Research and development of an information system database security model
DOI:
https://doi.org/10.26577/JMMCS-2019-4-m10Keywords:
protection of the database, information security, data security, protection model, application, database, enciphering, decodingAbstract
the article describes the methods of protecting the database and the information stored in it. The analysis of cyberattacks on information systems is presented. Some companies that provide services to protect information stored in databases, as well as structured and unstructured data, are considered. The developed database protection model is described, which displays the sequence of the encryption and decryption method. An algorithm of information encryption / decryption methods has been developed, which is based on the use of Base64 cryptographic encryption method. A fixed prefix is described. The Base64 transcoding result for each ASCII-readable character and digit is presented. Briefly described inflation prefix. A software implementation of the described algorithm was implemented, developed for the Windows operating system in the Embarcadero RAD Studio development environment in the Deplhi programming language, using integration with other programming languages and connected system libraries. A detailed description of the user instructions for the algorithm in question is given. The analysis of the software implementation of the proposed algorithm is carried out.
References
[2] "Nacionalnyj doklad po nauke."last accessed September 10, 2019, http:nauka-nanrk.kz-ru-assets-20.pdf
[3] "Kolichestvo incidentov, svyazannyh s atakami i ugrozami informacionnoj bezopasnosti, sokratilos’ v sravnenii s proshlym godom na 23 procenta."last accessed September 21, 2019, https:www.zakon.kz-4985176-kolichestvo-intsidentovsvyazannyh-s.html
[4] Sokolin D.T., Timohovich A.S., "Metody kompleksnogo obespecheniya bezopasnosti SQL – servera ot atak pita SQL – inekcij."Academy, "Avtomatika. Vychislitel’naya tekhnika"vol. 3, no 3 (2017): 10-60.
[5] "IBM Security Guardium."last accessed September 25, 2019, https:www.ibm.com-security-data-security-guardium [6] "Kompaniya Imperva."last accessed October 10, 2019, https:www.imperva.com-resources-datasheets-DS-SecureSphere-Data-Security.pdf
[7] "Imperva SecureSphere Data Security."last accessed October 10, 2019, http:www.akorda.kz-ru-addresses-addresses-of - president- poslanie-prezidenta-respubliki-kazahstan-n-nazarbaeva-narodu-kazahstana-10-anvarya–2018 –g
[8] "McAfee DataCenter Security Suite for Databases."last accessed October 10, 2019, https:www.mcafee. com -enterpriseen-us-assets-data-sheets-ds-data-center-security-suite-databases.pdf
[9] "McAfee Vulnerability Manager for Databases."last accessed October 13, 2019, http:b2b-download. mcafee.com-productsevaluation-database-security-vulnerability-manager-for-databases-vmd-4.5.0-mcafee-vulnerability-manager-for-databasesproduct-guide-4-5.pdf
[10] "Trustwave AppDetectivePRO."last accessed October 15, 2019, https:www.trustwave.com-en-us-resources-librarydocuments-trustwave-appdetectivepro [11] "Db Protect."last accessed October 15, 2019, https:www3.trustwave.comsoftware-Database-Security-Db ProtectUser Guide-649.pdf
[12] "FUDO SECURITY."last accessed October 26, 2019, https:www.fudosecurity.com
[13] "Base64 – princip raboty i sobstvennaya realizaciya."last accessed October 26, 2019, http:flash2048. com-post-base64
[14] "The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View."last accessed October 15, 2019,
https:www.imperva.com-blog-the-catch-22-of-base64-attacker-dilemma-from-a-defender-point-of-view