Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

DBaaS Multitenancy, Auto-tuning and SLA Maintenance in Cloud Environments: a Brief Survey

Cloud computing is a paradigm that presents many advantages to both costumers and service providers, such as low upfront investment, pay-per-use and easiness of use, delivering/enabling scalable services using Internet technologies. Among many types of services we have today, Database as a Service (DBaaS) is the one where a database is provided in the cloud in all its aspects. Examples of aspects related to DBaaS utilization are data storage, resources management and SLA maintenance. In this context, an important feature, related to it, is resource management and performance, which can be done in many different ways for several reasons, such as saving money, time, and meeting the requirements agreed between client and provider, that are defined in the Service Level Agreement (SLA). A SLA usually tries to protect the costumer from not receiving the contracted service and to ensure that the provider reaches the profit intended. In this paper it is presented a classification based on three main parameters that aim to manage resources for enhancing the performance on DBaaS and guarantee that the SLA is respected for both user and provider sides benefit. The proposal is based upon a survey of existing research work efforts

Database Security Issues and Challenges in Cloud Computing

The majority of enterprises have recently enthusiastically embraced cloud computing, and at the same time, the database has moved to the cloud. This cloud database paradigm can lower data administration expenses and free up new business to concentrate on the product that is being delivered. Furthermore, issues with scalability, flexibility, performance, availability, and affordability can be resolved with cloud computing. Security, however, has been noted as posing a serious risk to cloud databases and has been essential in fostering public acceptance of cloud computing. Several security factors should be taken into account before implementing any cloud database management system. These features comprise, but are not restricted to, data privacy, data isolation, data availability, data integrity, confidentiality, and defense against insider threats. In this paper, we discuss the most recent research that took into account the security risks and problems associated with adopting cloud databases. In order to better comprehend these problems and how they affect cloud databases, we also provide a conceptual model. Additionally, we look into these problems to the extent that they are relevant and provide two instances of vendors and security features that were used for cloud-based databases. Finally, we provide an overview of the security risks associated with open cloud databases and suggest possible future paths

Data Migration to Cloud in ERP Implementations

The concept of Cloud Computing has evolved constantly, in strand of service models, based on the creation and share of several technological resources. Increasingly, it has used virtualization technology to optimize resources, which are shared by all accounts, in a self-service format. All these features result in a flexible and progressive behavior of resources. The management of the service provided, is made based on the service level agreement established between the client and the cloud provider, and the constant technological developments can quickly change depending of the requirements. That said, knowing the current state of Wipro with respect to the concepts of data migration and cloud being combined into one, it is very challenging to design and build a possible process to help the company make this transition. Especially, when there is already a tool that has been used for several years and it is intended to be part of this integration with a new possible solution that is described along this document. The study, of qualitative nature, is guided by different case studies when it comes to the processes being used to migrate data into Cloud. The main objectives are to find new solutions that increase productivity of the company, save human resources that can be reallocated to other tasks, ending up to be considered innovative solutions, with rapid implementations and most importantly with low cost. What ends up in the overall objective of this dissertation that is to examine the feasibility of the adoption of Cloud Computing in Wipro Portugal through two main points: • The migration of data into Cloud; • Integration with Data Conversion Tool (DCT). We believe that this approach is very meaningful towards encouraging greater productivity and obtaining new achievements. Concerning the empirical study, there is a big number of tools that can be investigated later as possible solutions for other kind of implementations than Oracle Retail. For now this dissertation focus in the current OR business approaches and points for Oracle Cloud as the main Cloud Computing Service due to its partnership with Wipro. Both solutions that were implemented, SQL Loader and Golden Gate, seem viable and versatile as they can be integrated with the current tool, DCT and are capable of loading several amounts of data without any issues. In terms of performance Golden Gate seems to be a few steps above of SQL Loader, but requires deeper analysis when using multi threading as an option in both methods, and the containerization of the databases can be very relevant regarding the times of loading. In general, good solutions are available and need to be taken into consideration by the company as they can help to leverage its resources in a more efficient way and the main objective of having data in the Cloud was reached, having gathered knowledge about the behaviour of Oracle Cloud and some of the services

Cloud-native databases : an application perspective

As cloud computing technologies evolve to better support hosted software applications, software development businesses are faced with a multitude of options to migrate to the cloud. A key concern is the management of data. Research on cloud-native applications has guided the construction of highly elastically scalable and resilient stateless applications, while there is no corresponding concept for cloud-native databases yet. In particular, it is not clear what the trade-offs between using self-managed database services as part of the application and provider-managed database services are. We contribute an overview about the available options, a testbed to compare the options in a systematic way, and an analysis of selected benchmark results produced during the cloud migration of a commercial document management application

On the security of NoSQL cloud database services

Processing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS introduces new challenges such as confidentiality violation and information leakage in the presence of privileged malicious insiders and adds new dimension to the data security. We address the problem of building a secure DBaaS for a public cloud infrastructure where, the Cloud Service Provider (CSP) is not completely trusted by the data owner. We present a high level description of several architectures combining modern cryptographic primitives for achieving this goal. A novel searchable security scheme is proposed to leverage secure query processing in presence of a malicious cloud insider without disclosing sensitive information. A holistic database security scheme comprised of data confidentiality and information leakage prevention is proposed in this dissertation. The main contributions of our work are: (i) A searchable security scheme for non-relational databases of the cloud DBaaS; (ii) Leakage minimization in the untrusted cloud. The analysis of experiments that employ a set of established cryptographic techniques to protect databases and minimize information leakage, proves that the performance of the proposed solution is bounded by communication cost rather than by the cryptographic computational effort

Elastic Resource Management in Distributed Clouds

The ubiquitous nature of computing devices and their increasing reliance on remote resources have driven and shaped public cloud platforms into unprecedented large-scale, distributed data centers. Concurrently, a plethora of cloud-based applications are experiencing multi-dimensional workload dynamics---workload volumes that vary along both time and space axes and with higher frequency. The interplay of diverse workload characteristics and distributed clouds raises several key challenges for efficiently and dynamically managing server resources. First, current cloud platforms impose certain restrictions that might hinder some resource management tasks. Second, an application-agnostic approach might not entail appropriate performance goals, therefore, requires numerous specific methods. Third, provisioning resources outside LAN boundary might incur huge delay which would impact the desired agility. In this dissertation, I investigate the above challenges and present the design of automated systems that manage resources for various applications in distributed clouds. The intermediate goal of these automated systems is to fully exploit potential benefits such as reduced network latency offered by increasingly distributed server resources. The ultimate goal is to improve end-to-end user response time with novel resource management approaches, within a certain cost budget. Centered around these two goals, I first investigate how to optimize the location and performance of virtual machines in distributed clouds. I use virtual desktops, mostly serving a single user, as an example use case for developing a black-box approach that ranks virtual machines based on their dynamic latency requirements. Those with high latency sensitivities have a higher priority of being placed or migrated to a cloud location closest to their users. Next, I relax the assumption of well-provisioned virtual machines and look at how to provision enough resources for applications that exhibit both temporal and spatial workload fluctuations. I propose an application-agnostic queueing model that captures the resource utilization and server response time. Building upon this model, I present a geo-elastic provisioning approach---referred as geo-elasticity---for replicable multi-tier applications that can spin up an appropriate amount of server resources in any cloud locations. Last, I explore the benefits of providing geo-elasticity for database clouds, a popular platform for hosting application backends. Performing geo-elastic provisioning for backend database servers entails several challenges that are specific to database workload, and therefore requires tailored solutions. In addition, cloud platforms offer resources at various prices for different locations. Towards this end, I propose a cost-aware geo-elasticity that combines a regression-based workload model and a queueing network capacity model for database clouds. In summary, hosting a diverse set of applications in an increasingly distributed cloud makes it interesting and necessary to develop new, efficient and dynamic resource management approaches