Please use this identifier to cite or link to this item:
Title: Protecting databases from schema disclosure: a CRUD-based protection model
Author: Pereira, Óscar Narciso Mortágua
Regateiro, Diogo Domingues
Aguiar, Rui L.
Keywords: Access control
Information security
Database schema
Software architecture
Issue Date: 28-Jul-2016
Publisher: SCITEPRESS: Science and Technology Publications
Abstract: Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept.
Peer review: yes
DOI: 10.5220/0005967402920301
ISBN: 978-989-758-196-0
Appears in Collections:DETI - Comunicações

Files in This Item:
File Description SizeFormat 
(CP) - 2016-07-28 (SECRYPT - Lisbon - Portugal) Protecting Databases from Schema Disclosure - A CRUD-based Protection Model.pdfDocumento principal220.33 kBAdobe PDFrestrictedAccess

Formato BibTex MendeleyEndnote Degois 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.