loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Óscar Mortágua Pereira ; Diogo Domingues Regateiro and Rui L. Aguiar

Affiliation: Instituto de Telecomunicacoes and DETI - University of Aveiro, Portugal

Keyword(s): Access Control, Information Security, Database Schema, CRUD, Software Architecture.

Related Ontology Subjects/Areas/Topics: Access Control ; Data and Application Security and Privacy ; Data Engineering ; Data Protection ; Database Security and Privacy ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Secure Software Development Methodologies ; Security in Information Systems ; Web Information Systems and Technologies

Abstract: Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 98.84.18.52

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Mortágua Pereira, Ó.; Domingues Regateiro, D. and Aguiar, R. (2016). Protecting Databases from Schema Disclosure - A CRUD-Based Protection Model. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT; ISBN 978-989-758-196-0; ISSN 2184-3236, SciTePress, pages 292-301. DOI: 10.5220/0005967402920301

@conference{secrypt16,
author={Óscar {Mortágua Pereira}. and Diogo {Domingues Regateiro}. and Rui L. Aguiar.},
title={Protecting Databases from Schema Disclosure - A CRUD-Based Protection Model},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT},
year={2016},
pages={292-301},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005967402920301},
isbn={978-989-758-196-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT
TI - Protecting Databases from Schema Disclosure - A CRUD-Based Protection Model
SN - 978-989-758-196-0
IS - 2184-3236
AU - Mortágua Pereira, Ó.
AU - Domingues Regateiro, D.
AU - Aguiar, R.
PY - 2016
SP - 292
EP - 301
DO - 10.5220/0005967402920301
PB - SciTePress