6 research outputs found
âEnhanced Encryption and Fine-Grained Authorization for Database Systems
The aim of this research is to enhance fine-grained authorization and encryption
so that database systems are equipped with the controls necessary to help
enterprises adhere to zero-trust security more effectively. For fine-grained
authorization, this thesis has extended database systems with three new
concepts: Row permissions, column masks and trusted contexts. Row
permissions and column masks provide data-centric security so the security
policy cannot be bypassed as with database views, for example. They also
coexist in harmony with the rest of the database core tenets so that enterprises
are not forced to compromise neither security nor database functionality. Trusted
contexts provide applications in multitiered environments with a secure and
controlled manner to propagate user identities to the database and therefore
enable such applications to delegate the security policy to the database system
where it is enforced more effectively. Trusted contexts also protect against
application bypass so the application credentials cannot be abused to make
database changes outside the scope of the applicationâs business logic. For
encryption, this thesis has introduced a holistic database encryption solution to
address the limitations of traditional database encryption methods. It too coexists
in harmony with the rest of the database core tenets so that enterprises are not
forced to choose between security and performance as with column encryption,
for example. Lastly, row permissions, column masks, trusted contexts and holistic
database encryption have all been implemented IBM DB2, where they are relied
upon by thousands of organizations from around the world to protect critical data
and adhere to zero-trust security more effectively
Making Existing Software Quantum Safe: Lessons Learned
In the era of quantum computing, Shor's algorithm running on quantum
computers (QCs) can break asymmetric encryption algorithms that classical
computers essentially cannot. QCs, with the help of Grover's algorithm, can
also speed up the breaking of symmetric encryption algorithms. Though the exact
date when QCs will become "dangerous" for practical problems is unknown, the
consensus is that this future is near. Thus, one needs to start preparing for
the era of quantum advantage and ensure quantum safety proactively.
In this paper, we discuss the effect of quantum advantage on the existing
software systems and recap our seven-step roadmap, deemed 7E. The roadmap gives
developers a structured way to start preparing for the quantum advantage era.
We then report the results of a case study, which validates 7E. Our software
under study is the IBM Db2 database system, where we upgrade the existing
cryptographic schemes to post-quantum cryptography (using Kyber and Dilithium
schemes) and report our findings and learned lessons. The outcome of the study
shows that the 7E roadmap is effective in helping to plan the evolution of
existing software security features towards quantum safety
INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS
Keywords: Authorization-transparent, fine-grained access control, label-based access control, XML relationship labeling. Abstract: Most work on XML access control considers XML nodes as the smallest protection unit. This paper shows the limitation of this approach and introduces an XML access control mechanism that protects inter-node relationships. Our approach provides a finer granularity of access control than the node-based approaches(i.e., more expressive). Moreover, our approach helps achieve the âneed-to-know â security principle and the âchoiceâ privacy principle. This paper also shows how our approach can be implemented using a generic label infrastructure and suggests algorithms to create/check a secure set of labeled relationships in an XML document.