A PROFESSIONAL APPROACH AS A METHOD OF PROTECTING INFORMATION AT THE STAGES OF DEVELOPMENT OF RELATIONAL DATABASES AND SOFTWARE FOR WORKING WITH THEM
DOI:
https://doi.org/10.28925/2663-4023.2024.23.4255Keywords:
code security; data security; database design; software engineering; security threat; data integrity; integrity constraints; database normalization.Abstract
The design of relational databases and software (software) for working with them is analyzed from the point of view of design components affecting data security. Named the internal threats that arise due to imperfect design. Positive practices are described that allow designing databases and developing software to work with them in the aspect of secure code. It is justified why the stage of relational database design, when relation normalization is applied, relationships between tables are formed, and integrity constraints are formed, is a step to ensure data protection, which is not emphasized in the database security literature. In particular, it is proposed to create external relationships between tables so that the Database Management System (DBMS) protects data from integrity violations. Some points in the development of software are highlighted, which are responsible for the safety of working with the database from the point of view of creating a reliable and safe code and stem from the practical experience of the programmer. The secure code approach, which is widely used in software development and at the software audit level, has been shown to prevent internal security threats, which are the most common cause of data loss. The requirements for using this approach are included in the updated information security standards, so they should be considered by professional database and software developers.
Downloads
References
Database Security – Datalabs. (n.d.). Datalabs. https://datalabsua.com/ua/database-security/
Pernul, G., Tjoa, A., & Winiwarter, W. (1998). Modelling Data Secrecy and Integrity. Data & Knowledge Engineering, 26(3), 291–308. https://doi.org/10.1016/s0169-023x(97)00045-1
Yesin Y., et al. (2021). Ensuring Data Integrity in Databases with the Universal Basis of Relations. Appl. Sci. 11, 8781. https://doi.org/10.3390/app11188781
Martin, R. (2017). Clean Architecture: A Craftsman’s Guide to Software Structure and Design. Pearson.
Concept of logical and physical data integrity. (n.d.). https://jak.bono.odessa.ua/articles/ponjattja-logichnogo-i-fizichnoi-cilisnosti-danih.php
Secure Coding - Challenges in information security. (n.d.). DQS|Audits und Zertifizierung|Simply leveraging Quality. https://www.dqsglobal.com/intl/learn/blog/secure-coding-challenge-in-information-security
Databases and knowledge bases design. Chapter 8 – Data integrity and security. Lecture notes. (n.d.). Elearning SumDU. https://elearning.sumdu.edu.ua/free_content/lectured:89b3d175c06a6b137e410cb14 821d0e94549ad5a/20151013153156/44700/index.html#p22
Vakhula, О., & Opirskyy, І. (2023). Research on Security Issues in Cloud Environments and Solutions Using the “Security as Code” Approach. Ukrainian Inf. Secur. Res. J. 25(3), 113–122. https://doi.org/10.18372/2410-7840.25.17936
Kasianchuk, N., & Tkachuk, L. (2019). Information protection in databases. Vinnytsia National Technical University. https://conferences. vntu. edu. ua/index. php/all-fm/all-fm-2019/paper/download/7001/5715
Faragallah, O., et al. (2014). Multilevel Security for Relational Databases. Auerbach Publications. https://doi.org/10.1201/b17719
Secure software development methodologies|BETWEEN Technology. (n.d.). Impúlsate|blog de BETWEEN Technology. https://impulsate.between.tech/en/secure-dsoftware-development-methodologies
Teimoor, R. (2021). A review of database security concepts, risks, and problems. UHD Journal of Science and Technology, 5(2), 38–46. https://doi.org/10.21928/uhdjst.v5n2y2021.pp38-46
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Ярослава Момрик, Юрій Ящук, Роман Тучапський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.