A PROFESSIONAL APPROACH AS A METHOD OF PROTECTING INFORMATION AT THE STAGES OF DEVELOPMENT OF RELATIONAL DATABASES AND SOFTWARE FOR WORKING WITH THEM

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.23.4255

Keywords:

code security; data security; database design; software engineering; security threat; data integrity; integrity constraints; database normalization.

Abstract

The design of relational databases and software (software) for working with them is analyzed from the point of view of design components affecting data security. Named the internal threats that arise due to imperfect design. Positive practices are described that allow designing databases and developing software to work with them in the aspect of secure code. It is justified why the stage of relational database design, when relation normalization is applied, relationships between tables are formed, and integrity constraints are formed, is a step to ensure data protection, which is not emphasized in the database security literature. In particular, it is proposed to create external relationships between tables so that the Database Management System (DBMS) protects data from integrity violations. Some points in the development of software are highlighted, which are responsible for the safety of working with the database from the point of view of creating a reliable and safe code and stem from the practical experience of the programmer. The secure code approach, which is widely used in software development and at the software audit level, has been shown to prevent internal security threats, which are the most common cause of data loss. The requirements for using this approach are included in the updated information security standards, so they should be considered by professional database and software developers.

Downloads

Download data is not yet available.

References

Database Security – Datalabs. (n.d.). Datalabs. https://datalabsua.com/ua/database-security/

Pernul, G., Tjoa, A., & Winiwarter, W. (1998). Modelling Data Secrecy and Integrity. Data & Knowledge Engineering, 26(3), 291–308. https://doi.org/10.1016/s0169-023x(97)00045-1

Yesin Y., et al. (2021). Ensuring Data Integrity in Databases with the Universal Basis of Relations. Appl. Sci. 11, 8781. https://doi.org/10.3390/app11188781

Martin, R. (2017). Clean Architecture: A Craftsman’s Guide to Software Structure and Design. Pearson.

Concept of logical and physical data integrity. (n.d.). https://jak.bono.odessa.ua/articles/ponjattja-logichnogo-i-fizichnoi-cilisnosti-danih.php

Secure Coding - Challenges in information security. (n.d.). DQS|Audits und Zertifizierung|Simply leveraging Quality. https://www.dqsglobal.com/intl/learn/blog/secure-coding-challenge-in-information-security

Databases and knowledge bases design. Chapter 8 – Data integrity and security. Lecture notes. (n.d.). Elearning SumDU. https://elearning.sumdu.edu.ua/free_content/lectured:89b3d175c06a6b137e410cb14 821d0e94549ad5a/20151013153156/44700/index.html#p22

Vakhula, О., & Opirskyy, І. (2023). Research on Security Issues in Cloud Environments and Solutions Using the “Security as Code” Approach. Ukrainian Inf. Secur. Res. J. 25(3), 113–122. https://doi.org/10.18372/2410-7840.25.17936

Kasianchuk, N., & Tkachuk, L. (2019). Information protection in databases. Vinnytsia National Technical University. https://conferences. vntu. edu. ua/index. php/all-fm/all-fm-2019/paper/download/7001/5715

Faragallah, O., et al. (2014). Multilevel Security for Relational Databases. Auerbach Publications. https://doi.org/10.1201/b17719

Secure software development methodologies|BETWEEN Technology. (n.d.). Impúlsate|blog de BETWEEN Technology. https://impulsate.between.tech/en/secure-dsoftware-development-methodologies

Teimoor, R. (2021). A review of database security concepts, risks, and problems. UHD Journal of Science and Technology, 5(2), 38–46. https://doi.org/10.21928/uhdjst.v5n2y2021.pp38-46

Downloads


Abstract views: 142

Published

2024-03-28

How to Cite

Momryk, Y., Yashchuk, Y., & Tuchapskyi, R. (2024). A PROFESSIONAL APPROACH AS A METHOD OF PROTECTING INFORMATION AT THE STAGES OF DEVELOPMENT OF RELATIONAL DATABASES AND SOFTWARE FOR WORKING WITH THEM. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(23), 42–55. https://doi.org/10.28925/2663-4023.2024.23.4255