Securing SQL with Access Control for Database As a Service Model
| Title | Securing SQL with Access Control for Database As a Service Model |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Dave, Jay, Das, Manik Lal |
| Conference Name | Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3962-9 |
| Keywords | data confidentiality, data partition, Database as a service, Metrics, onion layer, outsourced database security, pubcrawl, Resiliency, Scalability |
| Abstract | 'Software as a service - SaaS' is a well known model used in cloud infrastructure, outsourcing and pervasive computing. With the SaaS model, application service providers (ASP) facilitates various functionalities of software to application developers as well as to consumers over a public channel like Internet. In order to manage large volumes of users data, 'Database as a service - DaaS' model is a practical requirement for ASPs. The DaaS model allows implementation of need-based (e.g., role-based) privileges of database access to its users. However, the use of DaaS model raises security concerns (e.g. confidentiality and integrity of data) of data while storing users data in untrusted public storage server. In this paper, we review one DaaS tool, CryptDB [1], developed in recent times, and we observe some limitations in it and then present an improved solution for securing data in untrusted database provider. The proposed solution mitigates the limitations of CryptDB while keeping the efficiency of the service model used between ASP and DB intact. |
| URL | http://doi.acm.org/10.1145/2905055.2905163 |
| DOI | 10.1145/2905055.2905163 |
| Citation Key | dave_securing_2016 |