BibTex RIS Cite

An Encryption Key Management Approach for Configuration Files

Year 2015, Volume: 4 Issue: 1, 1 - 12, 31.03.2015

Abstract

One of the major points of interest in software engineering nowadays is how to ensure applic- ations  configuration files’ security.  In fact, they very often contain  confidential information  as database  connection credentials,  thereby  providing a vulnerability  point to these applications, for those files having their  information  clearly written.   Some studies  upon 2200 applications revealed that  96% of them  where vulnerable,  and  that  80% of those  vulnerable  applications contained vulnerabilities  exposed by incorrect configuration information  management. Encryp- tion  is then  used to  secure these  delicate  files.  The  difficulty then  resides in the  usage and backup of the encryption  key so as to guarantee  data  security.  To do this, current approaches are either to hide the encryption  key in the application  source code or somewhere on disk, it’s safety then being compromised; or to protect the key by bounding it to a specific user account, the application  can then operate only within this account, obligating that  user to be physically present for the  key to be available,  which is an unacceptable constraint for large systems.  In this  paper,  we propose  an  encryption  key management model solving limitations  mentioned above.  The key lies only in main memory, which is great  for its protection;  it is subjected  on a secure and flexible way (directly,  through  https  or SMS) to the  files security  module when starting.

Year 2015, Volume: 4 Issue: 1, 1 - 12, 31.03.2015

Abstract

There are 0 citations in total.

Details

Primary Language English
Journal Section Articles
Authors

Moupojou Emmanuel This is me

Moukouop Ibrahim This is me

Atsa Roger This is me

Publication Date March 31, 2015
Submission Date January 30, 2016
Published in Issue Year 2015 Volume: 4 Issue: 1

Cite

IEEE M. Emmanuel, M. Ibrahim, and A. Roger, “An Encryption Key Management Approach for Configuration Files”, IJISS, vol. 4, no. 1, pp. 1–12, 2015.