An automata based approach for the prevention of NOSQL injections
Publication Type:Journal Article
Source:Communications in Computer and Information Science, Springer Verlag, Volume 536, p.538-546 (2015)
Keywords:Application development, Automata theory, Automaton, Big data, Digital storage, Effective performance, MongoDB, Network security, Non-Relational Databases, Prevention techniques, Relational Database, Storage and retrievals
The eminent web-applications of today are data-intensive. The data generated is of the order of petabytes and zetabytes. Using relational databases for storing them only complicates the storage and retrieval in the DB and degradation of its performance. The big data explosion demanded the need for a more flexible, high-performance storage concept the NoSQL movement. The NoSQL databases were designed to overcome the flaws of the relational databases including the security aspects. The effective performance and efficient storage criteria were satisfied by the non-relational databases. The attackers, as usual found their way into the NoSQL databases that were considered to be secure. The injection attacks, one of the top-listed attack type of the relational databases poses threat to the non-relational databases as well. MongoDB is one of the prominent NoSQL databases to which the application development trends are shifting. In this paper, we present the different injection attacks on the leading NoSQL database and an automata based detection and prevention technique for this attack. We also evaluate the effectiveness on different subjects with a number of legitimate as well as illegitimate inputs. Our results show that our approach was able to detect all the attacks. © Springer International Publishing Switzerland 2015.
cited By 0; Conference of 3rd International Symposium on Security in Computing and Communications, SSCC 2015 ; Conference Date: 10 August 2015 Through 13 August 2015
Cite this Research Publication
Related Research Publications
- Enhancement of data level security in mongoDB
- Security maturity in NoSQL databases- Are they secure enough to haul the modern IT applications?
- A low overhead prevention of android web view abuse attacks
- Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability
- Secure authentication in multimodal biometric systems using cryptographic hash functions