SQLIIDaaS: A SQL Injection Intrusion Detection Framework as a Service for SaaS Providers

Recently, we are attending to the proliferation of Cloud Computing (CC) as the new trending internet-based-Platform. Thanks to the outsourcing paradigm, CC is enabling many services. Software as a Service (SaaS) is one of those cloud-based-services. Indeed, SaaS model allows providers to reduce the cost of maintenance and management by transferring traditional on premise deployment to public Cloud. Clients can subscribe, in self-service, to SaaS services based on a pay-per-use model. However, since user data are outsourced to the Cloud, serious security breaches are rising and could harm the reputation of providers and slow down the subscription of clients. SQL injection attack (SQLIA) is one of the most critical SaaS vulnerabilities that allows attackers to violate the availability, confidentiality and integrity of user data. In this paper, we propose SQL injection intrusion detection framework as a service for SaaS providers, SQLIIDaaS, which allows a SaaS provider to detect SQLIAs targeting several SaaS applications without reading, analyzing or modifying the source code. To achieve SQL query/HTTP request mapping, we propose an event correlation based on the similarity between literals in SQL queries and parameters in HTTP requests. SQLIIDaaS is integrated and validated in Amazon Web Services (AWS). A SaaS provider can subscribe to this framework and launch its own set of virtual machines, which holds on-demand self-service, resource pooling, rapid elasticity, and measured service properties.