NoInjection: Preventing Unsafe Queries on NoSQL-Document-model Databases

Imam, A.A. and Basri, S. and Gonzalez-Aparicio, M.T. and Balogun, A.O. and Kumar, G. (2022) NoInjection: Preventing Unsafe Queries on NoSQL-Document-model Databases. In: UNSPECIFIED.

Full text not available from this repository.
Official URL: https://www.scopus.com/inward/record.uri?eid=2-s2....

Abstract

Cyber-Attack has today become a habitual practice of remotely destroying computer systems across the globe. The behavior of these systems is solely controlled by data which is nowadays stored in NoSQL databases. As a result, numerous techniques were introduced to protect this data when it's in use and in transit while leaving the at rest part (databases) in the hands of novice programmers without any enforcements. The NoSQL-Injection problem emerged due to this flexibility where malicious queries that mimic the legal queries are appended together for possible execution. In this paper, a new method is introduced into the NoSQL design practice. This method utilizes the Asymmetric encryption algorithm, RSA in particular. Using this method, key pairs are generated and exchanged during the design. The database server decrypts the legal queries before effecting any changes. An experiment was conducted to assess the performance of the proposed method. The proposed method proved to be safe from NoSQLInjection attacks when compared with formal methods. Based on this, the proposed method has the aptitude to prevent the occurrence of NoSQLInjection attacks on NoSQL applications. © 2022 IEEE.

Item Type: Conference or Workshop Item (UNSPECIFIED)
Impact Factor: cited By 0
Uncontrolled Keywords: Computer crime; Cryptography; Formal methods; Network security; Query languages, Asymmetric encryption; At rests; Cyber-attacks; Design practice; Document modeling; Injection problems; Legal queries; NoSQL-injection; Novice programmer; Unsafe-query, Crime
Depositing User: Mr Ahmad Suhairi Mohamed Lazim
Date Deposited: 12 Sep 2022 08:19
Last Modified: 12 Sep 2022 08:19
URI: http://scholars.utp.edu.my/id/eprint/33768

Actions (login required)

View Item
View Item