Analysis of the Unexplored Security Issues Common to All Types of NoSQL Databases
Asian Journal of Research in Computer Science,
Page 1-12
DOI:
10.9734/ajrcos/2022/v14i130323
Abstract
NoSQL databases outperform the traditional RDBMS due to their faster retrieval of large volumes of data, scalability, and high performance. The need for these databases has been increasing in recent years because data collection is growing tremendously. Structured, unstructured, and semi- structured data storage is allowed in NoSQL, which is not possible in a traditional database. NoSQL needs to compensate with its security feature for its amazing functionalities of faster data access and large data storage. The main concern exists in sensitive information stored in the data. The need to protect this sensitive data is crucial for confidentiality and privacy problems. To understand the severity of preserving sensitive data, recognizing the security issues is important. These security issues, if not resolved, will cause data loss, unauthorized access, database crashes by hackers, and security breaches. This paper investigates the security issues common to the top twenty NoSQL databases of the following types: document, key-value, column, graph, object- oriented, and multi-model. The top twenty NoSQL databases studied were MongoDB, Cassandra, CouchDB, Hypertable, Redis, Riak, Neo4j, Hadoop HBase, Couchbase, MemcacheDB, RavenDB, Voldemort, Perst, HyperGraphDB, NeoDatis, MyOODB, OrientDB, Apache Drill, Amazon, and Neptune. The comparison results show that there are common security issues among the databases. SQL injection security issues were detected in eight databases. The names of the databases were MongoDB, Cassandra, CouchDB, Neo4j, Couchbase, RavenDB, OrientDB, and Apache Drill.
Keywords:
- NoSQL
- security issues
- document
- key-value
- column
- graph
- object-oriented
- multi-model databases
How to Cite
References
Chandra DG. BASE analysis of NoSQL database. Future Generation Computer Systems. 2015;52:13-21.
De Oliveira VF, Pessoa MADO, Junqueira F, Miyagi PE. SQL and NoSQL Databases in the Context of Industry 4.0. Machines. 2021;10(1):20.
Raut ABPD. NOSQL database and its comparison with RDBMS. International Journal of Computational Intelligence Research. 2017;13(7):1645-1651.
Han J, Haihong E, Le G, Du J. Survey on NoSQL database. In 2011 6th international conference on pervasive computing and applications. IEEE. 2011; 363-366.
Bjeladinovic S, Marjanovic Z, Babarogic S. A proposal of architecture for integration and uniform use of hybrid SQL/NoSQL database components. Journal of Systems and Software. 2020;168:110633.
Matallah H, Belalem G, Bouamrane K. Comparative study between the MySQL relational database and the MongoDB NoSQL database. International Journal of Software Science and Computational Intelligence (IJSSCI). 2021;13(3):38-63.
Ali W, Shafique MU, Majeed MA, Raza A. Comparison between SQL and NoSQL Databases and Their Relationship with Big Data Analytics. Asian Journal of Research in Computer Science. 2019;4(2):1-10.
Chen JK, Lee WZ. An introduction of NoSQL databases based on their categories and application industries. Algorithms. 2019;12(5):106.
Gessert F, Wingerath W, Friedrich S, Ritter N. NoSQL database systems: a survey and decision guidance. Computer Science-Research and Development. 2017;32(3): 353-365.
Deka GC. A survey of cloud database systems. It Professional. IEEE. 2013; 16(2):50-57.
Okman L, Gal-Oz N, Gonen Y, Gudes E, Abramov J. Security issues in NoSQL databases. In 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE. 2011;541-547.
Rao S, Suma SN, Sunitha M. Security solutions for big data analytics in healthcare. In 2015 Second International Conference on Advances in Computing and Communication Engineering. IEEE. 2015;510-514.
Hou B, Shi Y, Qian K, Tao L. Towards analyzing MongoDB NoSQL security and designing injection defense solution. In 2017 IEEE 3rd International Conference on Big Data Security on Cloud (bigdatasecurity), IEEE International Conference on High Performance and Smart Computing (hpsc), and IEEE International Conference on Intelligent Data and Security (ids). IEEE. 2017;90-95.
Abramova V, Bernardino J. NoSQL databases: MongoDB vs Cassandra. In Proceedings of the International C* Conference on Computer Science and Software Engineering. 2013;14-22.
Noiumkar P, Chomsiri T. A comparison the level of security on top 5 open source NoSQL databases. In The 9th International Conference on Information Technology and Applications (ICITA); 2014.
Dos Santos Ferreira G, Calil A, dos Santos Mello R. On providing DDL support for a relational layer over a document NoSQL database. In Proceedings of International Conference on Information Integration and Web- based Applications & Services. 2013;125-132.
Mason RT. NoSQL databases and data modeling techniques for a document-oriented NoSQL database. In Proceedings of Informing Science & IT Education Conference (InSITE). 2015;3(4):259-268.
Guimaraes V, Hondo F, Almeida R, Vera H, Holanda M, Araujo A, Lifschitz S. A study of genomic data provenance in NoSQL document-oriented database systems. In 2015 IEEE International Conference on Bioinformatics and Biomedicine (BIBM). IEEE. 2015;1525-1531.
Kumar J, Garg V. Security analysis of unstructured data in NoSQL MongoDB database. In 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN). IEEE. 2017;300-305.
Tian X, Huang B, Wu M. A transparent middleware for encrypting data in MongoDB. In 2014 IEEE Workshop on Electronics, Computer and Applications. IEEE. 2014;906-909.
Zahid A, Masood R, Shibli MA. Security of sharded NoSQL databases: A comparative analysis. In 2014 Conference on Information Assurance and Cyber Security (CIACS). IEEE. 2014;1-8.
Lim H, Fan B, Andersen DG, Kaminsky M. SILT: A memory-efficient, high-performance key- value store. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. 2011;1-13.
Zaki AK, Indiramma M. A novel Redis security extension for NoSQL database using authentication and encryption. In 2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT). IEEE. 2015;1-6.
Müller S, Bermbach D, Tai S, Pallas F. Benchmarking the performance impact of transport layer security in cloud database systems. In 2014 IEEE International Conference on Cloud Engineering. IEEE. 2014;27-36.
Sahafizadeh E, Nematbakhsh MA. A survey on security issues in big data and NoSQL. Advances in Computer Science: An International Journal. 2015;4(4):68-72.
Pallas F, Günther J, Bermbach D. Pick your choice in HBase: Security or performance. In 2016 IEEE International Conference on Big Data (Big Data). IEEE. 2016;548-554.
Vicknair C, Macias M, Zhao Z, Nan X, Chen Y, Wilkins D. A comparison of a graph database and a relational database: a data provenance perspective. In Proceedings of the 48th annual Southeast Regional Conference 2010;1-6.
Hurlburt G. High tech, high sec.: Security concerns in graph databases. IT Professional. IEEE. 2015;1:58-61.
Di Martino S, Fiadone L, Peron A, Riccabone A, Vitale VN. Industrial Internet of Things: Persistence for Time Series with NoSQL Databases. In 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). IEEE. 2019;340-345.
Becker MY, Sewell P. Cassandra: Flexible trust management, applied to electronic health records. In Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004. IEEE. 2004;139-154.
Cuzzocrea A, Shahriar H. Data masking techniques for NoSQL database security: A systematic review. In 2017 IEEE International Conference on Big Data (Big Data). IEEE. 2017;4467-4473.
Lourenço JR, Cabral B, Carreiro P, Vieira M, Bernardino J. Choosing the right NoSQL database for the job: a quality attribute evaluation. Journal of Big Data. 2015;2(1):18.
Morgado C, Baioco GB, Basso T, Moraes R. A security model for access control in graph-oriented databases. In 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE. 2018;135-142.
-
Abstract View: 87 times
PDF Download: 26 times
