NoInjection: Preventing Unsafe Queries on NoSQL-Document-model Databases

Cyber-Attack has today become a habitual practice of remotely destroying computer systems across the globe. The behavior of these systems is solely controlled by data which is nowadays stored in NoSQL databases. As a result, numerous techniques were introduced to protect this data when it's in...

Full description

Saved in:
Bibliographic Details
Main Authors: Imam, A.A., Basri, S., Gonzalez-Aparicio, M.T., Balogun, A.O., Kumar, G.
Format: ["eprint_typename_conference\_item" not defined]
Published: Institute of Electrical and Electronics Engineers Inc. 2022
Online Access:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85126766686&doi=10.1109%2fICCIT52419.2022.9711654&partnerID=40&md5=34999ba2d11fd6ec85ec9d7b8de19349
http://eprints.utp.edu.my/33291/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Petronas
Description
Summary:Cyber-Attack has today become a habitual practice of remotely destroying computer systems across the globe. The behavior of these systems is solely controlled by data which is nowadays stored in NoSQL databases. As a result, numerous techniques were introduced to protect this data when it's in use and in transit while leaving the at rest part (databases) in the hands of novice programmers without any enforcements. The NoSQL-Injection problem emerged due to this flexibility where malicious queries that mimic the legal queries are appended together for possible execution. In this paper, a new method is introduced into the NoSQL design practice. This method utilizes the Asymmetric encryption algorithm, RSA in particular. Using this method, key pairs are generated and exchanged during the design. The database server decrypts the legal queries before effecting any changes. An experiment was conducted to assess the performance of the proposed method. The proposed method proved to be safe from NoSQLInjection attacks when compared with formal methods. Based on this, the proposed method has the aptitude to prevent the occurrence of NoSQLInjection attacks on NoSQL applications. © 2022 IEEE.