Abstract
Database-as-a-Service (DBaaS) provides a wide range of benefits such as data outsourcing, multi-tenancy and resource sharing. It has garnered a lot of hype, but while it is promising, it is also a mine-field of concerns and issues. Security is one of the most critical challenges in this domain, which has only begun to earn the academic attention that it needs. There is a serious lack of research in this area that collectively covers the security of DBaaS, from its various problems to the possible solutions. To this end, this chapter provides a holistic survey on the security aspects of the Cloud DBaaS, including key features, advantages and different compatible architectures for managing data in the Cloud DBaaS. Furthermore, we identify challenges and classify the security limitations in DBaaS paradigm. Security requirements that are being fulfilled by state-of-the-art mechanisms along with their in-depth description are also presented. Additionally, we provide insight to the future security perspective. Our work acts as a comprehensive guidance for the developers and researchers to help them understand the inherent security issues and the existent countermeasures in the DBaaS domain.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
万文典 (2011) Future trend of database: cloud database, http://toyhouse.cc/profiles/blogs/future-trend-of-database-Cloud-database. Accessed Aug 2013
Abadi DJ (2009) Data management in the cloud: limitations and opportunities. IEEE Data Eng 32(1):2009
Agrawal R, Evfimievski A, Srikant R (2003) Information sharing across private databases. In: Proceedings of the ACM SIGMOD conference, pp 86–97, 2003
Agrawal D, Abbadi AEl, Emekci F, Metwally A (2009) Database management as a service: challenges and opportunities, data engineering, ICDE’09. IEEE 25th international conference on IEEE, pp 1709–1716, 2009
Agrawal D, Das S, Abbadi AEl (2011) Big data and cloud computing: current state and future opportunities. Proceedings of the 14th international conference on extending database technology, ACM, pp 530–533, 2011
Agrawal D, Abbadi AEl, Das S, Elmore AJ (2011) Database scalability, elasticity, and autonomy in the cloud, database systems for advanced applications. Springer, Berlin, pp 1–14
Al Shehri W (2013) Cloud database Database-as-a-Service. Int J Database Manage Syst (IJDMS) 5(2):1–12
Alzain MA, Pardede E (2011) Using multi shares for ensuring privacy in Database-as-a-Service. Proceedings of 44th Hawaii international conference on system sciences, pp 1–9, 2011
AlZain MA, Pardede E, Soh B, Thom JA (2012) Cloud computing security: from single to multi-clouds. 45th Hawaii international conference on system sciences, pp 5490–5499, 2012
Amanatidis G, Boldyreva A, O’Neill A (2007) New security models and provably-secure schemes for basic query support in outsourced databases, 2007
Amazon (2006) Amazon web services. Web services licensing agreement, 2006
Amazon, Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/. Accessed Aug 2013
Amazon, Amazon SimpleDB, http://aws.amazon.com/simpledb/. Accessed Aug 2013
Amazon web services (2013) Amazon Elastic Block Store (EBS), 2013. http://aws.amazon.com/ebs/. Accessed Oct 2013
Ansari S, Rajeev SG, Chandrashekar HS (2002) Packet sniffing: a brief introduction. Potential IEEE 21(5):17–19
Apache, CouchDB. http://couchdb.apache.org/. Accessed Dec 2013
Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53(4):50–58
Arora I, Gupta A (2012) Cloud databases: a paradigm shift in databases. Int J Comput Sci Issues 9(4):77–83
Babcock C (2012) Cloud implementation to double by 2012. http://www.informationweek.com/news/services/saas/214502033?queryText=cloud. Accessed Jan 2014
Behl A (2011) Emerging security challenges in cloud computing-an insight to cloud security challenges and their mitigation. Information and Communication Technologies (WICT), World Congress on IEEE, pp 217–222, 2011
Behl A, Behl K (2012) An analysis of cloud computing security issues. Information and Communication Technologies (WICT), World Congress on IEEE, pp 109–114, 2012
Beimborn D, Miletzki T, Wenzel S (2011) Platform as a service (PaaS). Bus Inf Syst Eng 3(6):381–384
Bezos J (1994) Amazon. http://www.amazon.com/. Accessed Nov 2013
Biswas A (2012) Cloud Database: Advantages and Disadvantages, 2012. http://www.itsabhik.com/Cloud-database-advangates-and-disadvantages/. Accessed Oct 2013
Bobrowski S (2008) Database-as-a-Service, 2008. http://dbaas.wordpress.com/2008/05/14/what-exactly-is-database-as-a-service/. Accessed Aug 2013
Bonnette R (2011) Top benefits of database cloud computing, 2011. http://blog.caspio.com/commentary/top-benefits-of-database-Cloud-computing/. Accessed Aug 2013
Brown WC, Nyarko K (2012) Software as a service (SaaS), cloud computing service and deployment models: layers and management, 2012
Brzeźniak M, Jankowski G, Jankowski M, Jankowski S, Jankowski T, Meyer N, Mikołajczak R, Zawada A, Zdanowski S (2013) National data storage 2: secure storage cloud with efficient and easy data access, 2013
Buneman P, Khanna S, Tan W-C (2000) Data provenance: some basic issues, FST TCS 2000: foundations of software technology and theoretical computer science. Springer, Berlin
Carrenza (2012) Database-as-a-Service, http://carrenza.com/services/use-cases/database-as-a-service/. Accessed Oct 2013
Cloudtweaks (2010) Top 10 cloud computing most promising adoption factors, 2010. http://www.Cloudtweaks.com/2010/08/top-10-Cloud-computing-most-promising-adoption-factors/. Accessed Sept 2013
Cloud Security Alliance (2012) Top ten big data security and privacy challenges, 2012. Accessed Oct 2013
Cloud Security Alliance, Cloud Vulnerabilities Working Group (2013) Cloud computing: vulnerability incidents: a statistical overview, 2013
Cloud Security Alliance, https://cloudsecurityalliance.org/, Accessed Feb 2013
Cloud Tweaks (2012) A hitchhikers guide to the cloud-database challenges to consider, 2012. http://www.cloudtweaks.com/2012/09/a-hitchhikers-guide-to-the-cloud-database-challenges-to-consider/. Accessed Oct 2013
Coleman C (2013) Why use a DBaaS instead of do-it-yourself MySQL in the cloud? https://www.cleardb.com/blog/entry?id=pro-series/segment-101/why-use-a-database-as-a-service-instead-of-do-it-yourself-mysql-in-the-Cloud. Accessed Nov 2013
Cooper BF, Ramakrishnan R, Srivastava U, Silberstein A, Bohannon P, Jacobsen HA, Puz N, Weaver D, Yerneni R (2008) PNUTS: Yahoo!’s hosted data serving platform, 2008
David Linthicum-InfoWorld (2013) Interoperable database, 2013. http://dictionary.reference.com/browse/interoperable+database. Accessed Sept 2013
Dillon T, Wu C, Chang E (2012) Cloud computing: issues and challenges. 24th IEEE international conference on advanced information networking and applications, pp 27–33, 2012
Dimovski D (2013) Database management as a cloud based service for small and medium organizations, Dissertation/master thesis, Masaryk University Brno, 2013
Essner J (2011) Security in the Cloud. New Jersey Digital Government Summit, 2011
Ferrari E (2009) Database-as-a-Service: challenges and solutions for privacy and security, services computing conference, 2009. APSCC 2009. IEEE Asia-Pacific. IEEE, pp 46–51, 2009
Ferrari E (2010) Access control in data management systems. Morgan & Claypool, San Rafael
Ferretti L, Colajanni M, Marchetti M (2012) Supporting security and consistency for cloud database. Cyberspace Safe Secur Lect Notes Comput Sci 7672:179–193
Ge T, Zdonik SB (2007) Answering aggregation queries in a secure system model. In Proceedings of VLDB Conference, pp 519–530, 2007
Gelbstein E (2011) Data integrity-information security’s poor relation. ISACA J 6:2011
Gelogo YE, Lee S (2012) Database management system as a cloud service. Int J Future Gener Commun Netw 5(2):71–76
Golden B (2010) Cloud computing: two kinds of agility, 2010. http://www.cio.com/article/599626/Cloud_Computing_Two_Kinds_of_Agility. Accessed Sept 2013
Gupta GKr, Sharma AK, Swaroop V (2010) Consistency and security in mobile real time distributed database (MRTDDB): a combinational giant challenge. AIP conference proceedings, vol 1324, 2010
Hacigumus H, Iyer B, Li C, Mehrotra S (2002) Executing SQL over encrypted data in the database service provider model. In: Proceedings of the ACM SIGMOD’200 conference, Madison, Wisconsin, pp 216–227, 2002
Hacigumus H, Iyer B, Mehrorta S (2002) Providing Database-as-a-Service, ICDE, pp 29–38, 2002
Hacigumus H, Iyer B, Mehrotra S (2002) Providing Database-as-a-Service. Proceedings of the 18th international conference on data engineering (ICDE.02), 2002
Hadavi MA, Noferesti M, Jalili R, Damiani E (2012) Database-as-a-Service: towards a unified solution for security requirements. IEEE 36th international conference on computer software and applications workshops, pp 415–420, 2012
Haughwout J (2011) Cloud computing: it’s not just about access from anywhere, 2011. http://technorati.com/technology/article/Cloud-computing-its-not-just-about/page-1/. Accessed Oct 2013
Hogan M (2008) Cloud computing & databases-how databases can meet the demands of Cloud computing, ScaleDB Inc, 2008
Holden EP, Kang JW, Bills DP, Ilyassov M (2009) Databases in the Cloud: a work in progress. Proceedings of the 10th ACM conference on SIG-information technology education, ACM, pp 138–143, 2009
IBM (1991) http://www.ibm.com/us/en/. Accessed Feb 2013
Kapa KK, Lopez R (2012) Database-as-a-Service (DBaaS) using enterprise manager 12c, Oracle Open World, 2012
Kumar A, Lee HJ, Singh RP (2012) Efficient and secure cloud storage for handling big data, information science and service science and data mining (ISSDM). 6th international conference on new trends in, pp 162–166, 2012
Kumbhare A, Simmhan Y, Prasanna V (2012) Cryptonite: a secure and performant data repository on public clouds, cloud computing (CLOUD), 2012 IEEE 5th international conference on IEEE, pp 510–517, 2012
Lee S (2011) Shared-nothing vs. shared-disk cloud database architecture. Int J Energy Inf Commun 2(4):211–216
Linthicum D (2010) The data interoperability challenge for Cloud computing, 2010. http://www.infoworld.com/d/Cloud-computing/data-interoperability-challenge-Cloud-computing-259. Accessed Oct 2013
Linthicum D (2010) The data interoperability challenge for cloud computing, http://www.infoworld.com/d/cloud-computing/data-interoperability-challenge-cloud-computing-259, 2010. Accessed Nov 2013
Liu W (2012) Research on cloud computing security problem and strategy, consumer electronics, communications and networks (CECNet), 2nd international conference on IEEE, pp 1216–1219, 2012
Longjump, http://www.softwareag.com/special/longjump/index.html. Accessed Feb 2013
Mani M, Shah K, Gunda M (2013) Enabling secure Database-as-a-Service using fully homomorphic encryption: challenges and opportunities, DanaC ’13. Proceedings of the second workshop on data analytics in the cloud, pp 1–12, 2013
Markovich S (2011) Three clouds-computing data security risks that can’t be overlooked, 2011. http://www.mcafee.com/us/products/databasesecurity/articles/20110321-01.aspx. Accessed Oct 2013
Mateljan V, Cisic D, Ogrizovid D (2010) Cloud Database-as-a-Service (DaaS)-ROI, MIPRO, Opatija, Croatia, pp 1185–1188, 2010
McAfee (2012) Data loss by the numbers. White paper, 2012.
Merkle RC (1989) A certified digital signature, advances in cryptology-CRYPTO ’89. 9th annual international cryptology conference, Santa Barbara, California, USA, Proceedings vol 435, pp 218–238, 1989
Michel D (2010) Databases in the cloud, Doktorarbeit, HSR University of Applied Science Rapperswil, 2010
Microsoft, Windows Azure. http://www.windowsazure.com/en-us/. Accessed Nov 2013
Miller R (2008) Major outage for Amazon S3 and EC2, http://www.datacenterknowledge.com/archives/2008/02/15/major-outage-for-amazon-s3-and-ec2/,200. Accessed Oct 2013
Mitropoulos D (2013) Data security in the cloud environment vol 19, no 3, 2013
MySQL. http://www.mysql.com/products/enterprise/database/. Accessed Dec 2013
Nadella S (1975) Microsoft. http://www.microsoft.com/en-pk/default.aspx. Accessed Nov 2013
Nithiavathy R (2013) Data integrity and data dynamics with secure storage service in cloud. Proceedings of the 2013 international conference on pattern recognition, informatics and mobile engineering, IEEE, pp 125–130, 2013
NoSQL. http://nosql-database.org/. Accessed Nov 2013
Nuo DB (2013) 12 rules for a cloud data management system (CDMS), Cambridge Massachusetts (PRWEB), 2013
Oracle Corporation (2011) Database-as-a-Service: reference architecture-an overview, 2011
Oracle ® Database Security Guide 10 g Release 2 (10.2) (2013) 7 Security Policies, 2013. http://docs.oracle.com/cd/B19306_01/network.102/b14266/policies.htm. Accessed Aug 2013
Oracle, Oracle database, http://www.oracle.com/us/products/database/overview/index.html. Accessed Dec 2013
OWASP (2009) Resource exhaustion, https://www.owasp.org/index.php/Resource_exhaustion, 2009. Accessed Aug 2013
Page L, Brin S (1998) Google. https://www.google.com.pk/. Accessed Oct 2013
Pizette L, Cabot T (2012) Database-as-a-Service: a marketplace assessment, pp 1–4, 2012
Posey M (2012) Database-as-a-Service: rightsizing database solutions, research vice president, hosting & managed network services, 2012
Reddy Kandukuri B, Ramakrishna PV, Rakshit A (2009) Cloud security issues, IEEE, pp 517–520, 2009
Sakhi I (2012) Databases security in cloud. Dissertation KTH, 2012
Saravanan C, Sandya M (2011) Databases in the era of cloud computing and big data, features, open gurus, overview, technology, 2011. http://www.linuxforu.com/2011/05/databases-in-era-of-Cloud-computing-and-big-data. Accessed Aug 2013
ScaleDB (2012) Database-as-a-Service (DBaaS), http://www.scaledb.com/DBaaS-Database-as-a-Service.php. Accessed Dec 2013
Sengupta S, Kaulgud V, Sharma VS (2011) Cloud computing security-trends and research directions, services (SERVICES), IEEE World Congress on IEEE, pp 524–531, 2011
Sharir R (2013) Nine cloudy challenges for databases, 2013. http://www.itbusinessedge.com/slideshows/show.aspx?c=96438. Accessed Nov 2013
Sheldon R (2012) DBaaS pros and cons for solution providers, 2012. http://searchitchannel.techtarget.com/tip/DBaaS-pros-and-cons-for-solution-providers. Accessed Aug 2013
Sion R (2005) Query execution assurance for outsourced database. In: Proceedings of VLDB conference, 2005
Sion R (2007) Secure data outsourcing. In: Proceedings of the CLDB conference, pp 1431–1432, 2007
Summers A, Tickner C (2004) What is security analysis? http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm. Accessed Dec 2013
Sushil B, Jain L, Jain S (2010) Cloud computing: a study of infrastructure as a service (IAAS). International journal of engineering and information technology 2.1, pp 60–63, 2010
Tianfield H (2012) Security issues in cloud computing. IEEE international conference on systems, man, and cybernetics, pp 1082–1089, 2012
Vacca JR (2012) Computer and information security handbook, second edition, Newnes, 2012
vFabric Team (2012) Why DBaaS? 5 trends pushing Database-as-a-Service, 2012. http://blogs.vmware.com/vfabric/2012/08/why-dbaas-6-trends-pushing-database-as-a-service.html. Accessed Sept 2013
Wang C, Chow SSM, Wang Q, Kui R, Wenjing L (2013) Privacy preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375
Weis J, Alves-Foss J (2011) Securing Database-as-a-Service: issues and compromises, security & privacy, IEEE 9.6, pp 49–55, 2011
Wikia (2013) Cloud database, 2013. http://databasemanagement.wikia.com/wiki/Cloud_Database. Accessed Aug 2013
Wikipedia (2012) Cloud database, 2012. http://en.wikipedia.org/wiki/Cloud_database. Accessed Sept 2013
Williams E, Glass N, Dorsey J, Stone B (2006) Twitter. www.twitter.com. Accessed Nov 2013
Xu L, Wu X (2013) Hub: heterogeneous bucketization for database outsourcing, cloud computing’13, Hangzhou, China, pp 47–54, 2013
Yasin R (2013) 5 years down the road: the cloud of clouds, 2013. http://gcn.com/articles/2013/05/31/Cloud-of-Clouds-5-years-in-future.aspx. Accessed Oct 2013
ZeusDB. http://www.zeusdb.com. Accessed Feb, 2013
Zheng Q, Xu S, Ateniese G (2012) Efficient query integrity for outsourced dynamic databases, CCSW’12, Raleigh, North Carolina, USA, 2012
Zissis D, Lekkas D (2012) Addressing cloud computing security issues, future generation computer systems 3, pp 583–592, 2012
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Mehak, F., Masood, R., Ghazi, Y., Shibli, M., Khan, S. (2014). Security Aspects of Database-as-a-Service (DBaaS) in Cloud Computing. In: Mahmood, Z. (eds) Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-10530-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-10530-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10529-1
Online ISBN: 978-3-319-10530-7
eBook Packages: Computer ScienceComputer Science (R0)