Implementing a data masking solution for customer data at a bank

OData support
Dr. Martinek Péter
Department of Electronics Technology

Protecting personal and business data is important at every area like it is the same in the case of enterprise software of financial institutions. Numerous data are stored about customers at a bank which should be handled carefully. Databases containing these data are connected to multiple software systems. Fulfilling new requirements all software need to be developed regularly. On one hand software developers require valid databases to work on during the development, on the other hand sensitive data cannot be granted to a third party like the software vendor company. The solution can be the depersonalisation of the concerning databases.

I present the planning and implementation of a depersonalization application for a bank in my Thesis. First the methods and algorithms realizing the data masking are presented. Methods like shuffle, character masking, character shuffling, numeric variance etc. are described in details. The planning of the application is divided into sections like planning the user groups and roles, the structure of the database, the management of profiles, etc. The created application can connect to MS SQL databases and is able to build depersonalization scripts in SQL language. Six data masking methods are supported but the user has the opportunity to add unique SQL code samples as well. The application was constructed in .NET framework with C# language. The Entity Framework was applied for the communication with the database of the application.

The proper working of my software was validated during several tests. The performance of the application was also evaluated by applying stress tests and executing the generated SQL scripts for large databases.


Please sign in to download the files of this thesis.