Field of the Invention
Systems and methods provided herein relate to a computer application security framework which provides front-end and back-end security, and more specifically to front-end security using multi-factor authentication and DDoS mitigation, and back-end security through a virtual private data-store using existing object-relational mapping (ORM) layers or database drivers.
Related Art
As cloud computing flourishes, organizations and individuals are putting more of their sensitive data and applications within datacenters, servers and the ‘cloud’. This trend elevates the risk of accidental or intentional data or security breaches that may negatively impact society, organizations or individuals. Security can be viewed as front-end security and back-end security. Traditional back-end security solutions (databases, filers etc.) are insecure within the cloud computing paradigm and traditional front end security offers only basic levels of user verification (e.g.: password or more recently, 2-factor authentication).
Traditional back-end security systems were designed in an era when usage of computer resources (e.g.: servers, databases, storage etc.) usually implied ownership and control of such resources by the entity using them. Such assumptions are baked right into the heart of existing security systems. These assumptions are broken in the cloud computing paradigm, where such resources are owned by an independent entity but are only rented/leased by the application owner/user/organization. This in turn breaks down the security of traditional systems relying on such assumptions.
For example, in a traditional SQL database server, the server not only stores the encrypted data but it also stores or receives the encryption keys. In the cloud computing paradigm, this severely undermines the security of the system because a 3rd party is involved in the administrative functions of such a server, meaning such a 3rd party can easily access the sensitive data or keys while performing their administrative duties.
For front end user security, the current techniques utilize passwords or PINs along with a secure-token usually in the form of a dedicated hardware dongle or as a software application that displays an alpha-numeric value. Front end authentication systems relying on passwords are weak because humans generally choose poor passwords (password that are easy for a computer to guess). Two-factor authentication systems help but don't go all the way; leaving many other relevant and useful factors unused. Because of this, the security is weaker than what is possible.
Therefore, it is desirable to develop a system framework which secures application data on a front-end and back-end.