BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage Encryption Content on InfoQ

Articles

RSS Feed
  • Securing Cell-Based Architecture in Modern Applications

    Securing cell-based architecture is essential to fully capitalize on its benefits while minimizing risks. To achieve this, comprehensive security measures must be put in place. Organizations can start by isolating and containing cells using sandbox environments and strict access control mechanisms like role-based and attribute-based access control.

  • Who Moved My Code? An Anatomy of Code Obfuscation

    In this article, we introduce the topic of code obfuscation, with emphasis on string obfuscation. Obfuscation is an important practice to protect source code by making it unintelligible. Obfuscation is often mistaken with encryption, but they are different concepts. In the article we will present a number of techniques and approaches used to obfuscate data in a program.

  • The Next Evolution of the Database Sharding Architecture

    In this article, author Juan Pan discusses the data sharding architecture patterns in a distributed database system. She explains how Apache ShardingSphere project solves the data sharding challenges. Also discussed are two practical examples of how to create a distributed database and an encrypted table with DistSQL.

  • How to Use Encryption for Defense in Depth in Native and Browser Apps

    Isaac Potoczny-Jones discusses the pros and cons of application-layer encryption. He covers the attack surface of application-layer encryption in the browser, how it is very different from native clients, and how WebCrypto helps.

  • Cloud Data Auditing Techniques with a Focus on Privacy and Security

    The authors provide a guide to the current literature regarding comprehensive auditing methodologies. They not only identify and categorize the different approaches to cloud data integrity and privacy but also compare and analyze their relative merits. For example, their research lists the strengths and weaknesses of earlier work on cloud auditing, which allows researchers to design new methods.

  • Securing the Modern Software Delivery Lifecycle

    Information security practice has evolved to be pretty good at granting and managing access to confidential information - by people. But automation is taking over, requiring a shift in how we think about securing our infrastructure and applications.

  • Answering Common Cloud Security Questions from CIOs

    With the news stories of possible data breaches at enterprises like Target, and the current trend of companies migrating to cloud environments for the flexibility, scalability, agility, and cost-effectiveness they offer, CIOs have been asking hard questions about cloud security.

  • Keeping Your Secrets

    Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.

  • Automating Data Protection Across the Enterprise

    This article builds on the foundational Regulatory Compliant Cloud Computing (RC3) architecture for application security in the cloud by defining a Data Encryption Infrastructure(DEI) which is not application specific. DEI encompasses technology components and an application architecture that governs the protection of sensitive data within an enterprise.

BT