End-to-End Database Software Security
End-to-end security is essential for relational database software. Most database management software provide data protection at the server side and in transit, but data are no longer protected once they arrive at the client software. In this paper, we present a methodology that, in addition to serve...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-03-01
|
| Series: | Software |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2674-113X/2/2/7 |
| _version_ | 1827735595822088192 |
|---|---|
| author | Denis Ulybyshev Michael Rogers Vadim Kholodilo Bradley Northern |
| author_facet | Denis Ulybyshev Michael Rogers Vadim Kholodilo Bradley Northern |
| author_sort | Denis Ulybyshev |
| collection | DOAJ |
| description | End-to-end security is essential for relational database software. Most database management software provide data protection at the server side and in transit, but data are no longer protected once they arrive at the client software. In this paper, we present a methodology that, in addition to server-side security, protects data in transit and at rest on the application client side. Our solution enables flexible attribute-based and role-based access control, such that, for a given role or user with a given set of attributes, access can be granted to a relation, a column, or even to a particular data cell of the relation, depending on the data content. Our attribute-based access control model considers the client’s attributes, such as versions of the operating system and the web browser, as well as type of the client’s device. The solution supports decentralized data access and peer-to-peer data sharing in the form of an encrypted and digitally signed spreadsheet container that stores data retrieved by SQL queries from a database, along with data privileges. For extra security, keys for data encryption and decryption are generated on the fly. We show that our solution is successfully integrated with the PostgreSQL<sup>®</sup> database management system and enables more flexible access control for added security. |
| first_indexed | 2024-03-11T01:56:00Z |
| format | Article |
| id | doaj.art-75a7386d7f59432b821a04c96ea94144 |
| institution | Directory Open Access Journal |
| issn | 2674-113X |
| language | English |
| last_indexed | 2024-03-11T01:56:00Z |
| publishDate | 2023-03-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Software |
| spelling | doaj.art-75a7386d7f59432b821a04c96ea941442023-11-18T12:38:07ZengMDPI AGSoftware2674-113X2023-03-012216317610.3390/software2020007End-to-End Database Software SecurityDenis Ulybyshev0Michael Rogers1Vadim Kholodilo2Bradley Northern3Department of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USADepartment of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USADepartment of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USADepartment of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USAEnd-to-end security is essential for relational database software. Most database management software provide data protection at the server side and in transit, but data are no longer protected once they arrive at the client software. In this paper, we present a methodology that, in addition to server-side security, protects data in transit and at rest on the application client side. Our solution enables flexible attribute-based and role-based access control, such that, for a given role or user with a given set of attributes, access can be granted to a relation, a column, or even to a particular data cell of the relation, depending on the data content. Our attribute-based access control model considers the client’s attributes, such as versions of the operating system and the web browser, as well as type of the client’s device. The solution supports decentralized data access and peer-to-peer data sharing in the form of an encrypted and digitally signed spreadsheet container that stores data retrieved by SQL queries from a database, along with data privileges. For extra security, keys for data encryption and decryption are generated on the fly. We show that our solution is successfully integrated with the PostgreSQL<sup>®</sup> database management system and enables more flexible access control for added security.https://www.mdpi.com/2674-113X/2/2/7software securitydatabase securityaccess controldata privacy |
| spellingShingle | Denis Ulybyshev Michael Rogers Vadim Kholodilo Bradley Northern End-to-End Database Software Security Software software security database security access control data privacy |
| title | End-to-End Database Software Security |
| title_full | End-to-End Database Software Security |
| title_fullStr | End-to-End Database Software Security |
| title_full_unstemmed | End-to-End Database Software Security |
| title_short | End-to-End Database Software Security |
| title_sort | end to end database software security |
| topic | software security database security access control data privacy |
| url | https://www.mdpi.com/2674-113X/2/2/7 |
| work_keys_str_mv | AT denisulybyshev endtoenddatabasesoftwaresecurity AT michaelrogers endtoenddatabasesoftwaresecurity AT vadimkholodilo endtoenddatabasesoftwaresecurity AT bradleynorthern endtoenddatabasesoftwaresecurity |