- International Journal of Information Security Science
- Volume:4 Issue:1
- An Encryption Key Management Approach for Configuration Files
An Encryption Key Management Approach for Configuration Files
Authors : Moupojou EMMANUEL, Moukouop IBRAHİM, Atsa ROGER
Pages : 1-12
View : 37 | Download : 12
Publication Date : 2015-03-31
Article Type : Research Paper
Abstract :One of the major points of interest in software engineering nowadays is how to ensure applic- ations configuration files’ security. In fact, they very often contain confidential information as database connection credentials, thereby providing a vulnerability point to these applications, for those files having their information clearly written. Some studies upon 2200 applications revealed that 96% of them where vulnerable, and that 80% of those vulnerable applications contained vulnerabilities exposed by incorrect configuration information management. Encryp- tion is then used to secure these delicate files. The difficulty then resides in the usage and backup of the encryption key so as to guarantee data security. To do this, current approaches are either to hide the encryption key in the application source code or somewhere on disk, it’s safety then being compromised; or to protect the key by bounding it to a specific user account, the application can then operate only within this account, obligating that user to be physically present for the key to be available, which is an unacceptable constraint for large systems. In this paper, we propose an encryption key management model solving limitations mentioned above. The key lies only in main memory, which is great for its protection; it is subjected on a secure and flexible way insert ignore into journalissuearticles values(directly, through https or SMS); to the files security module when starting.Keywords : Software engineering, configuration file, security, encryption key
ORIGINAL ARTICLE URL