Abstract
This paper introduces Magen, an advanced masking engine. Magen is a policy-based masking engine that supports a wide range of payloads and use cases. Our graph-based policies and engine support the masking of composite payloads and recursively handles nested payloads based on their type (e.g., json in xml). The engine supports a myriad of advanced masking methods such as format preserving encryption and format preserving tokenization, enabling on-the-fly dynamic masking of payloads as well as the static masking of large data sets. Magen allows users to easily define their own policies for the masking process and specify their formats (data classes).
This engine was developed as part of a multi-year effort and supports real life scenarios such as: conditional masking, robustness to illegal values, enforcement of both format and masking restrictions, and semantic data fabrication. Magen has been integrated as a cloud SaaS within IBM Data and AI offerings and has proved its value in various use cases.
This work was supported in part by the EU Horizon 2020 Research Fund, SUNFISH GA-644666 and SHIELD GA-727301.
S. Asaf—Work done while at IBM Research - Haifa.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adobe: Adobe redaction tool (2021). https://helpx.adobe.com/acrobat/using/ removing-sensitive-content-pdfs.html
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19
Bellare, M., Rogaway, P., Spies, T.: The FFX mode of operation for format-preserving encryption. NIST submission 20 (2010)
Brier, E., Peyrin, T., Stern, J.: BPS: a format-preserving encryption proposal (2020)
Dworkin, M.: Recommendation for block cipher modes of operation. NIST Special Publication 800, 38G (2016)
Evermap: Evermap data masking (2021). https://www.evermap.com/autoredact.asp
Imperva: Imperva data masking (2021). https://www.imperva.com/data-security/data-security-101/data-masking/
IBM InfoSphere: IBM infosphere data masking (2021). https://www.ibm.com/il-en/marketplace/infosphere-optim-data-privacy
Microsoft: Microsoft data masking (2021). https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking
Oracle: Oracle data masking (2021). https://www.oracle.com/database/data-masking-subsetting/
QRadar: IBM QRadar (2021). https://www.ibm.com/security/security-intelligence/qradar
Weiss, M., Rozenberg, B., Barham, M.: Practical solutions for format-preserving encryption, June 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Moffie, M., Mor, D., Asaf, S., Farkash, A. (2022). Next Generation Data Masking Engine. In: Garcia-Alfaro, J., Muñoz-Tapia, J.L., Navarro-Arribas, G., Soriano, M. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2021 2021. Lecture Notes in Computer Science(), vol 13140. Springer, Cham. https://doi.org/10.1007/978-3-030-93944-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-93944-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93943-4
Online ISBN: 978-3-030-93944-1
eBook Packages: Computer ScienceComputer Science (R0)