Securing SQLJ Source Codes from Business Logic Disclosure by Data Hiding Obfuscation (1205.4813v1)

Abstract: Information security is protecting information from unauthorized access, use, disclosure, disruption, modification, perusal and destruction. CAIN model suggest maintaining the Confidentiality, Authenticity, Integrity and Non-repudiation (CAIN) of information. Oracle 8i, 9i and 11g Databases support SQLJ framework allowing embedding of SQL statements in Java Programs and providing programmer friendly means to access the Oracle database. As cloud computing technology is becoming popular, SQLJ is considered as a flexible and user friendly language for developing distributed applications in grid architectures. SQLJ source codes are translated to java byte codes and decompilation is generation of source codes from intermediate byte codes. The intermediate SQLJ application byte codes are open to decompilation, allowing a malicious reader to forcefully decompile it for understanding confidential business logic or data from the codes. To the best of our knowledge, strong and cost effective techniques exist for Oracle Database security, but still data security techniques are lacking for client side applications, giving possibility for revelation of confidential business data. Data obfuscation is hiding the data in codes and we suggest enhancing the data security in SQLJ source codes by data hiding, to mitigate disclosure of confidential business data, especially integers in distributed applications.