An Encryption Key Management Approach for Configuration Files
作者: M.M. Emmanuel M.N. Ibrahim A.E. Roger
刊名: International Journal of Information Security Science, 2015, Vol.4 (1)
来源数据库: International Journal of Information Security Science
关键词: Software engineeringconfiguration filesecurityencryption key.
原始语种摘要: One of the major points of interest in software engineering nowadays is how to ensure applic- ations configuration files’ security. In fact, they very often contain confidential information as database connection credentials, thereby providing a vulnerability point to these applications, for those files having their information clearly written. Some studies upon 2200 applications revealed that 96% of them where vulnerable, and that 80% of those vulnerable applications contained vulnerabilities exposed by incorrect configuration information management. Encryp- tion is then used to secure these delicate files. The difficulty then resides in the usage and backup of the encryption key so as to guarantee data security. To do this, current approaches are either to hide the encryption key in the...
全文获取路径: PDF下载  IJISS 

  • Encryption 加密术
  • application 申请
  • credentials 全权证书
  • vulnerability 脆弱性
  • secure 安全的
  • account 计算
  • encryption 加密
  • where 哪里
  • security 可靠性
  • connection 连接