1. Field
The disclosure relates generally to database systems and more specifically to generating a virtual database object catalog utilizing a corresponding real database object catalog, associating each of the objects within the virtual database object catalog with corresponding predefined data security policies for assessing a level of risk to virtual database objects that are referenced by incoming virtual database test query message traffic, and generating a data security violation report for the virtual database.
2. Description of the Related Art
A database refers to a set of related data that is organized into a data collection. Typically, a database includes schemas, tables, queries, reports, views, and other objects. Databases are used to support internal operations of organizations and to underpin online interactions with customers, for example. Databases also are used to hold administrative information and more specialized data, such as engineering data or economic models.
Access to the collection of data stored in a database is usually provided by a database management system (DBMS) consisting of computer software that allows users to interact with the database and provides access to the data contained in the database. However, restrictions may exist that limit access to particular data. Generally, a database management system is designed to allow the definition, creation, querying, updating, and administration of a database. Because of the relationship between the database and the database management system, the term database often refers to both the database and its corresponding database management system. Both the database and its corresponding database management system conform to the principles of a particular database model. A database system collectively refers to the database model, the database management system, and the database. A physical database server is a dedicated computer that stores the database and runs the corresponding database management system.
Chief Experience Officers recognize database security as a critical risk factor for practically every area of business. Because database systems may store valuable data, database-related security systems need to assure data integrity. Typically, service providers and customers apply different data security attacks to test their database systems for data integrity assurance. However, this type of data security attack testing may cause damage to an online service, which is provided by the database system under test. For example, a SQL injection attack may not be applied to a real production database system providing an online service. In addition, it may be difficult for a customer to set up an equivalent production database system for data security testing purposes.