A Middleware Proposal Towards The Compliance of Small Business Databases with the LGPD

  • Yasmin Maria Zerbielli IFC
  • Vinicius Begnini Felicio IFC
  • Cristian Solutchak IFC
  • William Kunzler IFC
  • Gustavo Schwitzki Peretti IFC
  • Glória de S. P. Ozório UFSM
  • Walter Priesnitz Filho UFSM
  • Heitor Scalco Neto IFC

Resumo


This proposal introduces a middleware development solution aimed at enhancing data security measures for small databases, thereby improving data protection compliance with the Brazilian General Data Protection Law (LGPD). The middleware uses MySQL Proxy to intercept traffic between the application and the database. From the data obtained with MySQL Proxy, the middleware extracts the characteristics of the query and applies AES encryption. This proposal aims to make this adjustment process transparent to the user without needing changes in the database or application. The obtained results validate the proposal for applying symmetric cryptography for the data previously stored in the database and new MySQL operations.

Palavras-chave: Software Architecture, LGPD, Cryptography

Referências

Y. Maria Zerbielli, I. Karine Maziero Marchese, M. Amélia Mafessoni Herpich, W. Priesnitz Filho, and H. Scalco Neto, “Protection of personal data in health using symmetric encryption: a comparative study between different algorithms,” Concilium, vol. 23, no. 5, p. 199–214, mar. 2023. [Online]. Available: [link]

Lua, “Luajit,” 2023. [Online]. Available: [link]

Brasil, “Lei nº 13.709, de 14 de agosto de 2018. dispõe sobre o tratamento de dados pessoais [...].” Brasil, Brasília, DF, 2018. [Online]. Available: [link].

W. Stallings, “Criptografia e segurança de redes princípios e práticas, ch. 6,” 2006.

M. Al-Shabi, “A survey on symmetric and asymmetric cryptography algorithms in information security,” International Journal of Scientific and Research Publications (IJSRP), vol. 9, no. 3, pp. 576–589, 2019.

M. J. Dworkin, E. B. Barker, J. R. Nechvatal, J. Foti, L. E. Bassham, E. Roback, and J. F. Dray Jr, “Advanced encryption standard (aes),” 2001.

MySQL, “Mysql documentation,” 2021. [Online]. Available: [link]

——, “Mysql proxy documentation,” 2021. [Online]. Available: [link]
Publicado
18/10/2023
ZERBIELLI, Yasmin Maria; FELICIO, Vinicius Begnini; SOLUTCHAK, Cristian; KUNZLER, William; PERETTI, Gustavo Schwitzki; OZÓRIO, Glória de S. P.; PRIESNITZ FILHO, Walter; SCALCO NETO, Heitor. A Middleware Proposal Towards The Compliance of Small Business Databases with the LGPD. In: CONGRESSO LATINO-AMERICANO DE SOFTWARE LIVRE E TECNOLOGIAS ABERTAS (LATINOWARE), 20. , 2023, Foz do Iguaçu/PR. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 146-149. DOI: https://doi.org/10.5753/latinoware.2023.236292.