Database as a service (DBaaS)

Modern Web or ¿Eternal-Beta¿ applications necessitate a flexible and easy-to-use data management platform that allows the evolutionary development of databases and applications. The classical approach of relational database systems following strictly the ACID properties has to be extended by an extensible and easy-to-use persistency layer with specialized DB features. Using the underlying concept of Software as a Service (SaaS) also enables an economic advantage based on the ¿economy of the scale¿, where application and system environments only need to be provided once but can be used by thousands of users. Within this tutorial, we are looking at the current state-of-the-art from different perspectives. We outline foundations and techniques to build database services based on the SaaS-paradigm. We discuss requirements from a programming perspective, show different dimensions in the context of consistency and reliability, and also describe different non-functional properties under the umbrella of Service-Level agreements (SLA)

Enabling Secure Database as a Service using Fully Homomorphic Encryption: Challenges and Opportunities

The database community, at least for the last decade, has been grappling with querying encrypted data, which would enable secure database as a service solutions. A recent breakthrough in the cryptographic community (in 2009) related to fully homomorphic encryption (FHE) showed that arbitrary computation on encrypted data is possible. Successful adoption of FHE for query processing is, however, still a distant dream, and numerous challenges have to be addressed. One challenge is how to perform algebraic query processing of encrypted data, where we produce encrypted intermediate results and operations on encrypted data can be composed. In this paper, we describe our solution for algebraic query processing of encrypted data, and also outline several other challenges that need to be addressed, while also describing the lessons that can be learnt from a decade of work by the database community in querying encrypted data

Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

Perancangan dan Analisis Load Balancing as a Service Menggunakan OpenStack untuk Database Gunung Api

Pembangunan jaringan pada sistem database untuk hasil pengamatan gunung api diperlukan karena Indonesia termasuk negara ring of fire yang memiliki 127 gunung api aktif maupun tidak. Berdasarkan hasil observasi pada Badan Geologi khususnya PVMBG (Pusat Vulkanologi dan Mitigasi Bencana Geologi, pengamatan gunung api terbagi menjadi dua metode secara visual dan instrumentasi menggunakan sensor analog dan digital. Data hasil metode visual dan instrumentasi menggunakan sensor analog melalui web aplikasi. Data hasil metode intrumentasi sensor digital masuk secara otomatis kedalam server database. Semua data hasil pengamatan menggunakan dua metode tersebut masuk ke server database secara bersamaan sehingga menyebabkan down pada web aplikasi data. Hal ini dapat menyebabkan kinerja server database kurang maksimal. Mekanisme sistem antrian dengan menditribusikan beban trafik data ke server dengan teknologi Load Balancing dapat menjadi solusi. Pada penelitian ini dilakukan implementasi Load Balancing pada web server guna mendistribusikan trafik data hasil pengamatan yang masuk kedalam server database. Infrastruktur jaringan sistem database menggunakan platform cloud computing yaitu OpenStack dengan implementasi Load Balancing as a Service. Penelitian ini membandingkan dua algoritma Load Balancing yaitu Round Robin dan Least Connection. Least Connection memiliki performansi yang lebih baik dari Round Robin untuk segi uji parameter Respon Time, Throughput, Transaction Rate dan Failed Transaction pada web server. Hasil pengujian algoritma Least Connection jika dibandingkan dengan algoritma Round Robin dan Single Web Server berdasarkan skenario pengujian memiliki nilai rata-rata Respon Time lebih kecil 8,49% dan 71,37%, Throughput lebih besar 5,07% dan 93,72%, Transaction Rate lebih besar 5,26% dan 50,16% serta untuk Failed Transaction 0%. Algoritma Least Connection yang diimplementasikan pada web server aplikasi input data hasil pengamatan gunung api dapat mendukung kinerja server database yang kurang maksimal. Kinerja server database yang maksimal dapat mempercepat proses keputusan status level gunung api sebelum terjadi bencana

A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

Priority-Driven Differentiated Performance for NoSQL Database-As-a-Service

Designing data stores for native Cloud Computing services brings a number of challenges, especially if the Cloud Provider wants to offer database services capable of controlling the response time for specific customers. These requests may come from heterogeneous data-driven applications with conflicting responsiveness requirements. For instance, a batch processing workload does not require the same level of responsiveness as a time-sensitive one. Their coexistence may interfere with the responsiveness of the time-sensitive workload, such as online video gaming, virtual reality, and cloud-based machine learning. This paper presents a modification to the popular MongoDB NoSQL database to enable differentiated per-user/request performance on a priority basis by leveraging CPU scheduling and synchronization mechanisms available within the Operating System. This is achieved with minimally invasive changes to the source code and without affecting the performance and behavior of the database when the new feature is not in use. The proposed extension has been integrated with the access-control model of MongoDB for secure and controlled access to the new capability. Extensive experimentation with realistic workloads demonstrates how the proposed solution is able to reduce the response times for high-priority users/requests, with respect to lower-priority ones, in scenarios with mixed-priority clients accessing the data store