Title :
Crypto-assistant: Towards facilitating developer´s encryption of sensitive data
Author :
Rodriguez Garcia, Ricardo ; Thorpe, Julie ; Vargas Martin, Miguel
Author_Institution :
Fac. of Bus. & Inf. Technol., Univ. of Ontario Inst. of Technol., Oshawa, ON, Canada
Abstract :
The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities [1]. We suggest that this vulnerability could be prevented by encouraging developers to perform encryption-related tasks by enhancing their integrated development environment (IDE). To this end, we created the Crypto-Assistant: a modified version of the Hibernate Tools plug-in for the popular Eclipse IDE. The purpose of the Crypto-Assistant is to mitigate the impact of developers´ lack of security knowledge related to encryption by facilitating the use of encryption directives via a graphical user interface that seamlessly integrates with Hibernate Tools. Two preliminary tests helped us to identify items for improvement which have been implemented in Crypto-Assistant. We discuss Crypto-Assistant´s architecture, interface, changes in the developers´ workflow, and design considerations.
Keywords :
cryptography; graphical user interfaces; object-oriented methods; Crypto-Assistant; Eclipse IDE; Hibernate Tools plug-in; IDE; database vulnerabilities; encryption directives; encryption-related tasks; graphical user interface; integrated development environment; sensitive data encryption; Databases; Encryption; Java; Prototypes; Software;
Conference_Titel :
Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on
Conference_Location :
Toronto, ON
Print_ISBN :
978-1-4799-3502-4
DOI :
10.1109/PST.2014.6890958
