This Article 
 Bibliographic References 
 Add to: 
Securing Database as a Service: Issues and Compromises
November/December 2011 (vol. 9 no. 6)
pp. 49-55
Joel Weis, University of Idaho
Jim Alves-Foss, University of Idaho
Database-as-a-service is one of many services being marketed as part of cloud computing. It has several major issues and concerns related to security, including data security, trust, expectations, regulations, and performance issues. Proposed resolutions include risk management and better contractual agreements, while solutions include database encryption and authenticity techniques. Other cloud computing issues include hardware security concerns and the balance of trust and risk.

1. R. Sion, "Query Execution Assurance for Outsourced Databases," Proc. 31st Int'l Conf. Very Large Data Bases (VLDB 05), VLDB Endowment, 2005, pp. 601–612.
2. W. Lehner and K.-U. Sattler, "Database as a Service (DBaaS)," IEEE 26th Int'l Conf. Data Engineering (ICDE 10), IEEE CS Press, 2010, pp. 1216–1217.
3. D. Agrawal et al., "Database Management as a Service: Challenges and Opportunities," IEEE 25th Int'l Conf. Data Engineering (ICDE 09), IEEE CS Press, 2009, pp. 1709–1716.
4. M. Armbrust et al., "A View of Cloud Computing," Comm. ACM, vol. 53, no. 4, 2010, pp. 50–58.
5. E. Ferrari, "Database as a Service: Challenges and Solutions for Privacy and Security," IEEE Asia-Pacific Services Computing Conf. (APSCC 09), IEEE CS Press, 2009, pp. 46–51.
6. S. de Capitani di Vimercati et al., "Encryption Policies for Regulating Access to Outsourced Data," ACM Trans. Database Systems, vol. 35, no. 2, article 12, 2010.
7. H. Hacigumus et al., "Executing SQL over Encrypted Data in the Database-Service-Provider Model," Proc. ACM SIGMOD Int'l Conf. Management of Data (SIGMOD 02), ACM Press, 2002, pp. 216–227.
8. H. Hacigumus, B. Iyer, and S. Mehrotra, "Providing Database as a Service," Proc. 18th Int'l Conf. Data Engineering (ICDE 02), IEEE CS Press, 2002, pp. 29–38.
9. J. Hu and A. Klein, "A Benchmark of Transparent Data Encryption for Migration of Web Applications in the Cloud," Proc. 8th IEEE Int'l Conf. Dependable, Autonomic, and Secure Computing (DASC 09), IEEE CS Press, 2009, pp. 735–740.
10. E. Shmueli et al., "Database Encryption: An Overview of Contemporary Challenges and Design Considerations," SIGMOD Record, vol. 38, no. 3, 2010, pp. 29–34.
11. F. Chang et al., "Bigtable: A Distributed Storage System for Structured Data," ACM Trans. Computing Systems, vol. 26, no. 2, article 4, 2008.
12. R. Chow et al., "Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control," Proc. ACM Workshop Cloud Computing Security (CCSW 09), ACM Press, 2009, pp. 85–90.
13. L.J. Sotto, B.C. Treacy, and M.L. McLellan, "Privacy and Data Security Risks in Cloud Computing," 15 Electronic Commerce & Law Report, BNA, 3 Feb. 2010, pp. 186–188.
14. M. Jensen et al., "On Technical Security Issues in Cloud Computing," IEEE Int'l Conf. Cloud Computing, IEEE CS Press, 2009, pp. 109–116.
15. B.R. Kandukuri, R. Paturi V, and A. Rakshit, "Cloud Security Issues," IEEE Int'l Conf. Services Computing (SCC 09), IEEE CS Press, 2009, pp. 517–520.

Index Terms:
Database-as-a-service, database security, cloud computing
Joel Weis, Jim Alves-Foss, "Securing Database as a Service: Issues and Compromises," IEEE Security & Privacy, vol. 9, no. 6, pp. 49-55, Nov.-Dec. 2011, doi:10.1109/MSP.2011.127
Usage of this product signifies your acceptance of the Terms of Use.