[codergeeks] Privacy-Sensitive Databases

[Carlos Macedo Gomes]

Yo g,

Can you share any additional assumptions/requirements on the "securing
against external and internal compromise" aspect of the below architectural
goals?

Without any further details, my current instinct with these types of
scenarios is to start by looking at constraints/controls provided by
available physical security and hardware security to help reduce overall
attack surfaces from "internal" agents but that may be out of scope if
you're just looking at a pure software solution independent of (or loosely
coupled to) any particular deployment environment.  Whether or not there is
hardware of physical security involved, private key management is key (pun
intended :-P) in any cryptography enabled system.

Keep in mind the old saying - "if you/they can touch it, you/they can
own/p0wn it" ;-)

cheers,
C.G.

On Thu, Dec 9, 2010 at 2:54 PM, Gregory Foster <gfoster at entersection.org>wrote:

>  Hey there,
> I'm starting to do a little research into encrypted databases, what have
> been called "privacy-sensitive databases" or "translucent databases" going
> back to Peter Wayner's work:
> http://www.wayner.org/books/td/
>
> Not sure the current nomenclature or the current state of the art.  My goal
> is to safely encrypt certain columns in a database table, securing against
> external and internal compromise.  Anyone have any ready-to-hand references
> on this subject?
>
> Exciting Times,
> gf
>
> --
> Gregory Foster || gfoster at entersection.org
> @gregoryfoster <> http://entersection.com/
>
>
> _______________________________________________
> codergeeks mailing list
> codergeeks at foojutsu.org
> http://www.foojutsu.org/mailman/listinfo/codergeeks
>
>


-- 
Carlos Macedo Gomes
http://claimid.com/cmgomes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.foojutsu.org/pipermail/codergeeks/attachments/20101210/e21e0609/attachment.html