Some approach to data masking as means to counteract the inference threat

Yesin, V.I.; Vilihura, V.V.

doi:10.30837/rt.2019.3.198.09

Cited by 4 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In future work, BDMasker will expand the support for AI-driven dynamic data protection and prevent malicious users from using reasoning or violence technology to bypass masking [22] . We will also study how to work out more general methods via AI so that they can be more easily adapted to big data engines.…”

Section: Discussionmentioning

confidence: 99%

BDMasker: Dynamic Data Protection System for Open Big Data Environment

Tu¹,

Niu²,

Wang³

et al. 2023

International Journal of Software and Informatics

View full text Add to dashboard Cite

Big data has become a national basic strategic resource, and the opening and sharing of data is the core of China's big data strategy. Cloud native technology and lake-house architecture are reconstructing the big data infrastructure and promoting data sharing and value dissemination. The development of the big data industry and technology requires stronger data security and data sharing capabilities. However, data security in an open environment has become a bottleneck, which restricts the development and utilization of big data technology. The issues of data security and privacy protection have become increasingly prominent both in the open source big data ecosystem and the commercial big data system. Dynamic data protection system under the open big data environment is now facing challenges in regards such as data availability, processing efficiency, and system scalability. This paper proposes the dynamic data protection system BDMasker for the open big data environment. Through a precise query analysis and query rewriting technology based on the query dependency model, it can accurately perceive but does not change the original business request, which indicates that the whole process of dynamic masking has zero impact on the business. Furthermore, its multi-engine-oriented unified security strategy framework realizes the vertical expansion of dynamic data protection capabilities and the horizontal expansion among multiple computing engines. The distributed computing capability of the big data execution engine can be used to improve the data protection processing performance of the system. The experimental results show that the precise SQL analysis and rewriting technology proposed by BDMasker is effective. The system has good scalability and performance, and the overall performance fluctuates within 3% in the TPC-DS and YCSB benchmark tests.

show abstract

Section: Discussionmentioning

confidence: 99%

BDMasker: Dynamic Data Protection System for Open Big Data Environment

Tu¹,

Niu²,

Wang³

et al. 2023

International Journal of Software and Informatics

View full text Add to dashboard Cite

show abstract

“…To encrypt/decrypt data of fields of various types of a tuple row of a certain table R of a database, a scheme is used based on the use of keys K R 1 , K j 2 , K γ 3 similar to that described in [36,37], where K R 1 is a unique 128-bit random value (secret key) generated by a cryptographically strong pseudo-random number generator (PRNG) for each table R, constant for all values that will be encrypted in this table; K j 2 is a unique 128-bit random value (secret key) generated by a cryptographically strong PRNG for each attribute j of table R; and K γ 3 is the value of the integer identifier of the primary key of the γ-th row of the table R. Secret (symmetric) keys K R 1 , K j 2 are encrypted by one of the cryptographically strong algorithms and stored in the special database table R sec . The values of these keys are never shown.…”

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The growing popularity of data outsourcing to third-party cloud servers has a downside, related to the serious concerns of data owners about their security due to possible leakage. The desire to reduce the risk of loss of data confidentiality has become a motivating start to developing mechanisms that provide the ability to effectively use encryption to protect data. However, the use of traditional encryption methods faces a problem. Namely, traditional encryption, by making it impossible for insiders and outsiders to access data without knowing the keys, excludes the possibility of searching. This paper presents a solution that provides a strong level of confidentiality when searching, inserting, modifying, and deleting the required sensitive data in a remote database whose data are encrypted. The proposed SQL query processing technique allows the DBMS server to perform search functions over encrypted data in the same way as in an unencrypted database. This is achieved through the organization of automatic decryption by specially developed secure software of the corresponding data required for search, without the possibility of viewing these data itself. At that, we guarantee the integrity of the stored procedures used and special tables that store encrypted modules of special software and decryption keys, the relevance and completeness of the results returned to the application. The results of the analysis of the feasibility and effectiveness of the proposed solution show that the proper privacy of the stored data can be achieved at a reasonable overhead.

show abstract

“…One such solution [26] was taken as a basis. In [26], an approach to hiding data stored in a database was proposed, which is based on the principles of random permutation of elements (bytes, characters) of a specific field of the corresponding column (attribute) of a row (tuple) of data and dynamic data masking. Moreover, since the source code of SP is also stored in a certain way in the corresponding DBMS tables, this approach can be fully applied to hide it.…”

Section: Related Workmentioning

confidence: 99%

“…The general scheme of the somewhat refined masking algorithm described in [26] is presented below (Algorithm 1).…”

Section: Algorithm For Masking the Code Of Stored Programsmentioning

confidence: 99%

“…The implementation of the transformation in accordance with the MA-1 algorithm (Algorithm 1) is only part of the masking process of the stored program code in contrast to the masking process of the data of the corresponding table attributes, which was considered in detail in [26]. The stored program code obtained as a result of the transformation needs to be saved on the server, which can only be done after executing the corresponding SQL statements.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Hiding the Source Code of Stored Database Programs

et al. 2020

View full text Add to dashboard Cite

The objective of the article is to reveal an approach to hiding the code of stored programs stored in the database. The essence of this approach is the complex use of the method of random permutation of code symbols related to a specific stored program, located in several rows of some attribute of the database system table, as well as the substitution method. Moreover, with the possible substitute of each character obtained after the permutation with another one randomly selected from the Unicode standard, a legitimate user with the appropriate privileges gets access to the source code of the stored program due to the ability to quickly perform the inverse to masking transformation and overwrite the program code into the database. All other users and attackers without knowledge of certain information can only read the codes of stored programs masked with format preserving. The proposed solution is more efficient than the existing methods of hiding the code of stored programs provided by the developers of some modern database management systems (DBMS), since an attacker will need much greater computational and time consumption to disclose the source code of stored programs.

show abstract

Some approach to data masking as means to counteract the inference threat

Cited by 4 publications

References 3 publications

BDMasker: Dynamic Data Protection System for Open Big Data Environment

BDMasker: Dynamic Data Protection System for Open Big Data Environment

Technique for Searching Data in a Cryptographically Protected SQL Database

Hiding the Source Code of Stored Database Programs

Contact Info

Product

Resources

About