Hiding the Source Code of Stored Database Programs

Yesin, V.I.; Karpinski, Mikolaj; Yesina, M.V.; Vilihura, V.V.; Warwas, Kornel

doi:10.3390/info11120576

Cited by 3 publications

(5 citation statements)

References 11 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To encrypt/decrypt data of fields of various types of a tuple row of a certain table R of a database, a scheme is used based on the use of keys K R 1 , K j 2 , K γ 3 similar to that described in [36,37], where K R 1 is a unique 128-bit random value (secret key) generated by a cryptographically strong pseudo-random number generator (PRNG) for each table R, constant for all values that will be encrypted in this table; K j 2 is a unique 128-bit random value (secret key) generated by a cryptographically strong PRNG for each attribute j of table R; and K γ 3 is the value of the integer identifier of the primary key of the γ-th row of the table R. Secret (symmetric) keys K R 1 , K j 2 are encrypted by one of the cryptographically strong algorithms and stored in the special database table R sec . The values of these keys are never shown.…”

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

The growing popularity of data outsourcing to third-party cloud servers has a downside, related to the serious concerns of data owners about their security due to possible leakage. The desire to reduce the risk of loss of data confidentiality has become a motivating start to developing mechanisms that provide the ability to effectively use encryption to protect data. However, the use of traditional encryption methods faces a problem. Namely, traditional encryption, by making it impossible for insiders and outsiders to access data without knowing the keys, excludes the possibility of searching. This paper presents a solution that provides a strong level of confidentiality when searching, inserting, modifying, and deleting the required sensitive data in a remote database whose data are encrypted. The proposed SQL query processing technique allows the DBMS server to perform search functions over encrypted data in the same way as in an unencrypted database. This is achieved through the organization of automatic decryption by specially developed secure software of the corresponding data required for search, without the possibility of viewing these data itself. At that, we guarantee the integrity of the stored procedures used and special tables that store encrypted modules of special software and decryption keys, the relevance and completeness of the results returned to the application. The results of the analysis of the feasibility and effectiveness of the proposed solution show that the proper privacy of the stored data can be achieved at a reasonable overhead.

show abstract

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…Effective analysis of this low occupancy big data can obtain implicit data and knowledge, resulting in data value added and providing and attaching a variety of services [3,4], which shows that low occupancy big data is very key. ese low occupancy big data are stored in the form of message file or database and rise exponentially [5], so high-quality storage methods are required. Intelligent classification technology is a very important big data management technology.…”

Section: Introductionmentioning

confidence: 99%

Intelligent Classification Method of Low Occupancy Big Data Based on Grid Index

Zhao

2021

Scientific Programming

View full text Add to dashboard Cite

In order to enhance the load balance in the big data storage process and improve the storage efficiency, an intelligent classification method of low occupancy big data based on grid index is studied. A low occupancy big data classification platform was built, the infrastructure layer was designed using grid technology, grid basic services were provided through grid system management nodes and grid public service nodes, and grid application services were provided using local resource servers and enterprise grid application services. Based on each server node in the infrastructure layer, the basic management layer provides load forecasting, image backup, and other functional services. The application interface layer includes the interfaces required for the connection between the platform and each server node, and the advanced access layer provides the human-computer interaction interface for the operation of the platform. Finally, based on the obtained main structure, the depth confidence network is constructed by stacking several RBM layers, the new samples are expanded by adding adjacent values to obtain the mean value, and the depth confidence network is used to classify them. The experimental results show that the load of different virtual machines in the low occupancy big data storage process is less than 40%, and the load of each virtual machine is basically the same, indicating that this method can enhance the load balance in the data storage process and improve the storage efficiency.

show abstract

“…In the DB with UBR, which can be used as an ordinary DB, a data warehouse of various subject domains (SDs) or a configuration DB of the dataspace management environment [73][74][75], various security measures are implemented [76][77][78][79][80]. These measures are based on the provisions of the theory of relational databases [8,30,81], formal access control models [82,83] and ensuring data integrity [84], the potential of the modern blockchain model [85,86], row-level security (RLS) technology [87], SQL capabilities [45].…”

mentioning

confidence: 99%

“…; -w 2 -tools provided by the DBMS and special developed means in the DB schema with UBR (means that ensure the maintenance of a special log-table of the modified data, the formation of data for a special table of users and some others [76]), allowing to identify and eliminate incorrectly assigned privileges; -w 3 -tools provided by the DBMS and special developed means in the DB schema with UBR (means providing the formation of data from a special table of the access privilege distribution to the data of other users and some others [76]), allowing to identify and eliminate incorrectly assigned privileges; -w 4 -tools provided by the DBMS and special developed means in the DB schema with UBR (means providing the data formation from a special table of restrictions on access rights to a specific data element and some others [76]), allowing to identify and eliminate incorrectly assigned privileges; -w 5 -means that allow to identify and eliminate excessive privileges; detect vulnerabilities, missing patches from vendors; inactive accounts, modify default passwords; properly configure the event auditing system, including tracking unusual user access activity, etc. Timely installation of patches or the use of virtual patches to protect the database; -w 6 -means that allow detecting unusual user access activity and complicating the leakage of confidential data from database tables (including the use of means for masking data provided by the DBMS and proposed in [79]; the usage of means of restricting access rights to a specific data element [76] implemented in the DB with UBR); -w 7 -means to detect unusual user access activity and complicate code disclosure of confidential persistent modules (including the use of means for masking data provided by the DBMS and proposed in [77]); -w 8 -means that allow to identify and eliminate incorrectly assigned privileges, detect vulnerabilities, inappropriate session duration, improper implementation of the algorithm, authentication protocol, settings. Timely installation of critical updates or the use of virtual patches to protect the database from attempts to exploit vulnerabilities until a full-fledged and permanent patch is deployed; -w 9 -means that allow controlling resource consumption (for example, through the profile mechanism-a named set of resource restrictions that can be used by the user); -w 10 -means that allow controlling the integrity of the trigger code and persistent stored modules, including those based on the potential of the modern blockchain model proposed in [78] and implemented in a DB with UBR; -w 11 -using parameterized queries, stored procedures, least privileges; escaping user input; converting data types to the type that was assumed by the logic of the program, checking the data entered by the user for compliance with the allowed character sequences; -w 12 -maintenance of the list of "prohibited" functions, procedures, the usage of which should be avoided; -w 13 − -anti-virus software; -w 14 -means providing support for data integrity (both built into the DBMS and specially developed in the DB schema with UBR [76,80]), as well as implementing security models based on discretionary and role-based policies; -w 15 -means that implement security models based on: discretionary, mandatory, role-based, attribute policy, including those specific to a database with UBR…”

mentioning

confidence: 99%

“…Timely installation of patches or the use of virtual patches to protect the database; -w 6 -means that allow detecting unusual user access activity and complicating the leakage of confidential data from database tables (including the use of means for masking data provided by the DBMS and proposed in [79]; the usage of means of restricting access rights to a specific data element [76] implemented in the DB with UBR); -w 7 -means to detect unusual user access activity and complicate code disclosure of confidential persistent modules (including the use of means for masking data provided by the DBMS and proposed in [77]); -w 8 -means that allow to identify and eliminate incorrectly assigned privileges, detect vulnerabilities, inappropriate session duration, improper implementation of the algorithm, authentication protocol, settings. Timely installation of critical updates or the use of virtual patches to protect the database from attempts to exploit vulnerabilities until a full-fledged and permanent patch is deployed; -w 9 -means that allow controlling resource consumption (for example, through the profile mechanism-a named set of resource restrictions that can be used by the user); -w 10 -means that allow controlling the integrity of the trigger code and persistent stored modules, including those based on the potential of the modern blockchain model proposed in [78] and implemented in a DB with UBR; -w 11 -using parameterized queries, stored procedures, least privileges; escaping user input; converting data types to the type that was assumed by the logic of the program, checking the data entered by the user for compliance with the allowed character sequences; -w 12 -maintenance of the list of "prohibited" functions, procedures, the usage of which should be avoided; -w 13 − -anti-virus software; -w 14 -means providing support for data integrity (both built into the DBMS and specially developed in the DB schema with UBR [76,80]), as well as implementing security models based on discretionary and role-based policies; -w 15 -means that implement security models based on: discretionary, mandatory, role-based, attribute policy, including those specific to a database with UBR [76]; -w 16 -special documented diagnostic functions capable of identifying the causes of defects caused by the incorrect formation of primary keys, entering incorrect data, inadmissible entry, deletion, modification of data, unauthorized access to data, unauthorized changes to the database schema with UBR and its objects (including using the capabilities of blockchain technology [78]); special triggers that can be used to intercept and log operations performed in the database; DBMS audit tools; -w 17 -audit means built into the DBMS, including specially developed means in the DB schema with UBR (means that ensure the maintenance of a special log-table of the modified data); -w 18 -masking data of tables based on the approach described in [79]; -w 19 -masking of stored objects using the means provided by the DBMS, as well as based on the approach described in [77]; -w 20 -using transparent data encryption (TDE) and cryptographically strong primitives built into the DBMS as well as national encryption standards (for example, the symmetric block cipher "Kalyna" from the national standard of DSTU 7624: 2014); -w 21 -timely installati...…”

mentioning

confidence: 99%

See 1 more Smart Citation

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

et al. 2021

Self Cite

View full text Add to dashboard Cite

Obtaining convincing evidence of database security, as the basic corporate resource, is extremely important. However, in order to verify the conclusions about the degree of security, it must be measured. To solve this challenge, the authors of the paper enhanced the Clements–Hoffman model, determined the integral security metric and, on this basis, developed a technique for evaluating the security of relational databases. The essence of improving the Clements–Hoffmann model is to expand it by including a set of object vulnerabilities. Vulnerability is considered as a separate objectively existing category. This makes it possible to evaluate both the likelihood of an unwanted incident and the database security as a whole more adequately. The technique for evaluating the main components of the security barriers and the database security as a whole, proposed by the authors, is based on the theory of fuzzy sets and risk. As an integral metric of database security, the reciprocal of the total residual risk is used, the constituent components of which are presented in the form of certain linguistic variables. In accordance with the developed technique, the authors presented the results of a quantitative evaluation of the effectiveness of the protection of databases built on the basis of the schema with the universal basis of relations and designed in accordance with the traditional technology of relational databases.

show abstract

Hiding the Source Code of Stored Database Programs

Cited by 3 publications

References 11 publications

Technique for Searching Data in a Cryptographically Protected SQL Database

Technique for Searching Data in a Cryptographically Protected SQL Database

Intelligent Classification Method of Low Occupancy Big Data Based on Grid Index

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

Contact Info

Product

Resources

About