Database tables masking using the SQL CLR technology

Authors

  • Михаил Владимирович Коломыцев NTUU "KPI"
  • Светлана Александровна Носок NTUU "KPI"
  • Анастасия Евгениевна Мазуренко NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.19.11440

Keywords:

database, personal data protection, data masking, confidential data, information system

Abstract

The article is devoted to the trending problem of the information protection in databases. The authors considering the data protection using masking method. The point of the data masking is in irreversible replacing confidential information in the database (e.g., data that identifying specific individuals) with unclassified data to prevent access by unauthorized users. As usual, the confidential data being replaced with values that seems like real, so they can be used in test systems with guarantee that the original data can not be retrieved, recovered or restored. Masking enables database owners to determine how much sensitive data to be displayed, with minimal impact on an application workflow - data must remain functionally suitable for application processing (mainly in testing and learning tasks, etc.). In this article, the authors propose a method of masking the personal data in the database (DB). This method is implemented as a CLR-build for DBMS MS SQL Server.

Author Biographies

Михаил Владимирович Коломыцев, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Светлана Александровна Носок, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Анастасия Евгениевна Мазуренко, NTUU "KPI"

student of the Institute of Phys-ics and Technologies of the NTUU "KPI"

References

Ahmed W. Data Masking Best Practice [Электронный ресурс] / W. Ahmed, J. Athreya. – 2013. – Режим доступа: http://www.oracle.com/ us/prod-ucts/database/data-masking-best-practices-161213.pdf.

Закон України «Про захист персональних даних» від 20.12.2012 №2297- VI.

Коломыцев М.В., Южаков А.М. Защита персона-льных данных методом маскирования / М. В. Коломыцев, А. М. Южаков // Захист інформації. - 2013. - Т. 15, № 4. - С. 382-387. - Режим доступа: http://nbuv.gov.ua/j-pdf/Zi_2013_15_4_17.pdf.

Understanding and Selecting Data Masking Solutions: Creating Secure and Useful Data [Электронный ресурс]. – 2012. – Режим доступа: https://securo-sis.com/assets/library/reports/UnderstandingMask-ing_FinalMaster_V3.pdf.

The Five Laws Of Data Masking [Электронный ресурс]. – 2008. – Режим доступа: https://securosis. com/blog/the-five-laws-of-data-masking.

Коломыцев М.В., Носок С.А., Мазуренко А.Е. Обеспечение целостности внешних ключей мас-ированной базы данных // Захист інформації – 2015. – Т.17, № 4. - С.306-311.

S. Rutzky CLR Performance Testing [Электронный ресурс] https://www.simple-talk.com/sql/t-sql-pro-gramming/clr-performance-testing/.

Downloads

Published

2017-03-27

Issue

Vol. 19 No. 1 (2017)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).