Biblio

For a long time, SQL injection has been considered one of the most serious security threats. NoSQL databases are becoming increasingly popular as big data and cloud computing technologies progress. NoSQL injection attacks are designed to take advantage of applications that employ NoSQL databases. NoSQL injections can be particularly harmful because they allow unrestricted code execution. In this paper we use supervised learning and natural language processing to construct a model to detect NoSQL injections. Our model is designed to work with MongoDB, CouchDB, CassandraDB, and Couchbase queries. Our model has achieved an F1 score of 0.95 as established by 10-fold cross validation.

Nowadays Big data is considered as one of the major technologies used to manage a huge number of data, but there is little consideration of privacy in big data platforms. Indeed, developers don't focus on implementing security best practices in their programs to protect personal and sensitive data, and organizations can face financial lost because of this noncompliance with applied regulations. In this paper, we propose a solution to insert privacy policies written in XACML (eXtensible Access Control Markup Language) in access control solution to NoSQL database, our solution can be used for NoSQL data store which doesn't t include many access control features, it aims basically to ensure fine grained access control considering purpose as the main parameter, we will focus on access control in document level, and apply this approach to MongoDB which is the most used NoSQL data store.

NoSQL solutions become emerging for large scaled, high performance, schema-flexible applications. WiredTiger is cost effective, non-locking, no-overwrite storage used as default storage engine in MongoDB. Understanding I/O characteristics of storage engine is important not only for choosing suitable solution with an application but also opening opportunities for researchers optimizing current working system, especially building more flash-awareness NoSQL DBMS. This paper explores background of MongoDB internals then analyze I/O characteristics of WiredTiger storage engine in detail. We also exploit space management mechanism in WiredTiger by using TRIM command.

Due to the development of cloud computing and NoSQL database, more and more sensitive information are stored in NoSQL databases, which exposes quite a lot security vulnerabilities. This paper discusses security features of MongoDB database and proposes a transparent middleware implementation. The analysis of experiment results show that this transparent middleware can efficiently encrypt sensitive data specified by users on a dataset level. Existing application systems do not need too many modifications in order to apply this middleware.