Archive for the ‘ Database Security ’ Category

Book Review: Architecting Secure Software Systems

  • Posted April 13, 2011 at 17:13

I have recently completed the review of the book “Architecting Secure Software Systems” for IACR (International Association for Cryptologic Research) book review program.

The review can be summarized as follows:

This book focuses on both theoretical and practical aspects of designing secure software systems. While its theory part is quite well-written, its practical part is not well-structured. I would strongly recommend it to people who need to get only an overview of secure software design, but not for security experts who want to study a specific topic in detail.

You can download the review from the Publications section as well.

I will now continue reviewing the book “Secure and Resilient Software Development” as the next one.

No Comments
Filed under: Book Review, Database Security, Secure Coding, Secure SDLC, Security

IBM Database Encryption Expert

  • Posted April 29, 2010 at 21:30

For a customer project, we were asked a tool for database encryption. After some googling, I came across IBM Database Encryption Expert, which seems a great tool:

  • It encrypts and decrypts transparently the files on file systems and provides clear text context only for the authorized specified in the access control policies
  • It provides encryption of DB2 databases in offline mode (e.g. backup of databases)
  • It provides encryption of DB2 databases in online mode as well
  • It provides an interface for key management (encryption keys are stored within the DB2 database of Security Server in encrypted form)

Here is a video showing the tool in interaction.

What I wonder is the performance of online encryption. Does anybody have any experience with this issue?

No Comments
Filed under: Database Security