The trend of cloud databases is leaning towards Not Only SQL (NoSQL) databases as they provide better support for\nscalable storage and quick retrieval of exponentially voluminous data. One of the more prominent types of NoSQL\ndatabases is document-based storage, which is being increasingly used in the dynamic cloud paradigm. However,\nthere are inherent security issues in cloud, including remote data residency along with the non-existent control of\nowners over their own data. In addition to that, the inherent security features of most document-based NoSQL\ndatabases lack granular access control and robust confidentiality mechanisms. There is also a distinct lack of a\ncomprehensive solution that effectively caters to all the security requirements of a document-oriented database in\ncloud. In order to overcome these issues, we propose a database security-as-a-service (DB-SECaaS) system over\ndocument-oriented database hosted in cloud, which provides authentication, fine-grained authorization, and\nencryption of the database objects, while ensuring that access to the data is granted only to authorized users on a\nneed-to-know basis. The paper shows that the DB-SECaaS system strongly enhances the security of documentoriented\ndatabases on cloud, and it is thus expected to facilitate the industry to reap the benefits of NoSQL without\nworrying over security issues. In order to certify the abovementioned security enhancements, provided by DB-SECaaS,\nthe paper also provides a formal analysis of DB-SECaaS using the Scyther model checker. As a proof of concept, the\ncore functionalities of the protocol, i.e., authorization, authentication, and encryption, are formally modeled in Scyther\nto formally verify that the proposed framework mitigates privacy and security concerns
Loading....