Abstract:
In this paper we present ESCORT, an Enterprise, policy-baSed security prOtocol for protecting relational daTabase network objects. ESCORT is an efficient end-to-end security architecture that ensures the confidentiality and integrity of database objects flowing over network links between the Enterprise Information System (EIS) layer represented mainly in relational database servers and the client layer represented by a large variety of devices with diverse capabilities and resources. ESCORT is designed to provide the suitable security strength for a wide range of enterprise application configurations without compromising the application's efficiency and performance. It secures data based on content and sensitivity and highly surpasses the performance of bulk encryption protocols such as the SSL protocol and the TLS protocol by utilizing a customizable policy-based security architecture. This policy-based architecture makes use of the relational structure of database objects to provide flexible, multi-level, and fine-grained encryption and hashing methodologies that target the field level in the database result object. Moreover, ESCORT'S security policy can be configured to hit the byte- level granularity in securing individual database fields. This makes ESCORT a very efficient choice for operation in wireless enterprise environments characterized by low-bandwidth wireless networks and supporting limited-resource wireless devices with low memory and processing power. ESCORT neither deals with the security of static data in the database store nor requires the encryption of database objects at the storage level. Results show a performance gain by a factor of three for ESCORT as compared to bulk encryption. Copyright 2006 ACM.