Ensuring Data Integrity in Databases with the Universal Basis of Relations

Yesin, V.I.; Karpinski, Mikolaj; Yesina, M.V.; Vilihura, V.V.; Warwas, Kornel

doi:10.3390/app11188781

Cited by 5 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They provide secure covert (without leaving a trace in the existing means of documenting completed queries) automatic extraction and decryption (without showing the plaintext) required to find encrypted data using keys stored in R sec . At the same time, using the method based on the use of the potential of the modern blockchain model described in [33,34], the integrity of the key table and persistent stored system and user modules, as well as modules of special software developed within the framework of the proposed approach, is controlled. This increases the security of stored data and special software (increases protection against unauthorized modification, including through malware) with lower overhead costs (the amount of data stored for this and computing resources).…”

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

The growing popularity of data outsourcing to third-party cloud servers has a downside, related to the serious concerns of data owners about their security due to possible leakage. The desire to reduce the risk of loss of data confidentiality has become a motivating start to developing mechanisms that provide the ability to effectively use encryption to protect data. However, the use of traditional encryption methods faces a problem. Namely, traditional encryption, by making it impossible for insiders and outsiders to access data without knowing the keys, excludes the possibility of searching. This paper presents a solution that provides a strong level of confidentiality when searching, inserting, modifying, and deleting the required sensitive data in a remote database whose data are encrypted. The proposed SQL query processing technique allows the DBMS server to perform search functions over encrypted data in the same way as in an unencrypted database. This is achieved through the organization of automatic decryption by specially developed secure software of the corresponding data required for search, without the possibility of viewing these data itself. At that, we guarantee the integrity of the stored procedures used and special tables that store encrypted modules of special software and decryption keys, the relevance and completeness of the results returned to the application. The results of the analysis of the feasibility and effectiveness of the proposed solution show that the proper privacy of the stored data can be achieved at a reasonable overhead.

show abstract

Section: Main Security Aspectsmentioning

confidence: 99%

Technique for Searching Data in a Cryptographically Protected SQL Database

Yesin,

Karpinski,

Yesina

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…The degree of security is calculated on the basis of an integral quantitative metric that is the reciprocal of the total residual risk associated with the possibility of implementing threats in relation to a database object when using security measures. The main techniques implemented in accordance with the recommendations of the Clark-Wilson model to ensure the integrity of data and persistent stored database modules are studied in [14]. The authors propose a mechanism to ensure the integrity of the data and programs of databases based on the provisions of the relational database theory, the Row Level Security technology, the potential of the modern blockchain model, and the capabilities of the database management system on the platform of which databases with the universal basis of relations are implemented.…”

Section: Database Securitymentioning

confidence: 99%

Advances in Information Security and Privacy

Lax

Russo

2022

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…In the DB with UBR, which can be used as an ordinary DB, a data warehouse of various subject domains (SDs) or a configuration DB of the dataspace management environment [73][74][75], various security measures are implemented [76][77][78][79][80]. These measures are based on the provisions of the theory of relational databases [8,30,81], formal access control models [82,83] and ensuring data integrity [84], the potential of the modern blockchain model [85,86], row-level security (RLS) technology [87], SQL capabilities [45].…”

mentioning

confidence: 99%

“…Timely installation of patches or the use of virtual patches to protect the database; -w 6 -means that allow detecting unusual user access activity and complicating the leakage of confidential data from database tables (including the use of means for masking data provided by the DBMS and proposed in [79]; the usage of means of restricting access rights to a specific data element [76] implemented in the DB with UBR); -w 7 -means to detect unusual user access activity and complicate code disclosure of confidential persistent modules (including the use of means for masking data provided by the DBMS and proposed in [77]); -w 8 -means that allow to identify and eliminate incorrectly assigned privileges, detect vulnerabilities, inappropriate session duration, improper implementation of the algorithm, authentication protocol, settings. Timely installation of critical updates or the use of virtual patches to protect the database from attempts to exploit vulnerabilities until a full-fledged and permanent patch is deployed; -w 9 -means that allow controlling resource consumption (for example, through the profile mechanism-a named set of resource restrictions that can be used by the user); -w 10 -means that allow controlling the integrity of the trigger code and persistent stored modules, including those based on the potential of the modern blockchain model proposed in [78] and implemented in a DB with UBR; -w 11 -using parameterized queries, stored procedures, least privileges; escaping user input; converting data types to the type that was assumed by the logic of the program, checking the data entered by the user for compliance with the allowed character sequences; -w 12 -maintenance of the list of "prohibited" functions, procedures, the usage of which should be avoided; -w 13 − -anti-virus software; -w 14 -means providing support for data integrity (both built into the DBMS and specially developed in the DB schema with UBR [76,80]), as well as implementing security models based on discretionary and role-based policies; -w 15 -means that implement security models based on: discretionary, mandatory, role-based, attribute policy, including those specific to a database with UBR [76]; -w 16 -special documented diagnostic functions capable of identifying the causes of defects caused by the incorrect formation of primary keys, entering incorrect data, inadmissible entry, deletion, modification of data, unauthorized access to data, unauthorized changes to the database schema with UBR and its objects (including using the capabilities of blockchain technology [78]); special triggers that can be used to intercept and log operations performed in the database; DBMS audit tools; -w 17 -audit means built into the DBMS, including specially developed means in the DB schema with UBR (means that ensure the maintenance of a special log-table of the modified data); -w 18 -masking data of tables based on the approach described in [79]; -w 19 -masking of stored objects using the means provided by the DBMS, as well as based on the approach described in [77]; -w 20 -using transparent data encryption (TDE) and cryptographically strong primitives built into the DBMS as well as national encryption standards (for example, the symmetric block cipher "Kalyna" from the national standard of DSTU 7624: 2014); -w 21 -timely installati...…”

mentioning

confidence: 99%

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

et al. 2021

Self Cite

View full text Add to dashboard Cite

Obtaining convincing evidence of database security, as the basic corporate resource, is extremely important. However, in order to verify the conclusions about the degree of security, it must be measured. To solve this challenge, the authors of the paper enhanced the Clements–Hoffman model, determined the integral security metric and, on this basis, developed a technique for evaluating the security of relational databases. The essence of improving the Clements–Hoffmann model is to expand it by including a set of object vulnerabilities. Vulnerability is considered as a separate objectively existing category. This makes it possible to evaluate both the likelihood of an unwanted incident and the database security as a whole more adequately. The technique for evaluating the main components of the security barriers and the database security as a whole, proposed by the authors, is based on the theory of fuzzy sets and risk. As an integral metric of database security, the reciprocal of the total residual risk is used, the constituent components of which are presented in the form of certain linguistic variables. In accordance with the developed technique, the authors presented the results of a quantitative evaluation of the effectiveness of the protection of databases built on the basis of the schema with the universal basis of relations and designed in accordance with the traditional technology of relational databases.

show abstract

Ensuring Data Integrity in Databases with the Universal Basis of Relations

Cited by 5 publications

References 20 publications

Technique for Searching Data in a Cryptographically Protected SQL Database

Technique for Searching Data in a Cryptographically Protected SQL Database

Advances in Information Security and Privacy

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

Contact Info

Product

Resources

About