Aspects of database security for web based application development

Abstract

The use of online computing has seen a rapid growth, mostly especially in large companies. Many a time, when making use of a data intensive application demand its fundamental component is a database. When online, the risk of an attack is greater so it is vital to have maximum security on the database since these usually serve as the data store of critical function. Rapid growth in data and data access has brought about the introduction of a new generation of database systems called NoSQL systems. Some of these systems are document stores and use of SQL like and procedural queries, and their aim is to tackle challenges of data partitioning and availability. But, these systems were not designed as stand-alone systems and consequently not much importance was given to data security on a database level whilst developing them. The aim of this project is to investigate the security requirements and weaknesses of NoSQL based systems and implement a security model which addresses and tackle many of these threats. In order to reach this objective, it was decided that it is best to apply a security model to the database system. The security data model selected is the Bell-LaPadula and it manages user, security clearances and collections of documents. A layer over MongoDB was implemented that does the following: introduce high level and data driven query operators for a wide spectrum of queries (SPJ); provide query closure; and finally apply security clearance to a query result. Much of the work was dictated by the status and low level capabilities of MongoDB; which were not always forthcoming. Nonetheless a proof of concept, even implement on a C sharp program to show security processing, is delivered within this work.