Examining Security for Different Data Models*

Abstract

Efficient data storage and retrieval in many sectors led to the development of various modeling techniques such as relational model, Entity Attribute Value model and dynamic tables. The aim of this study is to classify the standard threats of the database according to the violation of security properties followed by the examination of different data models from their security viewpoint. A system is said to be secure if it follows three basic pillars of security i.e. confidentiality, integrity and availability. The current research analyses the security threats in database according to violation of basic pillars of security with detailed analysis of SQL injection attack for three data modeling techniques, namely relational model, Entity Attribute Value (EAV) model and dynamic tables. It presents a comparison of achieving security parameters by performing various experiments on the database stored in MySQL and proposes techniques for the application of mandatory access control in EAV model and dynamic table. After the rigorous survey and experiments performed, it has been found that EAV model is still not a completely secured model. The data leakage in EAV model is more and the application of security properties is relatively more complex than relational model and dynamic tables. Researches have been conducted in the past on these models but very few of them have discussed the security concerns of EAV model and dynamic tables. This paper tries to compare various data models based on security concerns and highlights the security issues in EAV model.