IEEE Access (Jan 2021)
Privacy-Breaching Patterns in NoSQL Databases
Abstract
NoSQL databases disrupted the database market when first introduced. Their contemporary relevance has increased further in the era of big data due to the demands placed on (real-time) analytics. NoSQL databases are well placed to meet these demands due to their performance, availability, scalability, and storage solutions. Unfortunately, to achieve these features, compromises have been made with respect to security and privacy. Growing community awareness and unease combined with increased legislative requirements around data privacy have made such compromises less palatable, risky, or downright unacceptable. And though there is a growing body of knowledge related to data privacy in NoSQL databases, it is diverse and fragmented, and does not adequately address the challenges arising from the current environment. This paper aims to systematically examine various privacy weaknesses of NoSQL databases in the form of patterns. The patterns are shown to manifest themselves in well-known NoSQL databases and this evaluation can be used for benchmarking purposes. Through a survey it is demonstrated that the patterns have been observed in practice and are perceived as relevant. The pattern collection forms a repository of knowledge that can serve as a starting point for future privacy-related research for NoSQL databases through its identification of key problems, trade-offs, existing solution mechanisms, and its provision of terminology.
Keywords