Security of NoSQL Database Against Intruders

Page: [5 - 12] Pages: 8

  • * (Excluding Mailing and Handling)

Abstract

Background: The evolution of distributed web-based applications and cloud computing has brought about the demand to store a large amount of big data in distributed databases. Such efficient systems offer excessive availability and scalability to users. The new type of database resolves many new challenges especially in large-scale and high concurrency applications which are not present in the relational database. NoSQL refers to non-relational databases that are different from the Relational Database Management System.

Objective: NoSQL has many features over traditional databases such as high scalability, distributed computing, lower cost, schema flexibility, semi or un-semi structural data and no complex relationship.

Method: NoSQL databases are “BASE” Systems. The BASE (Basically Available, Soft state, Eventual consistency), formulates the CAP theorem the properties of which are used by BASE System. The distributed computer system cannot guarantee all of the following three properties at the same time that is consistency, availability and partition tolerance.

Results: As progressively sharp big data is saved in NoSQL databases, it is essential to preserve higher security measures to ensure safe and trusted communication across the network. In this patent, we describe the security of NoSQL database against intruders which is growing rapidly.

Conclusion: This patent also defines probably the most prominent NoSQL databases and describes their security aspects and problems.

Keywords: NoSQL, security, intruders, big data, authentication, big table.

Graphical Abstract

[1]
M. Chow, "“Def Con 21 Hacking Conference”, Available from:", https://www.defcon.org/images/defcon-21/dc-21-presentations/ Chow/DEFCON-21-Chow-Abusing-NoSQL-Databases.pdf
[2]
A. Ron, A. Shulman-Peleg, and E. Bronshtein, "“No SQL, No injection? examining NoSQL security”, In", 9th Workshop on Web 2.0 Security and Privacy (W2SP),. San Jose, CA, USA, 2015, pp. 1-4.
[3]
J. Crawford, "“Current data security issues of NoSQL databases”, Available from:", http://docplayer.net/8000242-Current-data-secu-rity- issues-of-nosql-databases.html
[4]
S. Srinivas, and A. Nair, "“Security maturity in NoSQL databases - are they secure enough to haul the modern IT applications?”, In", 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI),. Kochi, India, 2015, pp. 739-744.
[5]
M. Manuja, and N. Garg, "“NoSQL Databases”, In", Encyclopaedia of Information Science and Technology,. A. B. D. Mehdi Khosrow- Pour, Ed. USA: IGI Global, 2014, pp. 379-391.
[6]
L. Okman, N. Gal-Oz, Y. Gonen, E. Gudes, and J. Abramov, "“Security issues in NoSQL databases”, In", 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications,. Changsha, China, 2011, pp. 541–547
[7]
J. Han, "H. E, G. Le, and J. Du, “Survey on NoSQL database”, In", 2011 6th International Conference on Pervasive Computing and Applications,. Port Elizabeth, South Africa, 2011, pp. 363-366.
[8]
M.A. Mohamed, O.G. Altrafi, and M.O.O. Ismail, "Relational vs. NoSQL databases: A survey", Int. J. Comp. Inf. Tech., vol. 3, pp. 598-601, 2014.
[9]
S. Lombardo, E.D. Nitto, and D. Ardagna, "“Issues in handling complex data structures with NoSQL databases”, In", 2012 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC),. Washington, DC, USA, 2012, pp. 443-448.
[10]
A.B.M. Moniruzzaman, and S.A. Hossain, "NoSQL database: New era of databases for big data analytics classification, characteristics and comparison", Int. J. Database Theo. Appl., vol. 6, pp. 1-13, 2013.
[11]
B. Strauch, "“NoSQL databases”, Available from:", http://www. christof-strauch.de/nosqldbs.pdf
[12]
P. Sadalage, "“NoSQL databases: An Overview”, Available from:", https://www.thoughtworks.com/insights/blog/nosql-databases-overview
[13]
A.K. Zaki, "NoSQL Databases: New millennium database for big data, big users, cloud computing and its security challenges", Int. J. Res. Eng. Tech., vol. 03, pp. 403-409, 2014.
[14]
M. Obijaju, "“NoSQL NoSecurity - Security issues with NoSQL Database”, Available from:", https://blogs.perficient.com/2015/ 06/ 22/nosql-nosecuity-security-issues-with-nosql-database/
[15]
W. Urbanski, "“NoSQL, no security?”, Available from:", http://www. slideshare.net/wurbanski/nosql-no security?qid=ec0c354e-4cd6- 4ad1-b9ebcaa463d5 ce28&v=&b=&from_search=1.
[16]
D. Kirkpatrick, "“Mongodb - Security Weaknesses in a typical NoSQL database”, Available from:", https://www.trustwave.com/ Resources/SpiderLabs-Blog/Mongodb---Security-Weaknesses-in-a-typical-NoSQL-database/
[17]
R. Mogull, M. Rothman, and A. Lane, "“Blog”, Available from:", https://securosis.com/blog/nosql-and-no-security
[18]
G. Holt, “NoSQL - No security?”, Available from:.http://www. slideshare.net/gavinholt/nosql-no-security-16514872?qid=ec0c 354e-4cd6-4ad1-b9eb-caa 463d5ce28&v=&b=&from_search=2.
[19]
A. Almomani, B.B. Gupta, S. Atawneh, A. Meulenberg, and E. Almomani, "A survey of phishing email filtering techniques", IEEE Comm. Surv. Tutor., vol. 15, pp. 2070-2090, 2013.
[20]
D.S. Read, "“NoSQL”, Available from:", https://www.monead. com/nosql/
[21]
A.K. Nanda, and L.K. Awasthi, "XTR Cryptosystem for SMS security", Int. J. Eng. Tech., vol. 4, pp. 836-839, 2012.
[22]
Y. Zhu, M.B. Aouad, and S. Lutter, “Systems and methods for accessing a nosql database using business intelligence tools”,. U.S. Patent 2014/0214897 A1, 2014.
[23]
D.R. Vandervort, “Method for enhancing security in distributed systems”,. U.S. Patent 9967091B2, 2016.
[24]
Q. Zhou, T. Sun, H. Cai, and H. Lin, “Creating NoSQL database index for semi-structured data”,. U.S. Patent 20150205885 A1, 2015.