The development of a commercially viable database encryption tool for Oracle8i Rdbmsud

摘要

In database security, access control is a major research issue. Discretionary access controls have been handled well by many database management systems through user roles and privileges. Mandatory access controls, on the other hand, remains a big problem when users with lower security clearance accessing data of higher security class. Data with classifications and users have clearances developed multilevel access controls, thus the problem of multilevel security. Many researches have been conducted using methods like object labeling, trusted systems, security filters, database views and etc. Many a times the problem remains unsolved due to either too theoretical or not practical to be implemented. Recent developments in research showed cryptography to be the promising solution to the multilevel security problem. With appropriate key management and good multilevel security scheme design, the problem can be solved in both theory and implemented in practice. This research endeavor is one such effort. It presents an investigation into the applications of modern cryptography for the security of databases. The investigation yields a new multilevel security scheme based on indigenous cryptographic primitives and supported by a new key management technique. The cryptographic primitives include enhanced block cipher and a new stream cipher design successfully implemented in a commercial database. The system yields a new approach in accessing and processing encrypted data using Initialization Vectors and provides solutions for hierarchical and direct access controls. The novel scheme allows the encryption of data at the tuple, attribute, and data element levels of a relation. The security of the scheme is guaranteed with no keys present in the system but stored securely in smartcards. The outcome from this research is realized in OraCrypt application which is implemented by usign Oracle 8i RDBMS.