Incorporating security features in system design documents utilized for cloud-based databases

Abstract

Cloud-based systems are being increasingly deployed due to their numerous benefits. Yet, there is uneasiness amongst organizations opting for such systems mainly due to security concerns. Security and protection of cloud-database systems from unauthorized access present countless challenges but are indispensable to address. Although security features should be included in the initial stages of system design, sometimes they are overlooked and left to the later stages in the development lifecycle. The framework proposed in this paper tackles this lacuna by including security directives at the initial design stage. It allows database designers to adorn the application’s conceptual models namely entity structures, entity life history and data flow diagrams with security features. Discretionary and rolebased access control mechanisms are utilized as the main form of security since they can counteract a high portion of security threats. The proposed framework consists of the creation of a unique security profile for each tenant and his users and an analysis algorithm which assists in the detection of possible security pitfalls. Based on the system’s design data provided and security features encoded, this framework is then responsible for testing the overall design; for example, to ensure reachability and isolation of all database objects, functions and roles. Once the design, now supplemented with security features, is evaluated and deemed to be acceptable then SQL language constructs corresponding to the secure database design are generated. The framework is also useable when the cloud database goes live as any of the underlying security specifications can change during run-time, thus ensuring that security is always accounted for and manageable by developers and later on by the tenants themselves.