Flat role based access control and encryption scheme for database security

Abstract

Encryption is one way that can be used to secure database. In the use of encryption to secure database it is important to determine where the location of encryption to be performed. In database encryption, one location to perform the encryption is in application level, where the data has been produced. In this approach, the encryption infrastructure is located outside the database. Implementing encryption at the application level would require a secure mechanism to protect applications that are used to access the database. Roughly speaking, the confidentiality property enforces predefined restrictions while accessing the protected data, thus preventing disclosure to unauthorized persons. To preserve the data confidentiality in database, one way is by implementing access control policies on the database. An access control policy is a set of authorizations. This study implemented an access control on application level using Flat Role Based Access Control (FRBAC). Hence, with the flexibility, security of encryption and access control on application level, this study combines these two levels of security to secure database. In term of functionality, experimental results showed implementation of FRBAC is able to authenticate users and prevent unauthorized users to access the application in order to protect data on database by separating access for each user based on role. The implementation of encryption managed to secure the transmission of queries and query results as long as both are in the network by encrypting them using XTEA algorithm. Performance test showed, to encrypt the query and the query results directly affect the execution time of the query and size of file