Design And Implementation Of Security Audit System For NoSQL

Security audit is an important feature for database security. It is widely used in relational databases. For example, Oracle 9i and above versions provide users with audit.The audit module can monitor and record users’ operations on the database. With the rapid development of Internet, the size of data grows every day, which makes relational databases unable to process big data. Non-relational databases have dramatically risen in popularity.These databases are commonly known as NoSQL. NoSQL databases provide us with highly available and highly scalable data storage solutions. But these databases are not initially designed with considering security as an important feature. Consumers have to protect these databases themselves by using third party tools and services. Data security is probably one of the most difficult challenges faced by NoSQL databases. Therefore, it is necessary to design a security audit system for NoSQL databases.This paper analyzes the traditional audit technology and database security control technology. Then we propose an audit model based on Aspect Oriented Programming. This model can separate the audit module from database operations. It can cover all kinds of database operations. Hook function will be executed when a specific event occurs. The implementation of audit method is based on the location where we can get audit data.According to the characteristics of big data, we design general audit rules. Audit rules are divided into two parts, namely audit level and audit condition. Audit level contains coarse-grained audit, fine-grained audit and data audit. Audit condition contains table condition, CURD condition and data condition. Administrator can select appropriate security level according to the safety requirements.In this paper, we analyze general architecture and security mechanism of one of the most popular NoSQL databases, HBase. In our security audit system, according to the working location of coprocessor, we define audit aspect by combination of RegionObserver and MasterObserverer. We define a series of hook functions in this aspect. The results show that the security audit system works well. The system also support combination of audit level and audit condition, which reflects the flexibility of the audit policy.