Detection and Monitoring of Processes that Exploit the Cursor Mechanism, Provoking Locks in Information and Information Search Systems

The subject of this research are information and information search systems, which include an integral component - a database management system (DBMS). In relational DBMS, there is a low-level cursor mechanism that is typically used by administrative processes for intentional or unintentional activa...

Full description

Saved in:
Bibliographic Details
Published inSystems of Signal Synchronization, Generating and Processing in Telecommunications (Online) pp. 1 - 6
Main Authors Vakulchik, O. V., Mazepa, R. B., Mikhaylov, V. Y.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2024
Subjects
administrator
cursor mechanism
Database systems
information search system
information system
intruder
Process monitoring
Search problems
Servers
SQL Server locking mechanism
status monitoring
Synchronization
System dynamics
Telecommunications
Online AccessGet full text
ISSN2832-0514
DOI10.1109/SYNCHROINFO61835.2024.10617786

Cover

More Information
Summary:The subject of this research are information and information search systems, which include an integral component - a database management system (DBMS). In relational DBMS, there is a low-level cursor mechanism that is typically used by administrative processes for intentional or unintentional activation of locking processes. But they pose a serious risk for exploitation by intruder due to their high efficiency. The research subject is the monitoring of events that exploit cursor mechanisms to activate locking processes. The purpose of the research is increasing the informativeness of the blocking process monitoring tool in order to detect events that exploit the cursor mechanism. Locks in relational DBMS are implemented by a special mechanism that ensures data integrity during concurrent access to a single resource. However, there are other mechanisms that serve a completely different purpose, and such mechanisms can provoke the emergence of a lock. The cursor mechanism is used for complex row-by-row processing of large volumes of data and can be useful for reading each row or updating. The use of cursors is also associated with a range of administrative tasks, such as report generation. This article aims to identify dangerous attributes of cursor implementation that can provoke the invocation of a locking process. It is shown that a cursor at the application level can be implemented not explicitly in SQL but through special ODBC API attributes, thereby complicating the task of detecting a malicious cursor. SQL Server cursors can be embedded in a stored procedure, allowing a locking process to be implemented covertly. Both implementations may be associated with the incompetence of employees implementing the cursor or with the intention of unethical use of DBMS resources. The main result of the article is the increase the informativeness of the monitoring tool for locking processes by adding significant parameters that allow distinguishing the actions of an administrator from those of a regular user. The final construction allows revealing a cursor hidden in a stored procedure and the attributes of an application-level cursor.
ISSN:2832-0514
DOI:10.1109/SYNCHROINFO61835.2024.10617786