Universiti Teknologi Malaysia Institutional Repository

The development of a commercially viable database encryption tool for Oracle8i Rdbms

Kama, Mohd. Nazri and Mohamed Sidek, Zailani (2005) The development of a commercially viable database encryption tool for Oracle8i Rdbms. Project Report. Faculty of Computer Science and Information System, Skudai Johor. (Unpublished)

[img] PDF (full text)
1MB

Abstract

In database security, access control is a major research issue. Discretionary access controls have been handled well by many database management systems through user roles and privileges. Mandatory access controls, on the other hand, remains a big problem when users with lower security clearance accessing data of higher security class. Data with classifications and users have clearances developed multilevel access controls, thus the problem of multilevel security. Many researches have been conducted using methods like object labeling, trusted systems, security filters, database views and etc. Many a times the problem remains unsolved due to either too theoretical or not practical to be implemented. Recent developments in research showed cryptography to be the promising solution to the multilevel security problem. With appropriate key management and good multilevel security scheme design, the problem can be solved in both theory and implemented in practice. This research endeavor is one such effort. It presents an investigation into the applications of modern cryptography for the security of databases. The investigation yields a new multilevel security scheme based on indigenous cryptographic primitives and supported by a new key management technique. The cryptographic primitives include enhanced block cipher and a new stream cipher design successfully implemented in a commercial database. The system yields a new approach in accessing and processing encrypted data using Initialization Vectors and provides solutions for hierarchical and direct access controls. The novel scheme allows the encryption of data at the tuple, attribute, and data element levels of a relation. The security of the scheme is guaranteed with no keys present in the system but stored securely in smartcards. The outcome from this research is realized in OraCrypt application which is implemented by usign Oracle 8i RDBMS.

Item Type:Monograph (Project Report)
Uncontrolled Keywords:Access control,database security,cryptography
Subjects:Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4450 Databases
Divisions:Computer Science and Information System
ID Code:4387
Deposited By: Azrin Ariffin
Deposited On:25 Jun 2008 03:22
Last Modified:07 Aug 2017 03:23

Repository Staff Only: item control page