{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T02:01:16Z","timestamp":1760148076881,"version":"build-2065373602"},"reference-count":27,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2023,3,29]],"date-time":"2023-03-29T00:00:00Z","timestamp":1680048000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Tennessee Technological University","award":["Startup Funds"],"award-info":[{"award-number":["Startup Funds"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Software"],"abstract":"<jats:p>End-to-end security is essential for relational database software. Most database management software provide data protection at the server side and in transit, but data are no longer protected once they arrive at the client software. In this paper, we present a methodology that, in addition to server-side security, protects data in transit and at rest on the application client side. Our solution enables flexible attribute-based and role-based access control, such that, for a given role or user with a given set of attributes, access can be granted to a relation, a column, or even to a particular data cell of the relation, depending on the data content. Our attribute-based access control model considers the client\u2019s attributes, such as versions of the operating system and the web browser, as well as type of the client\u2019s device. The solution supports decentralized data access and peer-to-peer data sharing in the form of an encrypted and digitally signed spreadsheet container that stores data retrieved by SQL queries from a database, along with data privileges. For extra security, keys for data encryption and decryption are generated on the fly. We show that our solution is successfully integrated with the PostgreSQL\u00ae database management system and enables more flexible access control for added security.<\/jats:p>","DOI":"10.3390\/software2020007","type":"journal-article","created":{"date-parts":[[2023,3,29]],"date-time":"2023-03-29T04:00:54Z","timestamp":1680062454000},"page":"163-176","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["End-to-End Database Software Security"],"prefix":"10.3390","volume":"2","author":[{"given":"Denis","family":"Ulybyshev","sequence":"first","affiliation":[{"name":"Department of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USA"}]},{"given":"Michael","family":"Rogers","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USA"}]},{"given":"Vadim","family":"Kholodilo","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USA"}]},{"given":"Bradley","family":"Northern","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Tennessee Technological University, Cookeville, TN 38505, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,29]]},"reference":[{"key":"ref_1","unstructured":"BigQuery (2023, March 07). Introduction to Column-Level Access Control. Available online: https:\/\/cloud.google.com\/bigquery\/docs\/column-level-security-intro."},{"key":"ref_2","unstructured":"Microsoft Corporation (2023, March 07). Publications, Seminars, & Conferences Guidelines. Available online: https:\/\/www.microsoft.com\/en-us\/legal\/intellectualproperty\/trademarks\/publications."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Popa, R.A., Redfield, C.M., Zeldovich, N., and Balakrishnan, H. (2011, January 23\u201326). CryptDB: Protecting confidentiality with encrypted query processing. Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, Cascais, Portugal.","DOI":"10.1145\/2043556.2043566"},{"key":"ref_4","unstructured":"PostgreSQL (2023, March 07). Encryption Options. Available online: https:\/\/www.postgresql.org\/docs\/current\/encryption-options.html."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3390860","article-title":"Privacy-Preserving Crowd-Sensed Trust Aggregation in the User-Centeric Internet of People Networks","volume":"5","author":"Azad","year":"2021","journal-title":"ACM Trans. Cyber-Phys. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ulybyshev, D., Bare, C., Bellisario, K., Kholodilo, V., Northern, B., Solanki, A., and Timothy, O. (2020, January 1). Protecting Electronic Health Records in Transit and at Rest. Proceedings of the IEEE 33rd International Symposium on Computer-Based Medical Systems (CBMS), Rochester, MN, USA.","DOI":"10.1109\/CBMS49503.2020.00091"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Naveed, M., Kamara, S., and Wright, C.V. (2015, January 12\u201316). Inference Attacks on Property-Preserving Encrypted Databases. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA.","DOI":"10.1145\/2810103.2813651"},{"key":"ref_8","first-page":"979","article-title":"Guidelines for Using the CryptDB System Securely","volume":"2015","author":"Popa","year":"2015","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_9","unstructured":"The Perl and Raku Foundation (2023, March 07). Trademark Information. Available online: https:\/\/www.perlfoundation.org\/trademarks.html."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Othmane, L.B., and Lilien, L. (2009, January 25\u201327). Protecting Privacy of Sensitive Data Dissemination Using Active Bundles. Proceedings of the 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, Saint John, NB, Canada.","DOI":"10.1109\/CONGRESS.2009.30"},{"key":"ref_11","unstructured":"Othmane, L.B. (2010). Active Bundles for Protecting Confidentiality of Sensitive Data throughout Their Lifecycle. [Ph.D. Thesis, Western Michigan University]."},{"key":"ref_12","unstructured":"Ranchal, R. (2015). Cross-Domain Data Dissemination and Policy Enforcement. [Ph.D. Thesis, Purdue University Graduate School]."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Salih, R.M., Lilien, L., and Othmane, L.B. (2012, January 21\u201324). Protecting patients electronic health records using enhanced active bundles. Proceedings of the 6th International Conference on Pervasive Computing Technologies for Healthcare, San Diego, CA, USA.","DOI":"10.4108\/icst.pervasivehealth.2012.248719"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"503","DOI":"10.1109\/TSMCA.2006.871655","article-title":"A scheme for privacy-preserving data dissemination","volume":"36","author":"Lilien","year":"2006","journal-title":"IEEE TRans. Syst. Man Cybern.\u2014Part A Syst. Hum."},{"key":"ref_15","unstructured":"Tun, C.N., and Mya, K.T. (2010). Secure Spreadsheet Data File Transferring System. [Ph.D. Thesis, MERAL Portal]."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Almarwani, M., Konev, B., and Lisitsa, A. (2019, January 23\u201325). Fine-Grained Access Control for Querying Over Encrypted Document-Oriented Database. Proceedings of the International Conference on Information Systems Security and Privacy, Prague, Czech Republic.","DOI":"10.1007\/978-3-030-49443-8_19"},{"key":"ref_17","unstructured":"Jahid, S., and Borisov, N. (2012). Piratte: Proxy-based immediate revocation of attribute-based encryption. arXiv."},{"key":"ref_18","unstructured":"Vosberg, E. (2023, March 07). Crypto-JS. Available online: https:\/\/github.com\/brix\/crypto-js."},{"key":"ref_19","unstructured":"Daemen, J., and Rijmen, V. (2023, March 07). AES Proposal: Rijndael, Available online: https:\/\/csrc.nist.gov\/csrc\/media\/projects\/cryptographic-standards-and-guidelines\/documents\/aes-development\/rijndael-ammended.pdf."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"687","DOI":"10.1016\/S0167-4048(97)87607-9","article-title":"Protecting databases from inference attacks","volume":"16","author":"Hinke","year":"1997","journal-title":"Comput. Secur."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","article-title":"Probabilistic encryption","volume":"28","author":"Goldwasser","year":"1984","journal-title":"J. Comput. Syst. Sci."},{"key":"ref_22","unstructured":"Ulybyshev, D.A. (2019). Data Protection in Transit and at Rest with Leakage Detection. [Ph.D. Thesis, Purdue University Graduate School]."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Katz, J., and Lindell, Y. (2014). Introduction to Modern Cryptography, CRC Press.","DOI":"10.1201\/b17668"},{"key":"ref_24","first-page":"89","article-title":"Attribute Access Control in Web Applications","volume":"Volume 15","author":"Northern","year":"2020","journal-title":"Tennessee Technological University: Research and Creative Inquiry Day"},{"key":"ref_25","unstructured":"Foundation, T.A.S. (2023, March 07). The Apache Software Foundation: Frequently Asked Questions about the ASF\u2019s Trademarks and Their Allowable Uses. Available online: https:\/\/www.apache.org\/foundation\/marks\/faq\/."},{"key":"ref_26","unstructured":"Redis Labs (2023, March 07). Redis. Available online: https:\/\/redis.com\/."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1145\/1506409.1506429","article-title":"Lest we remember: Cold-boot attacks on encryption keys","volume":"52","author":"Halderman","year":"2009","journal-title":"Commun. ACM"}],"container-title":["Software"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2674-113X\/2\/2\/7\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:05:47Z","timestamp":1760123147000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2674-113X\/2\/2\/7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,29]]},"references-count":27,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,6]]}},"alternative-id":["software2020007"],"URL":"https:\/\/doi.org\/10.3390\/software2020007","relation":{},"ISSN":["2674-113X"],"issn-type":[{"type":"electronic","value":"2674-113X"}],"subject":[],"published":{"date-parts":[[2023,3,29]]}}}