The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities according to team SHATTER [72]. In the quest to improve the security landscape, we identify an opportunity area: two tools Hibernate and Jasypt that work together to provide password-based database encryption. The goal is to encourage developers to think about security and incorporate security related tasks early in the development process through the improvement of their programming system or integrated development environment (IDE). To this end, we modified the Hibernate Tools plugin for the popular Eclipse IDE, to integrate it with Hibernate and Jasypt with the purpose of mitigating the impact of the lack of security knowledge and training. We call this prototype the Crypto-Assistant. We designed an experiment to simulate a situation where the developers had to deal with time constraints, functional requirements, and lack of familiarity with the technology and the code they are modifying. We provide a report on the observations drawn from this preliminary evaluation. We anticipate that, in the near future, the prototype will be released to the public domain and encourage IDE developers to create more tools like Crypto-Assistant to help developers create more secure applications. / UOIT
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:OOSHDU.10155/307 |
Date | 01 March 2013 |
Creators | Garcia, Ricardo Rodriguez |
Contributors | Vargas Martin, Miguel, Thorpe, Julie |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English |
Detected Language | English |
Type | Thesis |
Page generated in 0.0019 seconds