Secure framework for Database as a Service Model on cloud (non-relational data storage)

In the era of Cloud Computing, resources and applications are provided as a service over the internet. Main benefits of this paradigm are well known and range from cost reduction, scalability, better quality of service, and more effective allocation of internal resources. In this scenario, an important role is played by data management services. In this respect, a new emerging option is represented by Database as a Service* (DbaaS) paradigm. DbaaS is regulated by the same principles as Software as a Service (SaaS) and basically means the delivery of the typical functionalities of a database management system in the cloud.

Under DbaaS model, there is a shift from traditional client-server architecture to third party architecture, where data owners are no longer totally responsible for data management. Rather they outsource their data (or portions of them) to one or more data service providers (or publishers) that provide data management services. Unstructured databases such as NoSQL and CloudDB are emerging database technologies and are widely being opted for DbaaS model. However, one of the most obvious obstacles to the widespread use of DbaaS and unstructured databases is related to the security and privacy of the data. The challenge is how to ensure properties such as confidentiality, integrity, authenticity and privacy, if the data is not directly managed by the owner but by a third party. Data or Cloud owners have to embed the required security solutions in the middleware because it cannot be explicitly enforced in unstructured database. The required security policies and mechanisms at middleware become difficult to manage, hence there is need to work on secure and reliable framework for NoSQL databases on Cloud.

Clearly the future of such database technologies needs considerable development and hardening in order to provide secure environment for sensitive data which is being stored on third party premises.

Integrity: It is assumed that data updates are managed by data owner and user can only query the data managed by the publisher.

Confidentiality & Access Control: has a twofold meaning:
- with respect to users 
- with respect to publishers 

Researchers have used different cryptographic techniques to achieve confidentiality w.r.t publishers. However, no scenario has been considered yet where the data owner can specify the authorization granting different users the rights to see different portions of outsourced data.

This project will aim towards providing a Generic Security Framework for the data hosted in third party premises. Project will thoroughly investigate integrity, confidentiality and authorization aspects for DbaaS model and will provide a comprehensive security solution that can cater security issues of DbaaS model. It will also inspect various security concerns related to hosting and deployment of unstructured databases on Cloud with the purpose to sustain the security of data being resided in these unstructured databases. The proposed framework will not only facilitate data service providers but will also enable data service consumers to holistically protect their data from disruption and disclosure. Framework will consist of different modules, each one for integrity, confidentiality and authorization.

*By DbaaS, we mean storage services being provided by third party to host database on Cloud.