Data anonymization and data hiding with MS SQL 2016

OData support
Dr. Dudás Ákos
Department of Automation and Applied Informatics

Nowadays there is plenty of data in databases, which are sensitive, and can not be viewed by anyone. Good example of this is information about patients in a hospital, or data about clients, and related accounts in a bank. In these databases, you have to give access rights to people who should see only a part of the entire information.

Earlier, this kind of data hiding was only the task of the developer, but the new version of Microsoft SQL Server provides a built-in solution for it. The subject of this thesis is the analysis of these new functions. One of these new functions is named Always Encrypted. With this, the client who uses the database can only view the data decrypted when it has a certificate for that data. The other function is Dynamic Data Masking. With this, we can specify which database user can see the original data of a column, and which can only see masked data.

The issue can be demonstrated with a simplified web application of a bank, in which there are clients who can access their accounts, and can transfer money, administrators who can edit clients’ data, and analysts who can analyse transfer data, without seeing sensitive informations. In the first part of my thesis, I show how the application without security functions was made, including the used technologies.

After this, I show how I implemented the security functions in two way. First, with the built-in functions of SQL Server, and after that making my own implementation in the business logic. I also compared the two solutions including the difficulty of impementing it, flexibility, and differences in performance.


Please sign in to download the files of this thesis.