NoInjection: Preventing Unsafe Queries on NoSQL-Document-model Databases

NoInjection: Preventing Unsafe Queries on NoSQL-Document-model Databases

연구 분야: Databases

학회: 2022 2nd International Conference on Computing and Information Technology (ICCIT)

Cyber-attack has today become a habitual practice of remotely destroying computer systems across the globe. The behavior of these systems is solely controlled by data which is nowadays stored in NoSQL databases. As a result, numerous techniques were introduced to protect this data when it's in use and in transit while leaving the at rest part (databases) in the hands of novice programmers without any enforcements. The NoSQL-Injection problem emerged due to this flexibility where malicious queries that mimic the legal queries are appended together for possible execution. In this paper, a new method is introduced into the NoSQL design practice. This method utilizes the Asymmetric encryption algorithm, RSA in particular. Using this method, key pairs are generated and exchanged during the design. The database server decrypts the legal queries before effecting any changes. An experiment was conducted to assess the performance of the proposed method. The proposed method proved to be safe from NoSQLInjection attacks when compared with formal methods. Based on this, the proposed method has the aptitude to prevent the occurrence of NoSQLInjection attacks on NoSQL applications.