DB Plugins Launches dbObscura To Protect Media Files
Linux-based solution is intended to secure media files in Oracle databases throughout workflow cycle
Steve Guilford, president of Database Plugins, LLC, is a man on a mission: over the course of the last few months, Guilford has been informing Streaming Media editors of the progress of his new Oracle 11g-centric media transcoding solution. Recently, Guilford announced completion of a secure transcoding product, called dbObscura, as part of the overall DB Plugins lineup.
"You may recall that I stuck my neck out and said I could transcode securely at the data-layer by sourcing from tables in the database," said Guilford in a recent email. "Well, I've figured out how to make FFMPeg seamlessy operate in a secure 'data-layer' environment whereby the media never has to exist as a 'normal' file, in a manner that allows any 'file' based transcoding engine and use it as a secure data-layer transcoder."
Guilford currently focuses on Oracle Database 11g, saying that his solution picks up where the Oracle Multimedia framework leaves off, but building on the benefits found within Oracle's secure file infrastructure.
The dbObscura plug-in, intended for use in automated environments, uses randomized 30 character filenames for security.
For secure data-layer multimedia transcoding, Guilford says he is using a file-based (Linux FUSE) interface to the database which employs a randomly generated "controlled-use" file name. In automated environments, a process generates a file name and spawns a cooperative process that opens the file from the database.
By cooperative process, Guilford means an integrated solution such as a transcoding tool like FFMPEG, a popular Linux-based open-source media transcoder.
"The random filename is associated with a function that locates the required BLOB," said Guilford, referring to a binary large object, a common structure in which databases store large files such as video or image files.
Most transcoding solutions contain a database of sorts, and typically use MySQL, SQLite, or SQL Server. Guilford's take is that we've got it backwards, that the database itself should have the mechanism for transcoding data, ideally securely. He describes how his solution further eliminates potential hacks of the secure content, at least during the transcoding process.
"The spawned process opens the obscured filename in order to read or write data," said Guilford. "The filename is marked upon first access and all further access attempts are rejected."
When asked about impact on the database performance, as well as reference information on the underlying Oracle architecture, Guilford pointed to Oracle's whitepaper on its SecureFiles technology, a proprietary solution for Oracle database file storage.
"The white paper directly references the requirements of media applications," said Guilford. "But it's just the beginning of the potential steps for database-driven secure solutions."
Providing a mechanism for secure transcoding of data to and from the database via common file-based media transcoding packages is intriguing, but I questioned whether companies that are Windows-centric might want to also implement this solution. Guilford says he's also working on a Windows-based approach.
"The file-system solution used to provide an obscure file interface to BLOB data is only available on a Linux machine," said Guilford. "It does me no good to expose files under Linux if the customer needs the same capability under Windows."
"I was able to verify today, however, that a file exposed under Linux via Fuse could be shared via Samba with a Windows machine," he added. "With Samba, I can share my obscure file interface with Windows-based systems allowing secure transcoding to-and-from the Linux-based database."
He also added that enterprise customers would see a benefit from adding their video content directly into the mission-critical database structure Oracle is best known for.
"One of the things that merging multimedia data into a DB—and using an on-demand obscure file interface—does," said Guilford, "is relieve the burden of maintaining and organizing directories that match or otherwise mimic relationships between business data in the database."