Abstract:
Most of the software systems are having role
based operation model where each user, based on their job
role having some functionality to perform. Role based
access privileges are basic security implementation in most
of the database driven software system. Users or Operators
of the system enters the records into the software system
using graphical user interface (GUI), which is stored into
the database after data validation.
Generally administrators are having all privileges and can
perform all system and functional operations. Administrator
can be divided into following categories:-
1. Software System Administrators
2. Network Administrators
3. Server Administrators
4. Database Administrators
Network, Server & Database administrators are more
powerful than software system administrator as they are
having full privileges and can able to do changes in the
systems which is almost untraceable unless complete system
audit is performed to trace the mismatch of manual record
and software system record.
Data in the databases are unsecure as confidential
organization record is stored on servers in unencrypted
form, which is not secure from insider and outsider attack.
This research work shows how to protect data
confidentiality even when attackers get access to all the data
stored on servers. Also authors are proposing a migration
model which can be used to secure existing unsecure
database driven software system.
As a case study authors have taken an existing software
system and applying AES based encryption and decryption
with the key initialization vector (IV) and Code Block
Chaining (CBC) mode with PKCS 5 padding because it has
a very high security performance.
