Skip to main content

Advertisement

Log in

The security of databases: the Access case

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Nowadays, more and more companies have to use databases in which they store their essential or confidential data for the society like client lists, product specifications, stock situations, etc.. Such pieces of data are the heart of a company and have to be protected. In fact, in the context of economic intelligence, getting such information is quite interesting for competitors who want to know how rival companies work for example. Databases need software to be managed. There is a variety of software, called database management system, which is able to manage database like MySQL, Oracle Database, Microsoft Access, etc... This paper will focus on Microsoft Access 2010 64 bits which is part of the Microsoft Office 2010 suite. Microsoft Access is currently used by small and medium enterprises (SMEs) who have subcontracted the creation of their database to specialized companies. SMEs represent a huge part of the economic area and could be an interesting target because of the large range of activities it gather. This technical paper analyses the Access Security and explains how an attacker could hijack an Access database in order to steal information or to perform malicious actions on the targeted computer. It deals with macro-viruses, still present after many years, and give then the possibility to use them to insert major security weaknesses into Access databases.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2

Similar content being viewed by others

Notes

  1. Visual Basic for Application : Visual Basic optimized for Microsoft Office.

References

  1. Starting Programming with Microsoft Access, http://www.office.microsoft.com/en-us/access-help/introduction-to-access-programming-HA010341717.aspx?CTT=1 (2011). Accessed 20 Nov 2011

  2. Compiler and Interpreter in Microsoft Access, http://www.support.microsoft.com/kb/109382/en (2012). Accessed 23 Mar 2012

  3. Introduction to the Access 2007 file format, http://www.office.microsoft.com/en-us/access-help/introduction-to-the-access-2010-file-format-HA010067831.aspx (2011). Accessed 2 Nov 2011

  4. http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/ and http://www.msnbc.msn.com/id/8064757/ns/technology_and_science-security/t/israeli-trojan-horse-scandal-widens/

  5. Presentation of the Microsoft Access 2010 security policy, http://www.office.microsoft.com/en-us/access-help/introduction-to-access-2010-security-HA010341741.aspx?CTT=1 (2012). Accessed 23 Mar 2012

  6. Jonathan, D., Eric, F., Jean-Paul, F.: Office Documents: New Weapons of Cyberwarfare. Hack.lu 2010 Conference, Luxembourg, 27–29 October 2010

  7. Harshavardhan, K.: Classification of various security techniques in databases and their comparative analysis. ArXiV Repository. http://www.arxiv.org/abs/1206.4124 (2012)

  8. Palamidessi, C., Stronati, M.: Differential privacy for relational algebra: improving the sensitivity bounds via constraint systems. ArXiV Repository. http://www.arxiv.org/abs/1207.0872 (2012)

  9. Intended use, http://www.eicar.org/86-0-Intended-use.html. Accessed 2 Nov 2011

  10. Matt, B.: Analysis of the ILOVEYOU Worm. http://www.citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.87.8077 (2000)

  11. Jonathan, D., Eric, F., Jean-Paul, F.: Perverting eMails: a new dimension in internet (in)security. In: Proceedings of the 10th ECIW conference, July 2011, Tallinn, Estonia, pp. 106–112. ACI Press (2011).

  12. Threading in VBA: http://www.social.msdn.microsoft.com/Forums/en-US/vsto/thread/735c8f26-2129-4b46-8c1a-aad385cab2ed (2012). Accessed 19 Mar 2012

  13. MSDN Threads, http://www.msdn.microsoft.com/en-us/library/windows/desktop/ms68191728v=vs.8529.aspx (2012). Accessed 19 Mar 2012

  14. MSDN DLLs, http://www.msdn.microsoft.com/en-us/library/windows/desktop/ms68258928v=vs.8529.aspx (2012). Accessed 19 Mar 2012

  15. Result of the IAWACS 2010 AV Evaluation Contest, http://www.cvo-lab.blogspot.fr/2012/08/perseus-and-iawacs-20092010-available.html. Accessed 9 May 2010

  16. Baptiste, D.: Do you still believe that nobody can make a Win 7 system become useless despite using a “powerful” antivirus? http://www.cvo-lab.blogspot.fr/2012/08/perseus-and-iawacs-20092010-available.html (2010)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Baptiste David.

Rights and permissions

Reprints and permissions

About this article

Cite this article

David, B., Larget, D. & Scherrer, T. The security of databases: the Access case. J Comput Virol Hack Tech 9, 95–107 (2013). https://doi.org/10.1007/s11416-013-0182-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-013-0182-7

Keywords

Navigation