Data security in cloud-centric multi-tenant databases

Abstract

Cloud computing has swiftly gained momentum in the technological industry, owing to its numerous benefits, notably its ability to scale, ensure availability, and lower expenses. Countless organisations have transitioned their operations to the cloud, and it is anticipated that nearly all businesses will rely on cloud-based systems in the forth-coming years. Cloud computing has initiated significant transformations, particularly in the realm of Software as a Service (SaaS), where conventional database management systems (DBMSs) have evolved into Cloud-DBMSs (CDBMSs). Alongside this transition and within the same domain, there has been a shift from conventional single tenant database systems towards multi-tenant architectures that facilitate efficient sharing of the underlying infrastructure and resources. Despite the prior-mentioned advantages, organisations continue to exhibit hesitancy in adopting multi-tenant database systems particularly due to concerns regarding data security. The prospect of storing data from multiple tenants on the same server, or potentially within the same database tables, amplifies apprehensions of unauthorised access. Within this context, the focus of this dissertation revolves around the domain of cloud-centric database security, with particular focus on the unique intricacies presented by multi-tenant architectures. The aim is that of creating an automated process that aids software houses and database administrators in implementing security assertions for multi-tenant database systems prior to storing data online. This automation, in the form of a Computer-Aided Software Engineering (CASE) tool, enables the generation of tenant-specific secure database profiles, taking into account prevalent threats in CDBMSs and a comprehensive list of security requirements. A relational data model and SQL scripts are utilised as the main basis of this thesis whilst database design diagrams ensure that security is inbuilt from the initial stages of database design. Conclusively, a comprehensive analysis conducted on the proposed tool across various dimensions, including system coverage, performance, and security, demonstrates its successful attainment of the objectives established prior to its development.