Visible to the public Securing SQL with Access Control for Database As a Service Model

TitleSecuring SQL with Access Control for Database As a Service Model
Publication TypeConference Paper
Year of Publication2016
AuthorsDave, Jay, Das, Manik Lal
Conference NameProceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3962-9
Keywordsdata confidentiality, data partition, Database as a service, Metrics, onion layer, outsourced database security, pubcrawl, Resiliency, Scalability
Abstract

'Software as a service - SaaS' is a well known model used in cloud infrastructure, outsourcing and pervasive computing. With the SaaS model, application service providers (ASP) facilitates various functionalities of software to application developers as well as to consumers over a public channel like Internet. In order to manage large volumes of users data, 'Database as a service - DaaS' model is a practical requirement for ASPs. The DaaS model allows implementation of need-based (e.g., role-based) privileges of database access to its users. However, the use of DaaS model raises security concerns (e.g. confidentiality and integrity of data) of data while storing users data in untrusted public storage server. In this paper, we review one DaaS tool, CryptDB [1], developed in recent times, and we observe some limitations in it and then present an improved solution for securing data in untrusted database provider. The proposed solution mitigates the limitations of CryptDB while keeping the efficiency of the service model used between ASP and DB intact.

URLhttp://doi.acm.org/10.1145/2905055.2905163
DOI10.1145/2905055.2905163
Citation Keydave_securing_2016