Information Obscurity
Classification Key
: Core Security, Information Disclosure
Problem
How do you ensure that the sensitive data gathered and stored by some system is kept confidential and protected from unauthorized access?
Solution
Grade the information held by the system for sensitivity. Obscure the more sensitive items of data using an encryption mechanism in situations where it may be exposed to attack while leaving the bulk of the application data unencrypted. Protect the encryption artifacts, such as encryption keys, from direct attack.
Known Uses
Encryption of cached sensitive data on the Web server.
Related Patterns
Obfuscated Transfer Object
Source
Wiley Book
Tags
Access Control, Encryption, Encryption Keys
|