Skip to main content
SpringerLink
Log in
Book cover

Cloud Computing pp 297–324Cite as

Security Aspects of Database-as-a-Service (DBaaS) in Cloud Computing

  • Chapter
  • First Online:

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Database-as-a-Service (DBaaS) provides a wide range of benefits such as data outsourcing, multi-tenancy and resource sharing. It has garnered a lot of hype, but while it is promising, it is also a mine-field of concerns and issues. Security is one of the most critical challenges in this domain, which has only begun to earn the academic attention that it needs. There is a serious lack of research in this area that collectively covers the security of DBaaS, from its various problems to the possible solutions. To this end, this chapter provides a holistic survey on the security aspects of the Cloud DBaaS, including key features, advantages and different compatible architectures for managing data in the Cloud DBaaS. Furthermore, we identify challenges and classify the security limitations in DBaaS paradigm. Security requirements that are being fulfilled by state-of-the-art mechanisms along with their in-depth description are also presented. Additionally, we provide insight to the future security perspective. Our work acts as a comprehensive guidance for the developers and researchers to help them understand the inherent security issues and the existent countermeasures in the DBaaS domain.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. 万文典 (2011) Future trend of database: cloud database, http://toyhouse.cc/profiles/blogs/future-trend-of-database-Cloud-database. Accessed Aug 2013

  2. Abadi DJ (2009) Data management in the cloud: limitations and opportunities. IEEE Data Eng 32(1):2009

    Google Scholar 

  3. Agrawal R, Evfimievski A, Srikant R (2003) Information sharing across private databases. In: Proceedings of the ACM SIGMOD conference, pp 86–97, 2003

    Google Scholar 

  4. Agrawal D, Abbadi AEl, Emekci F, Metwally A (2009) Database management as a service: challenges and opportunities, data engineering, ICDE’09. IEEE 25th international conference on IEEE, pp 1709–1716, 2009

    Google Scholar 

  5. Agrawal D, Das S, Abbadi AEl (2011) Big data and cloud computing: current state and future opportunities. Proceedings of the 14th international conference on extending database technology, ACM, pp 530–533, 2011

    Google Scholar 

  6. Agrawal D, Abbadi AEl, Das S, Elmore AJ (2011) Database scalability, elasticity, and autonomy in the cloud, database systems for advanced applications. Springer, Berlin, pp 1–14

    Google Scholar 

  7. Al Shehri W (2013) Cloud database Database-as-a-Service. Int J Database Manage Syst (IJDMS) 5(2):1–12

    Article  Google Scholar 

  8. Alzain MA, Pardede E (2011) Using multi shares for ensuring privacy in Database-as-a-Service. Proceedings of 44th Hawaii international conference on system sciences, pp 1–9, 2011

    Google Scholar 

  9. AlZain MA, Pardede E, Soh B, Thom JA (2012) Cloud computing security: from single to multi-clouds. 45th Hawaii international conference on system sciences, pp 5490–5499, 2012

    Google Scholar 

  10. Amanatidis G, Boldyreva A, O’Neill A (2007) New security models and provably-secure schemes for basic query support in outsourced databases, 2007

    Google Scholar 

  11. Amazon (2006) Amazon web services. Web services licensing agreement, 2006

    Google Scholar 

  12. Amazon, Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/. Accessed Aug 2013

  13. Amazon, Amazon SimpleDB, http://aws.amazon.com/simpledb/. Accessed Aug 2013

  14. Amazon web services (2013) Amazon Elastic Block Store (EBS), 2013. http://aws.amazon.com/ebs/. Accessed Oct 2013

  15. Ansari S, Rajeev SG, Chandrashekar HS (2002) Packet sniffing: a brief introduction. Potential IEEE 21(5):17–19

    Article  Google Scholar 

  16. Apache, CouchDB. http://couchdb.apache.org/. Accessed Dec 2013

  17. Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I, Zaharia M (2010) A view of cloud computing. Commun ACM 53(4):50–58

    Article  Google Scholar 

  18. Arora I, Gupta A (2012) Cloud databases: a paradigm shift in databases. Int J Comput Sci Issues 9(4):77–83

    Google Scholar 

  19. Babcock C (2012) Cloud implementation to double by 2012. http://www.informationweek.com/news/services/saas/214502033?queryText=cloud. Accessed Jan 2014

  20. Behl A (2011) Emerging security challenges in cloud computing-an insight to cloud security challenges and their mitigation. Information and Communication Technologies (WICT), World Congress on IEEE, pp 217–222, 2011

    Google Scholar 

  21. Behl A, Behl K (2012) An analysis of cloud computing security issues. Information and Communication Technologies (WICT), World Congress on IEEE, pp 109–114, 2012

    Google Scholar 

  22. Beimborn D, Miletzki T, Wenzel S (2011) Platform as a service (PaaS). Bus Inf Syst Eng 3(6):381–384

    Article  Google Scholar 

  23. Bezos J (1994) Amazon. http://www.amazon.com/. Accessed Nov 2013

  24. Biswas A (2012) Cloud Database: Advantages and Disadvantages, 2012. http://www.itsabhik.com/Cloud-database-advangates-and-disadvantages/. Accessed Oct 2013

  25. Bobrowski S (2008) Database-as-a-Service, 2008. http://dbaas.wordpress.com/2008/05/14/what-exactly-is-database-as-a-service/. Accessed Aug 2013

  26. Bonnette R (2011) Top benefits of database cloud computing, 2011. http://blog.caspio.com/commentary/top-benefits-of-database-Cloud-computing/. Accessed Aug 2013

  27. Brown WC, Nyarko K (2012) Software as a service (SaaS), cloud computing service and deployment models: layers and management, 2012

    Google Scholar 

  28. Brzeźniak M, Jankowski G, Jankowski M, Jankowski S, Jankowski T, Meyer N, Mikołajczak R, Zawada A, Zdanowski S (2013) National data storage 2: secure storage cloud with efficient and easy data access, 2013

    Google Scholar 

  29. Buneman P, Khanna S, Tan W-C (2000) Data provenance: some basic issues, FST TCS 2000: foundations of software technology and theoretical computer science. Springer, Berlin

    Google Scholar 

  30. Carrenza (2012) Database-as-a-Service, http://carrenza.com/services/use-cases/database-as-a-service/. Accessed Oct 2013

  31. Cloudtweaks (2010) Top 10 cloud computing most promising adoption factors, 2010. http://www.Cloudtweaks.com/2010/08/top-10-Cloud-computing-most-promising-adoption-factors/. Accessed Sept 2013

  32. Cloud Security Alliance (2012) Top ten big data security and privacy challenges, 2012. Accessed Oct 2013

    Google Scholar 

  33. Cloud Security Alliance, Cloud Vulnerabilities Working Group (2013) Cloud computing: vulnerability incidents: a statistical overview, 2013

    Google Scholar 

  34. Cloud Security Alliance, https://cloudsecurityalliance.org/, Accessed Feb 2013

  35. Cloud Tweaks (2012) A hitchhikers guide to the cloud-database challenges to consider, 2012. http://www.cloudtweaks.com/2012/09/a-hitchhikers-guide-to-the-cloud-database-challenges-to-consider/. Accessed Oct 2013

  36. Coleman C (2013) Why use a DBaaS instead of do-it-yourself MySQL in the cloud? https://www.cleardb.com/blog/entry?id=pro-series/segment-101/why-use-a-database-as-a-service-instead-of-do-it-yourself-mysql-in-the-Cloud. Accessed Nov 2013

  37. Cooper BF, Ramakrishnan R, Srivastava U, Silberstein A, Bohannon P, Jacobsen HA, Puz N, Weaver D, Yerneni R (2008) PNUTS: Yahoo!’s hosted data serving platform, 2008

    Google Scholar 

  38. David Linthicum-InfoWorld (2013) Interoperable database, 2013. http://dictionary.reference.com/browse/interoperable+database. Accessed Sept 2013

  39. Dillon T, Wu C, Chang E (2012) Cloud computing: issues and challenges. 24th IEEE international conference on advanced information networking and applications, pp 27–33, 2012

    Google Scholar 

  40. Dimovski D (2013) Database management as a cloud based service for small and medium organizations, Dissertation/master thesis, Masaryk University Brno, 2013

    Google Scholar 

  41. Essner J (2011) Security in the Cloud. New Jersey Digital Government Summit, 2011

    Google Scholar 

  42. Ferrari E (2009) Database-as-a-Service: challenges and solutions for privacy and security, services computing conference, 2009. APSCC 2009. IEEE Asia-Pacific. IEEE, pp 46–51, 2009

    Google Scholar 

  43. Ferrari E (2010) Access control in data management systems. Morgan & Claypool, San Rafael

    Google Scholar 

  44. Ferretti L, Colajanni M, Marchetti M (2012) Supporting security and consistency for cloud database. Cyberspace Safe Secur Lect Notes Comput Sci 7672:179–193

    Article  Google Scholar 

  45. Ge T, Zdonik SB (2007) Answering aggregation queries in a secure system model. In Proceedings of VLDB Conference, pp 519–530, 2007

    Google Scholar 

  46. Gelbstein E (2011) Data integrity-information security’s poor relation. ISACA J 6:2011

    Google Scholar 

  47. Gelogo YE, Lee S (2012) Database management system as a cloud service. Int J Future Gener Commun Netw 5(2):71–76

    Google Scholar 

  48. Golden B (2010) Cloud computing: two kinds of agility, 2010. http://www.cio.com/article/599626/Cloud_Computing_Two_Kinds_of_Agility. Accessed Sept 2013

  49. Gupta GKr, Sharma AK, Swaroop V (2010) Consistency and security in mobile real time distributed database (MRTDDB): a combinational giant challenge. AIP conference proceedings, vol 1324, 2010

    Google Scholar 

  50. Hacigumus H, Iyer B, Li C, Mehrotra S (2002) Executing SQL over encrypted data in the database service provider model. In: Proceedings of the ACM SIGMOD’200 conference, Madison, Wisconsin, pp 216–227, 2002

    Google Scholar 

  51. Hacigumus H, Iyer B, Mehrorta S (2002) Providing Database-as-a-Service, ICDE, pp 29–38, 2002

    Google Scholar 

  52. Hacigumus H, Iyer B, Mehrotra S (2002) Providing Database-as-a-Service. Proceedings of the 18th international conference on data engineering (ICDE.02), 2002

    Google Scholar 

  53. Hadavi MA, Noferesti M, Jalili R, Damiani E (2012) Database-as-a-Service: towards a unified solution for security requirements. IEEE 36th international conference on computer software and applications workshops, pp 415–420, 2012

    Google Scholar 

  54. Haughwout J (2011) Cloud computing: it’s not just about access from anywhere, 2011. http://technorati.com/technology/article/Cloud-computing-its-not-just-about/page-1/. Accessed Oct 2013

  55. Hogan M (2008) Cloud computing & databases-how databases can meet the demands of Cloud computing, ScaleDB Inc, 2008

    Google Scholar 

  56. Holden EP, Kang JW, Bills DP, Ilyassov M (2009) Databases in the Cloud: a work in progress. Proceedings of the 10th ACM conference on SIG-information technology education, ACM, pp 138–143, 2009

    Google Scholar 

  57. IBM (1991) http://www.ibm.com/us/en/. Accessed Feb 2013

  58. Kapa KK, Lopez R (2012) Database-as-a-Service (DBaaS) using enterprise manager 12c, Oracle Open World, 2012

    Google Scholar 

  59. Kumar A, Lee HJ, Singh RP (2012) Efficient and secure cloud storage for handling big data, information science and service science and data mining (ISSDM). 6th international conference on new trends in, pp 162–166, 2012

    Google Scholar 

  60. Kumbhare A, Simmhan Y, Prasanna V (2012) Cryptonite: a secure and performant data repository on public clouds, cloud computing (CLOUD), 2012 IEEE 5th international conference on IEEE, pp 510–517, 2012

    Google Scholar 

  61. Lee S (2011) Shared-nothing vs. shared-disk cloud database architecture. Int J Energy Inf Commun 2(4):211–216

    MATH  Google Scholar 

  62. Linthicum D (2010) The data interoperability challenge for Cloud computing, 2010. http://www.infoworld.com/d/Cloud-computing/data-interoperability-challenge-Cloud-computing-259. Accessed Oct 2013

  63. Linthicum D (2010) The data interoperability challenge for cloud computing, http://www.infoworld.com/d/cloud-computing/data-interoperability-challenge-cloud-computing-259, 2010. Accessed Nov 2013

  64. Liu W (2012) Research on cloud computing security problem and strategy, consumer electronics, communications and networks (CECNet), 2nd international conference on IEEE, pp 1216–1219, 2012

    Google Scholar 

  65. Longjump, http://www.softwareag.com/special/longjump/index.html. Accessed Feb 2013

  66. Mani M, Shah K, Gunda M (2013) Enabling secure Database-as-a-Service using fully homomorphic encryption: challenges and opportunities, DanaC ’13. Proceedings of the second workshop on data analytics in the cloud, pp 1–12, 2013

    Google Scholar 

  67. Markovich S (2011) Three clouds-computing data security risks that can’t be overlooked, 2011. http://www.mcafee.com/us/products/databasesecurity/articles/20110321-01.aspx. Accessed Oct 2013

  68. Mateljan V, Cisic D, Ogrizovid D (2010) Cloud Database-as-a-Service (DaaS)-ROI, MIPRO, Opatija, Croatia, pp 1185–1188, 2010

    Google Scholar 

  69. McAfee (2012) Data loss by the numbers. White paper, 2012.

    Google Scholar 

  70. Merkle RC (1989) A certified digital signature, advances in cryptology-CRYPTO ’89. 9th annual international cryptology conference, Santa Barbara, California, USA, Proceedings vol 435, pp 218–238, 1989

    Google Scholar 

  71. Michel D (2010) Databases in the cloud, Doktorarbeit, HSR University of Applied Science Rapperswil, 2010

    Google Scholar 

  72. Microsoft, Windows Azure. http://www.windowsazure.com/en-us/. Accessed Nov 2013

  73. Miller R (2008) Major outage for Amazon S3 and EC2, http://www.datacenterknowledge.com/archives/2008/02/15/major-outage-for-amazon-s3-and-ec2/,200. Accessed Oct 2013

  74. Mitropoulos D (2013) Data security in the cloud environment vol 19, no 3, 2013

    Google Scholar 

  75. MySQL. http://www.mysql.com/products/enterprise/database/. Accessed Dec 2013

  76. Nadella S (1975) Microsoft. http://www.microsoft.com/en-pk/default.aspx. Accessed Nov 2013

  77. Nithiavathy R (2013) Data integrity and data dynamics with secure storage service in cloud. Proceedings of the 2013 international conference on pattern recognition, informatics and mobile engineering, IEEE, pp 125–130, 2013

    Google Scholar 

  78. NoSQL. http://nosql-database.org/. Accessed Nov 2013

  79. Nuo DB (2013) 12 rules for a cloud data management system (CDMS), Cambridge Massachusetts (PRWEB), 2013

    Google Scholar 

  80. Oracle Corporation (2011) Database-as-a-Service: reference architecture-an overview, 2011

    Google Scholar 

  81. Oracle ® Database Security Guide 10 g Release 2 (10.2) (2013) 7 Security Policies, 2013. http://docs.oracle.com/cd/B19306_01/network.102/b14266/policies.htm. Accessed Aug 2013

  82. Oracle, Oracle database, http://www.oracle.com/us/products/database/overview/index.html. Accessed Dec 2013

  83. OWASP (2009) Resource exhaustion, https://www.owasp.org/index.php/Resource_exhaustion, 2009. Accessed Aug 2013

  84. Page L, Brin S (1998) Google. https://www.google.com.pk/. Accessed Oct 2013

  85. Pizette L, Cabot T (2012) Database-as-a-Service: a marketplace assessment, pp 1–4, 2012

    Google Scholar 

  86. Posey M (2012) Database-as-a-Service: rightsizing database solutions, research vice president, hosting & managed network services, 2012

    Google Scholar 

  87. Reddy Kandukuri B, Ramakrishna PV, Rakshit A (2009) Cloud security issues, IEEE, pp 517–520, 2009

    Google Scholar 

  88. Sakhi I (2012) Databases security in cloud. Dissertation KTH, 2012

    Google Scholar 

  89. Saravanan C, Sandya M (2011) Databases in the era of cloud computing and big data, features, open gurus, overview, technology, 2011. http://www.linuxforu.com/2011/05/databases-in-era-of-Cloud-computing-and-big-data. Accessed Aug 2013

  90. ScaleDB (2012) Database-as-a-Service (DBaaS), http://www.scaledb.com/DBaaS-Database-as-a-Service.php. Accessed Dec 2013

  91. Sengupta S, Kaulgud V, Sharma VS (2011) Cloud computing security-trends and research directions, services (SERVICES), IEEE World Congress on IEEE, pp 524–531, 2011

    Google Scholar 

  92. Sharir R (2013) Nine cloudy challenges for databases, 2013. http://www.itbusinessedge.com/slideshows/show.aspx?c=96438. Accessed Nov 2013

  93. Sheldon R (2012) DBaaS pros and cons for solution providers, 2012. http://searchitchannel.techtarget.com/tip/DBaaS-pros-and-cons-for-solution-providers. Accessed Aug 2013

  94. Sion R (2005) Query execution assurance for outsourced database. In: Proceedings of VLDB conference, 2005

    Google Scholar 

  95. Sion R (2007) Secure data outsourcing. In: Proceedings of the CLDB conference, pp 1431–1432, 2007

    Google Scholar 

  96. Summers A, Tickner C (2004) What is security analysis? http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm. Accessed Dec 2013

  97. Sushil B, Jain L, Jain S (2010) Cloud computing: a study of infrastructure as a service (IAAS). International journal of engineering and information technology 2.1, pp 60–63, 2010

    Google Scholar 

  98. Tianfield H (2012) Security issues in cloud computing. IEEE international conference on systems, man, and cybernetics, pp 1082–1089, 2012

    Google Scholar 

  99. Vacca JR (2012) Computer and information security handbook, second edition, Newnes, 2012

    Google Scholar 

  100. vFabric Team (2012) Why DBaaS? 5 trends pushing Database-as-a-Service, 2012. http://blogs.vmware.com/vfabric/2012/08/why-dbaas-6-trends-pushing-database-as-a-service.html. Accessed Sept 2013

  101. Wang C, Chow SSM, Wang Q, Kui R, Wenjing L (2013) Privacy preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

    Article  MathSciNet  Google Scholar 

  102. Weis J, Alves-Foss J (2011) Securing Database-as-a-Service: issues and compromises, security & privacy, IEEE 9.6, pp 49–55, 2011

    Google Scholar 

  103. Wikia (2013) Cloud database, 2013. http://databasemanagement.wikia.com/wiki/Cloud_Database. Accessed Aug 2013

  104. Wikipedia (2012) Cloud database, 2012. http://en.wikipedia.org/wiki/Cloud_database. Accessed Sept 2013

  105. Williams E, Glass N, Dorsey J, Stone B (2006) Twitter. www.twitter.com. Accessed Nov 2013

  106. Xu L, Wu X (2013) Hub: heterogeneous bucketization for database outsourcing, cloud computing’13, Hangzhou, China, pp 47–54, 2013

    Google Scholar 

  107. Yasin R (2013) 5 years down the road: the cloud of clouds, 2013. http://gcn.com/articles/2013/05/31/Cloud-of-Clouds-5-years-in-future.aspx. Accessed Oct 2013

  108. ZeusDB. http://www.zeusdb.com. Accessed Feb, 2013

  109. Zheng Q, Xu S, Ateniese G (2012) Efficient query integrity for outsourced dynamic databases, CCSW’12, Raleigh, North Carolina, USA, 2012

    Google Scholar 

  110. Zissis D, Lekkas D (2012) Addressing cloud computing security issues, future generation computer systems 3, pp 583–592, 2012

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering and Computer Science, National University of Sciences and Technology, Sector H-12, 44000, Islamabad, Pakistan

    Faria Mehak, Rahat Masood, Yumna Ghazi, Muhammad Awais Shibli & Sharifullah Khan

Authors
  1. Faria Mehak
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rahat Masood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yumna Ghazi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Muhammad Awais Shibli
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sharifullah Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rahat Masood .

Editor information

Editors and Affiliations

  1. University of Derby, United Kingdom

    Zaigham Mahmood

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Mehak, F., Masood, R., Ghazi, Y., Shibli, M., Khan, S. (2014). Security Aspects of Database-as-a-Service (DBaaS) in Cloud Computing. In: Mahmood, Z. (eds) Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-10530-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10530-7_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10529-1

  • Online ISBN: 978-3-319-10530-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation