Usability meets security: a database case study

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    Abstract In this paper, we review security and usability scenarios. We propose security enhancements without losing usability and apply a new approach to popular application systems. Specifically, we analyze database security for access control, auditing, authentication, encryption, integrity control, backups, separation of environment, and secure configuration. Finally, we present our recommendations for system security and usability that work together.


  • Keywords


    Usability; Security; Working Together; Database.

  • References


      [1] Serge Malenkovich, 2012, Usability and Security: The endless pursuit of perfection. Security Comments.

      [2] Ronald Kainda, Ivan Flechais, and A. W. Roscoe, 2010, Security and Usability: Analysis and Evaluation.

      [3] Christina Braz, Ahmed Seffah, and David M’Raihi, 2007, Designing a trade-off between usability and security: A metrics based-model, International Federation for Information Processing, pp114-126.

      [4] Lorrie Faith Cranor, and Norbou Buchler, 2014, Better Together: Usability and Security Go Hand in Hand, IEEE computer security, and privacy. November/ December 2014, pp. 89-93.

      [5] Get started with SQL database auditing, https://azure.microsoft.com/en-us/documentation/.../sql-database-auditing-get-started.

      [6] Miloslav Hub, Jan Capek, Renata Myskova, Relationship between security and usability-authentication case study. International Journal of computers and communications, pp1-9.

      [7] Database Encryption, https://en.wikipedia.org/wiki/Database_encryption (access the website on August 10, 2016).

      [8] Improving Data Integrity Using Check Constraints, http://www.dbta.com/Columns/DBA-Corner/Improving-Data-Integrity-Using-Check-Constraints-99795.aspx.

      [9] Daniel Cvrcek, 1998. Access Control in Database Management Systems. http://www.fit.vutbr.cz/~cvrcek/confers98/datasem/datasem.html.cz.

      [10] Ross Anderson, 2005 Security Engineering, 2nd edition, Wiley Publisher.

      [11] Database Application Security: Balancing Encryption and Access Control. 2016, http://searchsecurity.techtarget.com/tip/Database-application-security-Balancing-encryption-access-control.

      [12] Eugene Schultz, Robert Proctor, Mei-ching Lien, Gavriel, Salvendy, 2001, Usability and Security: An Appraisal of Usability Issues in information security Methods. Computers and Security, Vol 20, No 7., pp620-634. https://doi.org/10.1016/S0167-4048(01)00712-X.

      [13] Nwokedi, Ugochi Oluwatosin, Beverly Amunga Onyimbo, and Babak Bashari Rad. "Usability and Security in User Interface Design: A Systematic Literature Review." International Journal of Information Technology and Computer Science (IJITCS) 8, no. 5 (2016): 72. https://doi.org/10.5815/ijitcs.2016.05.08.

      [14] R. Dhamija and L. Dusseault, "The seven flaws of identity management: Usability and security challenges," Security & Privacy, IEEE, vol. 6, pp. 24-29, 2008. https://doi.org/10.1109/MSP.2008.49.

      [15] P. N. Son and H. Y. Kong, "An Integration of Source and Jammer for a Decode-and-Forward Two-way Scheme Under Physical Layer Security," Wireless Personal Communications, vol. 79, pp. 1741-1764, 2014. https://doi.org/10.1007/s11277-014-1956-z.

      [16] U. Habiba, R. Masood, M. A. Shibli, and M. A. Niazi, "Cloud identity management security issues & solutions: taxonomy," Complex Adaptive Systems Modeling, vol. 2, pp. 1-37, 2014 https://doi.org/10.1186/s40294-014-0005-9.

      [17] K. Renaud, Evaluating authentication mechanisms, in Security and Usability: Designing Secure Systems That People Can Use, L. Cranor and S. Garfinkel, Editors. 2005, O'Reilly Media: Stebastopol, C.A. p. 103-128.

      [18] P. Mayer, M. Volkamer, and M. Kauer, Authentication Schemes - Comparison and Effective Password Spaces in Information Security, A. Prakash and R. Shyamasundar, Editors. 2014 Springer International Publishing: Hyderabad, India. p. 204-225.

      [19] Carlos Cid, Sean Murphy and Matthew Robshaw,2004 "Computational and Algebraic aspects of the Advanced Encryption Standard," In Proceedings of the Seventh International Workshop on Computer Algebra in Scientific Computing.

      [20] Yuan Kun, Zhang Han Li Zhaohui, 2009 “An Amended AES algorithm predicated on chaos,” Multimedia Information Networking and Security,INES'09 International Conference.

      [21] S. Möller, N. Ben-Asher, K.-P. Engelbrecht, R. Englert, and J. Meyer, "Modeling the behavior of users who are confronted with security mechanisms," Computers & Security, vol. 30, pp. 242-256, 2011. https://doi.org/10.1016/j.cose.2011.01.001.

      [22] M. Mihajlov, B. J. Blažič, and S. Josimovski, "Quantifying Usability and Security in Authentication," vol. pp. 626-629, 2011. https://doi.org/10.1109/COMPSAC.2011.87.

      [23] C. Möckel, "Usability and Security in EU E-Banking Systems-Towards an Integrated Evaluation Framework," vol. pp. 230-233, 2011. https://doi.org/10.1109/SAINT.2011.42.

      [24] M. Bourimi, R. Tesoriero, P. G. Villanueva, F. Karatas, and P. Schwarte, "Privacy and security in the multi-modal user interface modeling for social media," vol. pp. 1364- 1371, 2011. https://doi.org/10.1109/PASSAT/SocialCom.2011.49.

      [25] M. Minami, K. Suzaki, and T. Okumura, "Security considered harmful a case study of tradeoff between security and usability," vol. pp. 523-524, 2011. https://doi.org/10.1109/CCNC.2011.5766529.

      [26] N. Gunson, D. Marshall, H. Morton, and M. Jack, "User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking," Computers & Security, vol. 30, pp. 208-220, 2011. https://doi.org/10.1016/j.cose.2010.12.001.

      [27] M. Mihajlov, B. Jerman-Blazic, and S. Josimovski, "A conceptual framework for evaluating usable security in authentication mechanisms-usability perspectives," pp. 332-336, 2011. https://doi.org/10.1109/ICNSS.2011.6060025.

      [28] S. Chiasson, A. Forget, R. Biddle, and P. C. Van Oorschot, "User interface design affects security: Patterns in clickbased graphical passwords," International Journal of Information Security, vol. 8, pp. 387-398, 2009. https://doi.org/10.1007/s10207-009-0080-7.

      [29] White Paper, “Make database security an IT security priority,” https://www.san.org/raeding-room/whitepapers

      [30] Oracle Security Overview, “Authenticating users to the database,” http://docs.oracle.com/ cd/B12037_01/b10777/authuser.htm.

      [31] R. Barnes, 2010, “Database auditing: Best Practices,” http://www.isaca.org/chapter1.

      [32] Indu Kashyap Kriti, “Database security& access control models: A brief overview,” International Journal of Engineering Research & Technology, Vol. 2, May 2013, pp743-751.

      [33] White paper, “Database security guide,” http://docs.oracle.com/cd/B28359_01/network.111/b28531/guidelines.htm

      [34] S. Faily, J. Lyle, and A. Simpson, “Usability and security by design: A case study in research and development,” https://doi.org/10.14722/usec.2015.23012.

      [35] CiscoZine, “Time-based access lists,” http://www.cisocozine.com/time-based-access-lists.

      [36] Bharat S. Rawal, Songjie Liang, Shiva Gautam, Harsha K. Kalutarage, and PandiVijayakumar, “Nth Order Binary Encoding with Split-protocol,” International Journal of Rough Sets and Data Analysis (IJRSDA). In press.

      [37] Bharat S. Rawal, Harsha K. Kalutarage, S. Sree Vivek and Kamlendu Pandey, “The Disintegration Protocol: An Ultimate Technique for Cloud Data Security,” 2016 IEEE International Conference on Smart Cloud, in press. https://doi.org/10.1109/SmartCloud.2016.9.


 

View

Download

Article ID: 8425
 
DOI: 10.14419/jacst.v6i2.8425




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.