Securing Databases in the Cloud with RBAC and Encryption Best Practices
DOI:
https://doi.org/10.63282/3050-922X.IJERET-V3I3P117Keywords:
Cloud Security, Database Encryption, Role-Based Access Control (RBAC), Data Privacy, Access Management, Cloud Computing, Information AssuranceAbstract
The protection of databases that are hosted in cloud facilities, remains an issue that trends within cybersecurity discourse. Secure cloud database management systems face risks of unauthorized access and data leakage, sometimes due to negligent insider threats. Moreover, cloud service providers' compliance with regulatory requirements has become a matter of increasing concern for attestation of security of stored data (Elsayyad et al., 2020). In order to ensure that user privacy is respected and data utility is not compromised as organizations migrate critical information to cloud platforms, confidentiality, integrity, and availability should be observed judiciously (SAXENA & HALDER, 2021). In particular, this paper is interested in the ways in which Role-Based Access Control (RBAC) and cryptography theme through encryption techniques can correspond to one another to fight off the most intractable cyber intrusions to cloud databases. Role-based access control (RBAC) enables administrators to regulate the extent of access to data according to the clear-cut definitions of user roles, thereby guaranteeing that data privacy is maintained, and at the same time data integrity is shared and updated securely. On the other hand, encryption safeguards data that is stored in normal modes of operation and is made available across secure communication channels, by allowing only legitimate users to decrypt and obtain data in a human-readable form (Chen et al., 2020). This study scrutinizes how the employment of RBAC in concert with reliable cryptography standards, such as AES for symmetric encryption and TLS for secured data transfer, may reduce vulnerabilities arising from data leakage and increase protective obligations towards data subjects defined by regulations like GDPR and HIPAA.
References
[1] Zhou, Lan, Vijay Varadharajan, and Michael Hitchens. "Achieving secure role-based access control on encrypted data in cloud storage." IEEE transactions on information forensics and security 8.12 (2013): 1947-1960.
[2] Ghafoorian, Mahdi, Dariush Abbasinezhad-Mood, and Hassan Shakeri. "A thorough trust and reputation based RBAC model for secure data storage in the cloud." IEEE Transactions on Parallel and Distributed Systems 30.4 (2018): 778-788.
[3] Muppaneni, Kavya. “Cross-Browser Debugging Strategies”. American International Journal of Computer Science and Technology, vol. 3, no. 5, Sept. 2021, pp. 25-3
[4] Khalaf, Emad F., and Mustafa M. Kadi. "A survey of access control and data encryption for database security." Journal of King Abdulaziz University 28.1 (2017): 19-30.
[5] Garrison, William C., et al. "On the practicality of cryptographically enforcing dynamic access control policies in the cloud." 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 2016.
[6] Parakala, Adityamallikarjunkumar. "Building Analytics-Driven Bots: RPA Meets Business Intelligence." International Journal of Emerging Research in Engineering and Technology 2.1 (2021): 77-87.
[7] Mahmood, Ghassan Sabeeh, Dong Jun Huang, and Baidaa Abdulrahman Jaleel. "A Secure Cloud Computing System by Using Encryption and Access Control Model." Journal of Information Processing Systems 15.3 (2019).
[8] Tanya, Bhattacharya, and Chatterjee Rahul. "Data at Rest, Data at Risk: Evaluating Encryption and Access Control Mechanisms in Cloud Storage Systems." International Journal of Trend in Scientific Research and Development 3.6 (2019): 1462-1478.
[9] Suryadevara, Siva Sai Krishna. “Generative AI–Powered Authoring Assistant for Enterprise Content Management”. International Journal of Artificial Intelligence, Data Science, and Machine Learning, vol. 2, no. 2, June 2021, pp. 103-1
[10] Ademilua, David Adetunji. "Cloud Security in the Era of Big Data and IoT: A Review of Emerging Risks and Protective Technologies." Communication In Physical Sciences 7.4 (2021): 590-604.
[11] UZOKA, ABEL CHUKWUEMEKE, et al. "Advances in Cloud Security Practices Using IAM, Encryption, and Compliance Automation." Iconic Research and Engineering Journals 5.5 (2021): 432-456.
[12] Rao, K. Rajesh, et al. "R-PEKS: RBAC enabled PEKS for secure access of cloud data." IEEE Access 7 (2019): 133274-133289.
[13] Gaddam, Rohit Reddy. “Hermetic ML Environments Using Conda-Lock and Docker”. American International Journal of Computer Science and Technology, vol. 3, no. 4, July 2021, pp. 22-34
[14] Enjam, Gowtham Reddy. "Data Privacy & Encryption Practices in Cloud-Based Guidewire Deployments." International Journal of AI, BigData, Computational and Management Studies 2.3 (2021): 64-73.
[15] Muppaneni, Rajarshi Krishna. “How Enterprises Are Achieving 360° Customer Views With Dynamics 365”. International Journal of AI, BigData, Computational and Management Studies, vol. 2, no. 2, June 2021, pp. 129-38
[16] Bokefode, Jayant D., et al. "Developing a secure cloud storage system for storing IoT data by applying role based encryption." Procedia Computer Science 89 (2016): 43-50.
[17] Parakala, Adityamallikarjunkumar, and Aaron Bell. "How Citizen Developers Changed the Game." American International Journal of Computer Science and Technology 3.5 (2021): 14-24.
[18] Zhu, Yan, et al. "From RBAC to ABAC: constructing flexible data access control for cloud storage services." IEEE Transactions on Services Computing 8.4 (2014): 601-616.
[19] Shiramalla, Rupesh, and Bhavitha Guntupalli. "Cost-Effective Softphone Integration in CRM Platforms Using RESTful APIs: A Salesforce Case Study for Voice-to-Text Sales Enablement." International Journal of Emerging Trends in Computer Science and Information Technology 2.1 (2021): 101-114.
[20] Kumar Doodala, Appala Nooka. “Intelligent EOB ERA Generation and Validation Framework on Legacy Systems Like Mainframes”. International Journal of Emerging Research in Engineering and Technology, vol. 2, no. 1, Mar. 2021, pp. 111-2.
[21] Enjam, Gowtham Reddy, and Sandeep Channapura Chandragowda. "Role-Based Access and Encryption in Multi-Tenant Insurance Architectures." International Journal of Emerging Trends in Computer Science and Information Technology 1.4 (2020): 58-66.
[22] Talib, Amir Mohamed. "Ensuring security, confidentiality and fine-grained data access control of cloud data storage implementation environment." Journal of Information Security 6.02 (2015): 118.
[23] Katangoori, Sivadeep, and Anudeep Katangoori. “AI-Augmented Data Governance: Enabling Intelligent Access, Lineage, and Compliance Across Hybrid Clouds”. American Journal of Autonomous Systems and Robotics Engineering, vol. 1, Nov. 2021, pp. 716-38
[24] Pérez, Juan M. Marín, Gregorio Martínez Pérez, and Antonio F. Skarmeta Gomez. "SecRBAC: Secure data in the Clouds." IEEE Transactions on Services Computing 10.5 (2016): 726-740.
