Detection and Monitoring of Processes that Exploit the Cursor Mechanism, Provoking Locks in Information and Information Search Systems

• Published in: Systems of Signal Synchronization, Generating and Processing in Telecommunications (Online) pp. 1 - 6
• Main Authors: Vakulchik, O. V., Mazepa, R. B., Mikhaylov, V. Y.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.07.2024
• Subjects: administrator; cursor mechanism; Database systems; information search system; information system; intruder; Process monitoring; Search problems; Servers; SQL Server locking mechanism; status monitoring; Synchronization; System dynamics; Telecommunications
• ISSN: 2832-0514
• DOI: 10.1109/SYNCHROINFO61835.2024.10617786

The subject of this research are information and information search systems, which include an integral component - a database management system (DBMS). In relational DBMS, there is a low-level cursor mechanism that is typically used by administrative processes for intentional or unintentional activation of locking processes. But they pose a serious risk for exploitation by intruder due to their high efficiency. The research subject is the monitoring of events that exploit cursor mechanisms to activate locking processes. The purpose of the research is increasing the informativeness of the blocking process monitoring tool in order to detect events that exploit the cursor mechanism. Locks in relational DBMS are implemented by a special mechanism that ensures data integrity during concurrent access to a single resource. However, there are other mechanisms that serve a completely different purpose, and such mechanisms can provoke the emergence of a lock. The cursor mechanism is used for complex row-by-row processing of large volumes of data and can be useful for reading each row or updating. The use of cursors is also associated with a range of administrative tasks, such as report generation. This article aims to identify dangerous attributes of cursor implementation that can provoke the invocation of a locking process. It is shown that a cursor at the application level can be implemented not explicitly in SQL but through special ODBC API attributes, thereby complicating the task of detecting a malicious cursor. SQL Server cursors can be embedded in a stored procedure, allowing a locking process to be implemented covertly. Both implementations may be associated with the incompetence of employees implementing the cursor or with the intention of unethical use of DBMS resources. The main result of the article is the increase the informativeness of the monitoring tool for locking processes by adding significant parameters that allow distinguishing the actions of an administrator from those of a regular user. The final construction allows revealing a cursor hidden in a stored procedure and the attributes of an application-level cursor.