Database as a service provides services for accessing and managing customers
data which provides ease of access, and the cost is less for these services.
There is a possibility that the DBaaS service provider may not be trusted, and
data may be stored on untrusted server. The access control mechanism can
restrict users from unauthorized access, but in cloud environment access
control policies are more flexible. However, an attacker can gather sensitive
information for a malicious purpose by abusing the privileges as another user
and so database security is compromised. The other problems associated with the
DBaaS are to manage role hierarchy and secure session management for query
transaction in the database. In this paper, a role-based access control for the
multitenant database with role hierarchy is proposed. The query is granted with
least access privileges, and a session key is used for session management. The
proposed work protects data from privilege escalation and SQL injection. It
uses the partial homomorphic encryption (Paillier Encryption) for the
encrypting the sensitive data. If a query is to perform any operation on
sensitive data, then extra permissions are required for accessing sensitive
data. Data confidentiality and integrity are achieved using the role-based
access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT
for Sustainable Developmen