How Does AsterionDB Implement ‘Secure By Design’?

Secure by design (SBD), in software engineering, means that software products have been designed from the foundation to be secure.“ https://en.wikipedia.org/wiki/Secure_by_design

The AsterionDB Converged Computing Platform, built upon the Oracle Database, is the first software development environment to be fully ‘Secure By Design’. With AsterionDB, programmers can transform existing or build new software architectures that are secured by the DBA username and password – all other middle-tier usernames and passwords now being irrelevant in terms of security.

AsterionDB provides an unmatched level of security. We do this by implementing the following fundamental features and capabilities:

  • AsterionDB migrates all middle-tier resources to the data layer. This means that all structured and unstructured data (e.g. files, documents) as well as all business logic is migrated to the database. AsterionDB is able to do this by providing complete and seamless support for unstructured data and by extending the logical capabilities of the database.

  • AsterionDB utilizes JSON as a data communication format between the client layer, middle-tier and the data layer. JSON has become the lingua franca of application data exchange.

  • AsterionDB incorporates DbTwig (https://github.com/asteriondb/dbTwig) an open source project, that transforms the middle-tier into an elastic security isolation layer. With all resources in the database, each client request becomes a self contained API transaction , allowing DbTwig to provide a single, intentionally generic, access point that reduces network discovery to, for all intents and purposes, nothing.

  • AsterionDB ensures that all data access and modification requests are brokered by secure, audited business logic. There is no way to gain ad-hoc access to data as there is with the legacy file system.

It is important to note that software architectures, as implemented today, that rely upon the file system to store resources (i.e. business logic, unstructured data) are incapable of being ‘Secure By Design’. This is due to the fact that there is no way to guarantee that all data access and manipulation requests will be governed by audited and secure business logic.