A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database

A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database

MongoDB as a NoSQL database management system is relatively new on the database market and it is used in many important projects and products. Security analysis for MongoDB revealed that it doesn’t provide any facilities for auditing actions performed in the database. Recently, MongoDB company tried...

Full description

Saved in:
Bibliographic Details
Main Author: Mohamed, Hany Heidar Hussein
Format: Thesis
Language:eng
eng
Published: 2015
Subjects:
T58.5-58.64 Information technology
Online Access:https://etd.uum.edu.my/4513/1/s815600.pdf
https://etd.uum.edu.my/4513/2/s815600_abstract.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-uum-etd.4513
record_format uketd_dc
institution Universiti Utara Malaysia
collection UUM ETD
language eng
eng
advisor Mahmuddin, Massudi
topic T58.5-58.64 Information technology
T58.5-58.64 Information technology
spellingShingle T58.5-58.64 Information technology
T58.5-58.64 Information technology
Mohamed, Hany Heidar Hussein
A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
description MongoDB as a NoSQL database management system is relatively new on the database market and it is used in many important projects and products. Security analysis for MongoDB revealed that it doesn’t provide any facilities for auditing actions performed in the database. Recently, MongoDB company tried to rectify the auditing gap by providing MongoDB new enterprise version 2.6 (8th of April 2014). The auditing system logs operations information including; schema data definition language operations and operations related to replica set in addition to operations of authentication and authorization, and eventually general operations. But unfortunately still cannot record Data Manipulation Language (DML). Thus, this study aims to improve the auditing functionality in MongoDB by presenting a new mechanism for auditing NoSQL MongoDB database to include Data Manipulation Language (DML)/ CRUD (Create, Read, Update and delete) operations.
format Thesis
qualification_name masters
qualification_level Master's degree
author Mohamed, Hany Heidar Hussein
author_facet Mohamed, Hany Heidar Hussein
author_sort Mohamed, Hany Heidar Hussein
title A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
title_short A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
title_full A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
title_fullStr A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
title_full_unstemmed A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database
title_sort new auditing mechanism for open source nosql database a case study on open source mongodb database
granting_institution Universiti Utara Malaysia
granting_department Awang Had Salleh Graduate School of Arts & Sciences
publishDate 2015
url https://etd.uum.edu.my/4513/1/s815600.pdf
https://etd.uum.edu.my/4513/2/s815600_abstract.pdf
_version_ 1747827750297665536
spelling my-uum-etd.45132021-04-04T07:42:22Z A new auditing mechanism for open source NoSQL database a case study on open source MongoDB database 2015 Mohamed, Hany Heidar Hussein Mahmuddin, Massudi Awang Had Salleh Graduate School of Arts & Sciences Awang Had Salleh Graduate School of Arts & Sciences T58.5-58.64 Information technology QA75 Electronic computers. Computer science MongoDB as a NoSQL database management system is relatively new on the database market and it is used in many important projects and products. Security analysis for MongoDB revealed that it doesn’t provide any facilities for auditing actions performed in the database. Recently, MongoDB company tried to rectify the auditing gap by providing MongoDB new enterprise version 2.6 (8th of April 2014). The auditing system logs operations information including; schema data definition language operations and operations related to replica set in addition to operations of authentication and authorization, and eventually general operations. But unfortunately still cannot record Data Manipulation Language (DML). Thus, this study aims to improve the auditing functionality in MongoDB by presenting a new mechanism for auditing NoSQL MongoDB database to include Data Manipulation Language (DML)/ CRUD (Create, Read, Update and delete) operations. 2015 Thesis https://etd.uum.edu.my/4513/ https://etd.uum.edu.my/4513/1/s815600.pdf text eng public https://etd.uum.edu.my/4513/2/s815600_abstract.pdf text eng public http://sierra.uum.edu.my/record=b1263032~S1 masters masters Universiti Utara Malaysia Apache CouchDB. (2014).Retrieved 12 March, 2014 from Apache CouchDB: http://couchdb.apache.org/. Apache HBase. (2014). HBase - Apache HBase™ Home. Retrieved 12 March, 2014 from http://hbase.apache.org. Boicea, A., Radulescu, F., & Agapin, L. I. (2012). MongoDB vs Oracle-Database Comparison. 2012 Third International Conference on Emerging Intelligent Data and Web Technologies (EIDWT) (pp. 330-335). Bonnet, L., Laurent, A., Sala, M., Laurent, B., & Sicard, N. (2011). Reduce, you say: What nosql can do for data aggregation and bi in large repositories. In Database and Expert Systems Applications (DEXA), 2011 22nd International Workshop on (pp. 483-488). IEEE. Buerli, M., & Obispo, C. P. S. L. (2012). The Current State of Graph Databases. Retrieved 7 May, 2014 from http://www.cs.utexas.edu: http://www.cs.utexas. edu~cannata/dbms/Class%20Notes/09%20Graph_Data bases_Survey.pdf. Couchbase Server the NoSQL document database. (2014). Couchbase Server Distributed, Non-Relational Database Couchbase. Retrieved from http://www.couchbase.com/couch base-server/overview. Dean, J., & Ghemawat, S. (2010). MapReduce: a flexible data processing tool. Communications of the ACM, 53(1), 72-77. Ezumalai, R., & Aghila, G. (2009). Combinatorial approach for preventing SQL Injection attacks. In Advance Computing Conference, 2009. IACC 2009. IEEE International (pp. 1212-1217). IEEE. Geer, D. (2005). Malicious bots threaten network security. Computer, 38(1), 18-20. Dijcks, J. P. (2012). Oracle: Big data for the enterprise. Oracle White Paper. Gantz, J., & Reinsel, D. (2012). The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the Far East. IDC iView: IDC Analyze the Future. Retrieved 12 March, 2014 from www.emc.com: http://www.emc.com/collateral/analyst-reports/ idc-the-digital-universe-in-2020.pdf. Ghemawat, S., Gobioff, H., & Leung, S. T. (2003). The Google file system. In ACM SIGOPS Operating Systems Review (Vol. 37, No. 5, pp. 29-43). ACM. Grolinger, K., Higashino, W. A., Tiwari, A., & Capretz, M. A. (2013). Data management in cloud environments: NoSQL and NewSQL data stores. Journal of Cloud Computing: Advances, Systems and Applications, (2), 2-22. Hecht, R., & Jablonski, S. (2011). NoSQL Evaluation. International Conference on Cloud and Service Computing, (pp. 337-341). Hsu, W. C., Huang, J. Y., Chen, C. H., Su, C. Y., Shih, H. C., Liao, T. Y., & Liao, I. E. (2013). A cloud service for the evaluation of company's financial health using XBRL-based financial statements. In Big Data, 2013 IEEE International Conference on (pp. 10-14). IEEE. Kadebu, P., & Mapanga, I. (2014). A Security Requirements Perspective towards a Secured NOSQL Database Environment. International Conference of Advance Research and Innovation (ICARI-2014), (3), 472-480. Kanade, A., Gopal, A., & Kanade, S. (2014, February). A study of normalization and embedding in MongoDB. In Advance Computing Conference (IACC), 2014 IEEE International (pp. 416-421). IEEE. Kanade, A. S., Gopal, A., & Kanade, S. (2013). Cloud Based Databases-A Changing Trend. International Journal of Management, IT and Engineering, 3(7), 273-287. Lawrence, R. (2014). Integration and Virtualization of Relational SQL and NoSQL Systems Including MySQL and MongoDB. In Computational Science and Computational Intelligence (CSCI), 2014 International Conference on (Vol. 1, pp. 285-290). IEEE. Li, Y., & Manoharan, S. (2013). A performance comparison of SQL and NoSQL databases. In Communications, Computers and Signal Processing (PACRIM), 2013 IEEE Pacific Rim Conference on (pp. 15-19). IEEE. Liang, J., & Mizuno, O. (2011). Analyzing Involvements of Reviewers Through Mining A Code Review Repository. In Software Measurement, 2011 Joint Conference of the 21st Int'l Workshop on and 6th Int'l Conference on Software Process and Product Measurement (IWSM-MENSURA) (pp. 126-132). IEEE. Liu, L., & Huang, Q. (2009). A framework for database auditing. In Computer Sciences and Convergence Information Technology, 2009. ICCIT'09. Fourth International Conference on (pp. 982-986). IEEE. Liu, Y., Wang, Y., & Jin, Y. (2012). Research on the improvement of MongoDB Auto-Sharding in cloud environment. In Computer Science & Education (ICCSE), 2012 7th International Conference on (pp. 851-854). IEEE. Manyika, J., Chui, M., Brown, B., Bughin, J., Dobbs, R., Roxburgh, C., & Byers, A. H. (2011). Big data: The next frontier for innovation, competition, and productivity. Retrieved from http://www.mckinsey.com/insights/business_techno logy/big_data_the_next_frontier_for_innovation. Mapanga, I., & Kadebu, P. (2013). Database Management Systems: A NoSQL Analysis. International journal of Modern Communication Technologies and Research, 1(7), 12-18. Mohamed, M.A., Altrafi, O.G., & Ismail, M. O. (2014). Realtional vs. NoSQL A survey. International Journal of Computer and Information Technology, 3(3), 589-601. MongoDB. (2014). Retrieved 1 March, 2014 from http://www.mongodb.org/. Mullins, C. S. Retrieved 9 May, 2014 from www.oowidgets.com: http://www.oowidgets.com/Database%20Auditing%20 Essentials.pdf. Murugesan, P., & Ray, I. (2014). Audit Log Management in MongoDB. In Services (SERVICES), 2014 IEEE World Congress on (pp. 53-57). IEEE. Narde, R. (2013). A Comparison of NoSQL systems (Doctoral dissertation, Rochester Institute of Technology). Neo4j. (2014). Neo4j - The World's Leading Graph Database. Retrieved 12 March, 2014 from http://www.neo4j.org/. Ohlhorst, F. J. (2012). Big data analytics: turning big data into big money. John Wiley & Sons. Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., & Abramov, J. (2011). Security issues in nosql databases. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on (pp. 541-547). IEEE. Pavlenko, D. (2014). MongoDB Audit Logging or How to Log Data Changes Using MongoDB. Retrieved 12 March, 2014 from sysgears.com: http://sysgears.com/articles/mongodb-audit-logg ing-or-how-log-datachanges-using-mongodb/. PCI Security Standards Council. (2010). Payment card industry (pci) data security standard–requirements and security assessment pro-cedures version 2. 0. Wakefield, MA, USA: Author. Retrieved 17 March, 2014 from: https://www.pcisecuritystandards.org/documents/ pcidss v2.pdf. Pozzani, G. (2013). Introduction to NoSQL. Retrieved 21 March, 2014 from profs.sci.univr.it:http://profs.sci.univr.it/~ pozzani/Materiale/nosql/01%20-%20introduction. pdf. Stonebraker, M., Madden, S., Abadi, D. J., Harizopoulos, S., Hachem, N., & Helland, P. (2007). The end of an architectural era: (it’s time for a complete rewrite). In Proceedings of the 33rd international conference on Very large data bases (pp. 1150-1160). VLDB Endowment. Rutishauser, N. (2012). TPC-H applied to MongoDB: How a NoSQL database performs. Retreived 21 March,2014 from www.ifi.uzh.ch: http://www.ifi.uzh.ch/dbtg/teaching/thesesarch/ VertiefungRutishauser.pdf. Truică, C. O., Boicea, A., & Trifan, I. (2013). CRUD Operations in MongoDB. Paper presented at the International Conference on Advanced Computer Science and Electronics Information (ICACSEI 2013). (pp. 347-250). White, T. (2009). Hadoop: The Definitive Guide. O’Reilly Media, Inc. Tudorica, B. G., & Bucur, C. (2011). A comparison between several NoSQL databases with comments and notes. In Roedunet International Conference (RoEduNet), 2011 10th (pp. 1-5). IEEE. US Department of Health and Human Services. (2013). The Health Insurance Portability and Accountability Act of 1996: health information privacy. US Department of Health and Human Services website. Retrieved 30 July, 2013. from:http://www.hhs.gov/ocr/privacy/ Valley Programming. (2014). Big data datasets (large dataset examples) Boulder, Colorado. Retrieved 21 March, 2014, from www.valleyprogram ming.com: http://www.valleyprogramming.com/blog/ big-data-datasets-large-examplesboulder-colorado -hadoop-mongodb. Van der Veen, J. S., Van der Waaij, B., & Meijer, R. J. (2012). Sensor data storage performance: Sql or nosql, physical or virtual. In Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on (pp. 431-438). IEEE. Venable, J. & Kuechler B, (2006), The Role of Theory and Theorising in Design Science Research, First International Conference on Design Science Research in Information Systems and Technology, Claremont, California, pp. 1-18. Wisseman, S., Wilson, B., & Wichers, D. (1996). Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria. Diane Publishing Co. Zagarese, Q., Canfora, G., Zimeo, E., & Baude, F. (2012). Enabling advanced loading strategies for data intensive web services. In Web Services (ICWS), 2012 IEEE 19th International Conference on (pp. 480-487). IEEE.

Similar Items