Article
Version 1
Preserved in Portico This version is not peer-reviewed
D3F: A Framework to Minimize the Impact of Intrusions
Version 1
: Received: 6 July 2024 / Approved: 8 July 2024 / Online: 8 July 2024 (13:33:32 CEST)
How to cite: Baiardi, F.; Sammartino, V. D3F: A Framework to Minimize the Impact of Intrusions. Preprints 2024, 2024070627. https://doi.org/10.20944/preprints202407.0627.v1 Baiardi, F.; Sammartino, V. D3F: A Framework to Minimize the Impact of Intrusions. Preprints 2024, 2024070627. https://doi.org/10.20944/preprints202407.0627.v1
Abstract
This paper presents Double Database Decomposition Framework, which integrates vertical and horizontal table decompositions to minimize data leakage due to intrusions. Vertical decompositions segregate sensitive attributes, while horizontal ones partition data based on user access patterns. In this way, the framework ensures that users access only the data necessary for their operations, adhering to the principle of least privilege. This double decomposition approach improves the robustness of the original database against impersonation attacks and limits the blast radius of potential intrusions. Furthermore, the framework significantly mitigates the risks associated with data breaches by confining unauthorized access to specific data subsets and restricting the exposure of sensitive information. Performance analysis highlights the trade-offs between robustness and overhead offered by distinct allocation strategies of the output of the decompositions to, among other, physical machines, virtual machines, and containers, to balance security and resource efficiency. We present a case study in a healthcare environment that confirms both the effectiveness of the framework and its applicability in complex systems where data security is paramount. By integrating advanced security measures and optimising data access, the framework results in a scalable and adaptable solution for enhancing database security and performance in various domains.
Keywords
framework; security framework; database; database decomposition; least privilege principle; access control; database performance optimization; query performance optimization
Subject
Computer Science and Mathematics, Computer Science
Copyright: This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Comments (0)
We encourage comments and feedback from a broad range of readers. See criteria for comments and our Diversity statement.
Leave a public commentSend a private comment to the author(s)
* All users must log in before leaving a comment