Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

TL;DR

This paper proposes a secure, hierarchical role-based access control system for cloud databases that uses homomorphic encryption to protect sensitive data and prevent privilege escalation and SQL injection.

Contribution

It introduces a novel role-based access control framework with homomorphic encryption for secure data management in untrusted cloud environments.

Findings

Protects data confidentiality and integrity using homomorphic encryption.

Prevents privilege escalation and SQL injection attacks.

Manages role hierarchy and session security effectively.

Abstract

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.