that the one or more dynamic query elements fail to comply with at least one of the one or more security policies, issues a security alert.

Abstract: A restriction agent resides on a database client host, the database client host receiving first data from a database secured by a database access control system, the first data comprising sensitive information authorized by the database access control system for access by an authorized user requesting access to the database through a database client resident on the database client host. The restriction agent receives one or more instructions from a database access control system relative to the first data. The restriction agent enforces the one or more instructions on the database client host to restrict access to the first data to the authorized user only from among multiple users of the database client host.

Abstract: Mechanisms are provided for propagating source identification information from an application front-end system in an application layer to a data layer inspection system associated with a back-end system. An incoming user request is received, at the data layer inspection system, from a gateway system associated with the application front-end system. One or more outgoing statements targeting a back-end system are received at the data layer inspection system. The data layer inspection system accesses a mapping data structure based on the one or more outgoing statements to thereby correlate the one or more outgoing statements with the incoming user request. The data layer inspection system retrieves source identification information associated with the incoming user request based on the correlation of the one or more outgoing statements with the incoming user request. The data layer inspection system performs a data layer inspection operation based on the source identification information.

Abstract: Mechanisms are provided for propagating source identification information from an application front-end system in an application layer to a data layer inspection system associated with a back-end system. An incoming user request is received, at the data layer inspection system, from a gateway system associated with the application front-end system. One or more outgoing statements targeting a back-end system are received at the data layer inspection system. The data layer inspection system accesses a mapping data structure based on the one or more outgoing statements to thereby correlate the one or more outgoing statements with the incoming user request. The data layer inspection system retrieves source identification information associated with the incoming user request based on the correlation of the one or more outgoing statements with the incoming user request. The data layer inspection system performs a data layer inspection operation based on the source identification information.

Abstract: A method for modifying intercepted data interactions is provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.

Abstract: A system, and computer program product for modifying intercepted data interactions are provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol.

Abstract: A system, and computer program product for security auditing of database transactions are provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

Abstract: A method for security auditing of database transactions is provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

Abstract: A method, system and computer-usable medium are disclosed for performing forensic database security operations to verify database query integrity. A database protocol packet is intercepted, inspected and then processed by an external database security mechanism (EDSM) system to extract a database query. The database query is then processed with a secret key to generate a first keyed-hash message authentication code (HMAC) value, which is then inserted into the intercepted database protocol packet according to database protocol rules to generate a modified database protocol packet in a way that HMAC values and database query will be stored in predetermined database server session tracking tables. The modified database protocol packet is then provided to a database server, where database server subsequently accessed by the EDSM system to retrieve the database query and the first HMAC value.

Abstract: A method, system and computer-usable medium are disclosed for performing forensic database security operations to verify database query integrity. A database protocol packet is intercepted, inspected and then processed by an external database security mechanism (EDSM) system to extract a database query. The database query is then processed with a secret key to generate a first keyed-hash message authentication code (HMAC) value, which is then inserted into the intercepted database protocol packet according to database protocol rules to generate a modified database protocol packet in a way that HMAC values and database query will be stored in predetermined database server session tracking tables. The modified database protocol packet is then provided to a database server, where database server subsequently accessed by the EDSM system to retrieve the database query and the first HMAC value.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for reconstructing a sequence of communications that occurred during a period of database activity monitor unavailability. A database activity monitor receives a first sequence of queries. The database activity monitor determines whether the database activity monitor became unavailable, and, in response to determining that the database activity monitor is unavailable, restarts the database activity monitor. The database activity monitor receives a second sequence of queries, and approximates a third sequence of queries, wherein the third sequence of queries occurred subsequent to the first sequence of queries and prior to the second sequence of queries. The database activity monitor validates the third sequence of queries with reference to a set of security policies.

Abstract: Embodiments of the disclosure can include a method, a system, and a computer program product for controlling access to a database server in a multi-tiered processing system. The method can include receiving an application request having an identification parameter to an application server at an application layer. The method can also include querying a database objects map that maps the application request to a database object and a database operation in a database layer. The method can also include accessing one or more database access security rules for the identification parameter that specify a security action based on the database object and the database operation. The method can also include comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules.