Monitoring the Integrity and Authenticity of Stored Database Objects

Yesin, V.I.; Yesina, M.V.; Vilihura, V.V.

doi:10.1615/telecomradeng.v79.i12.20

Cited by 4 publications

(6 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…They provide secure covert (without leaving a trace in the existing means of documenting completed queries) automatic extraction and decryption (without showing the plaintext) required to find encrypted data using keys stored in R sec . At the same time, using the method based on the use of the potential of the modern blockchain model described in [33,34], the integrity of the key table and persistent stored system and user modules, as well as modules of special software developed within the framework of the proposed approach, is controlled. This increases the security of stored data and special software (increases protection against unauthorized modification, including through malware) with lower overhead costs (the amount of data stored for this and computing resources).…”

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The growing popularity of data outsourcing to third-party cloud servers has a downside, related to the serious concerns of data owners about their security due to possible leakage. The desire to reduce the risk of loss of data confidentiality has become a motivating start to developing mechanisms that provide the ability to effectively use encryption to protect data. However, the use of traditional encryption methods faces a problem. Namely, traditional encryption, by making it impossible for insiders and outsiders to access data without knowing the keys, excludes the possibility of searching. This paper presents a solution that provides a strong level of confidentiality when searching, inserting, modifying, and deleting the required sensitive data in a remote database whose data are encrypted. The proposed SQL query processing technique allows the DBMS server to perform search functions over encrypted data in the same way as in an unencrypted database. This is achieved through the organization of automatic decryption by specially developed secure software of the corresponding data required for search, without the possibility of viewing these data itself. At that, we guarantee the integrity of the stored procedures used and special tables that store encrypted modules of special software and decryption keys, the relevance and completeness of the results returned to the application. The results of the analysis of the feasibility and effectiveness of the proposed solution show that the proper privacy of the stored data can be achieved at a reasonable overhead.

show abstract

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Constant monitoring of these database objects (as CDI elements) is very important, since some of the attacks on the database (although not only on it, as, for example, you can attack the operating system through the vulnerabilities of the database server) can be detected precisely based on the modification analysis (intentional or accidental) of these objects (violation of their integrity) or their set (increase or decrease in their number) on the database server. Therefore, to ensure the possibility of monitoring the integrity of such stored modules, including those related to the DB schema with UBR, using the potential of the modern blockchain model, as shown in [42], the following have been developed:…”

Section: Applying the Clark-wilson Model Recommendations To Ensure The Integrity Of Databases With The Universal Basis Of Relationsmentioning

confidence: 99%

“…On the DBMS server, the integrity control of the persistent stored modules, as described above, can be established with a certain periodicity as part of the audit with the recording of relevant information in the audit log with its subsequent analysis and taking effective measures. At that, the integrity check of a certain PSM can be initiated by any of the legitimate users of the system, who will contact the server with a corresponding request, which is described in more detail in [42].…”

Section: Applying the Clark-wilson Model Recommendations To Ensure The Integrity Of Databases With The Universal Basis Of Relationsmentioning

confidence: 99%

Ensuring Data Integrity in Databases with the Universal Basis of Relations

et al. 2021

View full text Add to dashboard Cite

The objective of the paper was to reveal the main techniques and means of ensuring the integrity of data and persistent stored database modules implemented in accordance with the recommendations of the Clark–Wilson model as a methodological basis for building a system that ensures integrity. The considered database was built according to the schema with the universal basis of relations. The mechanisms developed in the process of researching the problem of ensuring the integrity of the data and programs of such a database were based on the provisions of the relational database theory, the Row Level Security technology, the potential of the modern blockchain model, and the capabilities of the database management system on the platform of which databases with the universal basis of relations are implemented. The implementation of the proposed techniques and means, controlling the integrity of the database of stored elements, prevents their unauthorized modification by authorized subjects and hinders the introduction of changes by unauthorized subjects. As a result, the stored data and programs remain correct, unaltered, undistorted, and preserved. This means that databases built based on a schema with the universal basis of relations and supported by such mechanisms are protected in terms of integrity.

show abstract

“… IVP (integrity verification procedure) -процедура проверки целостности CDI (процедура, которая сканирует элементы данных и подтверждает их целостность, например путем расчета контрольной суммы или используя возможности современной блокчейновой модели, как это показано в работе [8]);  TP (transformation procedure) -процедура преобразования -компонент, который может инициировать транзакцию (последовательность операций), переводящую систему из одного состояния в другое. Процедуры преобразования единственные процедуры, которым разрешено изменять CDI .…”

Section: модель кларка -вилсонаunclassified

Analysis of formal models for ensuring data integrity and their applicability to databases

Yesin¹,

Рассомахин²,

Vilihura³

2021

View full text Add to dashboard Cite

Information systems in general and databases in particular are vulnerable to accidental or malicious attacks aimed at compromising data integrity. Security is easier if you have a clear model that is the formal expression of security policy. The paper explores known security models related to data integrity, their applicability and significance for databases. The analysis of formal models for ensuring data integrity revealed that each of them, having certain advantages and disadvantages, has the right to use. The decisive factor in making a decision is an assessment of a specific situation, which will make it possible to make the right choice, including their complex application. In this regard, the paper notes that the Clark-Wilson model, the undoubted advantages of which are its simplicity and ease of joint use with other security models, is advisable to use as a set of practical recommendations for building an integrity assurance system in information systems. While stating the fact that traditional DBMSs support many of the mechanisms of the Clark-Wilson model, the article points out that implementations based on standard SQL require some compromise solutions. Analyzing the Biba model, the paper concludes about its relative simplicity and the use of a well-studied mathematical apparatus. It is noted that in practice, for the creation of secure information systems, as systems that ensure the confidentiality and data integrity, it is important to unite the Bell-LaPadula and Biba models. Moreover, this union should be on the basis of one common lattice, but with two security labels (confidentiality and integrity) with the opposite character of their definition. This is exactly the variant of combining the Bell-LaPadula and Biba models that is recommended for use in modern information systems and DBMSs, where a mandatory security policy is implemented.

show abstract

Monitoring the Integrity and Authenticity of Stored Database Objects

Cited by 4 publications

References 0 publications

Technique for Searching Data in a Cryptographically Protected SQL Database

Technique for Searching Data in a Cryptographically Protected SQL Database

Ensuring Data Integrity in Databases with the Universal Basis of Relations

Analysis of formal models for ensuring data integrity and their applicability to databases

Contact Info

Product

Resources

About