Database tables masking using the SQL CLR technology

Authors

  • Михаил Владимирович Коломыцев NTUU "KPI"
  • Светлана Александровна Носок NTUU "KPI"
  • Анастасия Евгениевна Мазуренко NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.19.11440

Keywords:

database, personal data protection, data masking, confidential data, information system

Abstract

The article is devoted to the trending problem of the information protection in databases. The authors considering the data protection using masking method. The point of the data masking is in irreversible replacing confidential information in the database (e.g., data that identifying specific individuals) with unclassified data to prevent access by unauthorized users. As usual, the confidential data being replaced with values that seems like real, so they can be used in test systems with guarantee that the original data can not be retrieved, recovered or restored. Masking enables database owners to determine how much sensitive data to be displayed, with minimal impact on an application workflow - data must remain functionally suitable for application processing (mainly in testing and learning tasks, etc.). In this article, the authors propose a method of masking the personal data in the database (DB). This method is implemented as a CLR-build for DBMS MS SQL Server.

Author Biographies

Михаил Владимирович Коломыцев, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Светлана Александровна Носок, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Анастасия Евгениевна Мазуренко, NTUU "KPI"

student of the Institute of Phys-ics and Technologies of the NTUU "KPI"

References

Ahmed W. Data Masking Best Practice [Электронный ресурс] / W. Ahmed, J. Athreya. – 2013. – Режим доступа: http://www.oracle.com/ us/prod-ucts/database/data-masking-best-practices-161213.pdf.

Закон України «Про захист персональних даних» від 20.12.2012 №2297- VI.

Коломыцев М.В., Южаков А.М. Защита персона-льных данных методом маскирования / М. В. Коломыцев, А. М. Южаков // Захист інформації. - 2013. - Т. 15, № 4. - С. 382-387. - Режим доступа: http://nbuv.gov.ua/j-pdf/Zi_2013_15_4_17.pdf.

Understanding and Selecting Data Masking Solutions: Creating Secure and Useful Data [Электронный ресурс]. – 2012. – Режим доступа: https://securo-sis.com/assets/library/reports/UnderstandingMask-ing_FinalMaster_V3.pdf.

The Five Laws Of Data Masking [Электронный ресурс]. – 2008. – Режим доступа: https://securosis. com/blog/the-five-laws-of-data-masking.

Коломыцев М.В., Носок С.А., Мазуренко А.Е. Обеспечение целостности внешних ключей мас-ированной базы данных // Захист інформації – 2015. – Т.17, № 4. - С.306-311.

S. Rutzky CLR Performance Testing [Электронный ресурс] https://www.simple-talk.com/sql/t-sql-pro-gramming/clr-performance-testing/.

Downloads

Published

2017-03-27

How to Cite

Коломыцев, М. В., Носок, С. А., & Мазуренко, А. Е. (2017). Database tables masking using the SQL CLR technology. Ukrainian Information Security Research Journal, 19(1), 16–22. https://doi.org/10.18372/2410-7840.19.11440

Issue

Vol. 19 No. 1 (2017)

Section

Articles

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.