Back to Monkton

Rebar Android Data at Rest

Monkton, Inc. 2018

Part of Rebar's compliance with NIAP and other associated security profiles is adherence to the API Boundary for Data at Rest (DAR). DAR compliance for the app is achieved by leveraging Rebar's File Manager, Settings Manager, and Database Manager.

Where appropriate, Rebar implements functionality similar to Android SDK functions to reduce a developers time to learn.

Package

The io.monkton.rebar.io package provides the main IO functionality for reading and writing files securely from the file system. The functions below describe the major functions necessary to perform the various tasks.

File Streams

Rebar provides the RebarInputStream and RebarOutputStream streams to stream encrypted data. These streams are transparent to the user and encapsulate all requisite NIAP controls for data at rest leveraging AES-256 encryption.

The Rebar file streams extend the FilterInputStream and FilterOutputStream streams, respectively. They behave exactly like other file streams and should be opened and closed as such. Failure to do so may cause corrupted data.

File Management

File management is currently being refactored.

Settings Management

Rebar provides an encrypted settings manager io.monkton.rebar.settings.SettingsManager to store settings securely. All settings will be stored with AES-256 encryption. A limitation of the secure settings is they can only be accessed after the user has authenticated.

SettingsManager can store both secure and insecure settings, depending on the need. By default, you should leverage the saveSecureSetting and getSecureSetting methods to set and retrieve settings. The convenience methods getBool, setBool, getInt, setInt all leverage the secure setting storage.

There are aptly named getNonsecureSetting and saveNonsecureSetting methods to save settings in a non-secure manner. We only suggest using these for settings required OUTSIDE of an authenticated session that are not sensitive.

Database Management

Rebar allows for apps to have zero to many databases for managing data.

All databases classes must extend the Database to inherit the security configurations for each.

Internally, Rebar manages two databases for file management and internal storage and configuration.

Setup and instantiation

In Android the Application class (Which must extend the RebarApplication class) class must register the databases as part of the startup process. Each database should be registered via the database manager's register method. These methods take the class value to map.

class SampleApplication : RebarApplication() {

    /**
     * Performs the setup and configuration of the Rebar application
     */
    override fun setupConfiguration() {
        super.setupConfiguration()

        // Set the configuration for the app controller, this will customize app functionality
        AppController.getInstance().config = SampleAppConfiguration()

        // Register a custom database class
        DatabaseManager.getInstance().register(SampleAppDatabase::class.javaObjectType)

    }

}

Sample Database Class

Below is a sample database class, this can be customized depending on your need. At a minimum, you must implement databaseName.


// Declare an app name for this database
const val SAMPLE_APP_DATABASE_NAME: String = "SAMPLE_APP_DATABASE"

/**
 * Sample App Database
 */
public class SampleAppDatabase : Database() {

    /**
     * The asset file name
     */
    override fun getAssetName(): String {
        return "asset-db.sqlite";
    }

    /**
     * The database name as it is on the file system
     */
    override fun getDatabaseName(): String {
        return "sample-app.sqlite";
    }

    /**
     * Enforces upgrades to the local database
     */
    override fun verfiyUpgrades() {
        super.verfiyUpgrades();

        // Grab the current database version
        var currentVersion = getDatabaseVersion(SAMPLE_APP_DATABASE_NAME);

        // If this version is <= 1
        if (currentVersion <= 1) {

            // Create a new database table
            this.executeUpdate("CREATE TABLE APP_ITEM ( ITEM_ID INTEGER PRIMARY KEY AUTOINCREMENT )")

            // update the current app version
            currentVersion = 2

            // Update the current version
            setDatabaseVersion(currentVersion, SAMPLE_APP_DATABASE_NAME)

        }

    }


}

Asset file

Implementations of the Database may define the source database schema with the getAssetName method in the Database class. This must be a sqlite database located within the app assets. The return value should be a string indicating the name of the file, such as myapp.sqlite.

This can be a preloaded database that Rebar will copy and encrypt. If this is not provided, an empty database will be generated.

Schema customization

Updates can be easily administered via overriding the verifyUpgrades methods. This allows for the tracking and updates to tables, data, keys, each time the app is run.

For updates to the app, this is where updates to the schema should occur.

Overriding this method should always call the superclass method verifyUpgrades first, followed by the implementation of the upgrade.



// Declare an app name for this database
const val SAMPLE_APP_DATABASE_NAME: String = "SAMPLE_APP_DATABASE"

/**
 * Sample App Database
 */
public class SampleAppDatabase : Database() {

    /**
     * The database name as it is on the file system
     */
    override fun getDatabaseName(): String {
        return "sample-app.sqlite";
    }

    /**
     * Enforces upgrades to the local database
     */
    override fun verfiyUpgrades() {
        super.verfiyUpgrades();

        // Grab the current database version
        var currentVersion = getDatabaseVersion(SAMPLE_APP_DATABASE_NAME);

        // If this version is <= 1
        if (currentVersion <= 1) {

            // Create a new database table
            this.executeUpdate("CREATE TABLE APP_ITEM ( ITEM_ID INTEGER PRIMARY KEY AUTOINCREMENT )")

            // update the current app version
            currentVersion = 2

            // Update the current version
            setDatabaseVersion(currentVersion, SAMPLE_APP_DATABASE_NAME)

        }

    }


}

Using Databases in Android

Databases can be retrieved by invoking the DatabaseManager.getInstance().getDatabase(MyAppDatabase::class.javaObjectType) method. This will return a Rebar Database class that manages the database. You can get access to the underlying SQLiteDatabase by invoking the getDatabase() method.

Further details on how to use databases can be seen the Rebar Sample Android projects, here.