{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,25]],"date-time":"2025-11-25T14:08:17Z","timestamp":1764079697687,"version":"3.37.3"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2021,7,13]],"date-time":"2021-07-13T00:00:00Z","timestamp":1626134400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,7,13]],"date-time":"2021-07-13T00:00:00Z","timestamp":1626134400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Knowl Inf Syst"],"published-print":{"date-parts":[[2021,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>NoSQL technologies have become a common component in many information systems and software applications. These technologies are focused on performance, enabling scalable processing of large volumes of structured and unstructured data. Unfortunately, most developments over NoSQL technologies consider security as an afterthought, putting at risk personal data of individuals and potentially causing severe economic loses as well as reputation crisis. In order to avoid these situations, companies require an approach that introduces security mechanisms into their systems without scrapping already in-place solutions to restart all over again the design process. Therefore, in this paper we propose the first modernization approach for introducing security in NoSQL databases, focusing on access control and thereby improving the security of their associated information systems and applications. Our approach analyzes the existing NoSQL solution of the organization, using a domain ontology to detect sensitive information and creating a conceptual model of the database. Together with this model, a series of security issues related to access control are listed, allowing database designers to identify the security mechanisms that must be incorporated into their existing solution. For each security issue, our approach automatically generates a proposed solution, consisting of a combination of privilege modifications, new roles and views to improve access control. In order to test our approach, we apply our process to a medical database implemented using the popular document-oriented NoSQL database, MongoDB. The great advantages of our approach are that: (1) it takes into account the context of the system thanks to the introduction of domain ontologies, (2) it helps to avoid missing critical access control issues since the analysis is performed automatically, (3) it reduces the effort and costs of the modernization process thanks to the automated steps in the process, (4) it can be used with different NoSQL document-based technologies in a successful way by adjusting the metamodel, and (5) it is lined up with known standards, hence allowing the application of guidelines and best practices.<\/jats:p>","DOI":"10.1007\/s10115-021-01589-x","type":"journal-article","created":{"date-parts":[[2021,7,13]],"date-time":"2021-07-13T03:34:30Z","timestamp":1626147270000},"page":"2209-2230","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Improving security in NoSQL document databases through model-driven modernization"],"prefix":"10.1007","volume":"63","author":[{"given":"Alejandro","family":"Mat\u00e9","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1537-0218","authenticated-orcid":false,"given":"Jes\u00fas","family":"Peral","sequence":"additional","affiliation":[]},{"given":"Juan","family":"Trujillo","sequence":"additional","affiliation":[]},{"given":"Carlos","family":"Blanco","sequence":"additional","affiliation":[]},{"given":"Diego","family":"Garc\u00eda-Saiz","sequence":"additional","affiliation":[]},{"given":"Eduardo","family":"Fern\u00e1ndez-Medina","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,13]]},"reference":[{"key":"1589_CR1","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MC.2013.196","volume":"46","author":"K Michael","year":"2013","unstructured":"Michael K, Miller KW (2013) Big data: new opportunities and new challenges [guest editors\u2019 introduction]. Computer 46:22\u201324","journal-title":"Computer"},{"key":"1589_CR2","doi-asserted-by":"publisher","first-page":"1134","DOI":"10.1016\/j.telpol.2014.10.002","volume":"38","author":"N Kshetri","year":"2014","unstructured":"Kshetri N (2014) Big data\u2019 s impact on privacy, security and consumer welfare. Telecommun Policy 38:1134\u20131145","journal-title":"Telecommun Policy"},{"key":"1589_CR3","unstructured":"Thuraisingham B. Big data security and privacy. In: Proceedings of the 5th ACM conference on data and application security and privacy, pp 279\u2013280"},{"key":"1589_CR4","first-page":"15","volume":"2","author":"R Toshniwal","year":"2015","unstructured":"Toshniwal R, Dastidar KG, Nath A (2015) Big data security issues and challenges. Int J Innov Res Adv Eng 2:15\u201320","journal-title":"Int J Innov Res Adv Eng"},{"key":"1589_CR5","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1016\/j.procs.2015.04.091","volume":"50","author":"B Saraladevi","year":"2015","unstructured":"Saraladevi B, Pazhaniraja N, Paul PV, Basha MS, Dhavachelvan P (2015) Big data and hadoop\u2014a study in security perspective. Procedia Comput Sci 50:596\u2013601","journal-title":"Procedia Comput Sci"},{"key":"1589_CR6","doi-asserted-by":"crossref","unstructured":"Okman L, Gal-Oz N, Gonen Y, Gudes E, Abramov J (2011) Security issues in nosql databases. In: Proceedings of the 10th IEEE international conference on trust, security and privacy in computing and communications. IEEE, pp 541\u2013547","DOI":"10.1109\/TrustCom.2011.70"},{"key":"1589_CR7","unstructured":"RENCI\/NCDS, Security and privacy in the era of big data. White paper (2014)"},{"key":"1589_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10506-008-9067-3","volume":"17","author":"L Compagna","year":"2009","unstructured":"Compagna L, El Khoury P, Krausov\u00e1 A, Massacci F, Zannone N (2009) How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif Intell Law 17:1\u201330","journal-title":"Artif Intell Law"},{"key":"1589_CR9","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1016\/j.datak.2008.04.006","volume":"67","author":"RP van de Riet","year":"2008","unstructured":"van de Riet RP (2008) Twenty-five years of mokum: for 25 years of data and knowledge engineering: Correctness by design in relation to mde and correct protocols in cyberspace. Data Knowl Eng 67:293\u2013329","journal-title":"Data Knowl Eng"},{"key":"1589_CR10","unstructured":"Schmidt H, J\u00fcrjens J (2011) UMLsec4UML2-adopting UMLsec to support UML2. Technical report, Technische Universitat Dortmund, Department of Computer Science"},{"key":"1589_CR11","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/1125808.1125810","volume":"15","author":"D Basin","year":"2006","unstructured":"Basin D, Doser J, Lodderstedt T (2006) Model driven security: from uml models to access control infrastructures. ACM Trans Softw Eng Methodol 15:39\u201391","journal-title":"ACM Trans Softw Eng Methodol"},{"key":"1589_CR12","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1016\/S1353-4858(15)70009-7","volume":"2015","author":"G Lafuente","year":"2015","unstructured":"Lafuente G (2015) The big data security challenge. Netw Secur 2015:12\u201314","journal-title":"Netw Secur"},{"key":"1589_CR13","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1016\/j.ins.2014.09.036","volume":"318","author":"S-R Yan","year":"2015","unstructured":"Yan S-R, Zheng X-L, Wang Y, Song WW, Zhang W-Y (2015) A graph-based comprehensive reputation model: Exploiting the social context of opinions to enhance trust in social commerce. Inf Sci 318:51\u201372","journal-title":"Inf Sci"},{"key":"1589_CR14","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1016\/j.ins.2014.05.034","volume":"318","author":"G Wei","year":"2015","unstructured":"Wei G, Shao J, Xiang Y, Zhu P, Lu R (2015) Obtain confidentiality or\/and authenticity in big data by id-based generalized signcryption. Inf Sci 318:111\u2013122","journal-title":"Inf Sci"},{"key":"1589_CR15","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1016\/j.ins.2015.02.033","volume":"318","author":"S Hou","year":"2015","unstructured":"Hou S, Huang X, Liu JK, Li J, Xu L (2015) Universal designated verifier transitive signatures for graph-based big data. Inf Sci 318:144\u2013156","journal-title":"Inf Sci"},{"key":"1589_CR16","unstructured":"NIST, Nist big data interoperability framework: Volume 4, security and privacy, NIST Big Data Public Working Group (2017)"},{"key":"1589_CR17","unstructured":"O\u2019Malley O, Zhang K, Radia S, Marti R, Harrell C (2009) Hadoop security design. Technical report, Yahoo, Inc"},{"key":"1589_CR18","first-page":"042","volume":"6","author":"M Yuan","year":"2012","unstructured":"Yuan M (2012) Study of security mechanism based on hadoop. Inf Secur Commun Privacy 6:042","journal-title":"Inf Secur Commun Privacy"},{"key":"1589_CR19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-21569-3","volume-title":"New horizons for a data-driven economy: a roadmap for usage and exploitation of big data in Europe","author":"JM Cavanillas","year":"2016","unstructured":"Cavanillas JM, Curry E, Wahlster W (2016) New horizons for a data-driven economy: a roadmap for usage and exploitation of big data in Europe. Springer, Berlin"},{"key":"1589_CR20","unstructured":"Moreno J, Serrano MA, Fernandez-Medina E, Fernandez EB (2018) Towards a security reference architecture for big data. In: Proceedings of the 20th international workshop on design, optimization, languages and analytical processing of Big Data (DOLAP)"},{"key":"1589_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/jdm.2003070101","volume":"14","author":"R Weber","year":"2003","unstructured":"Weber R (2003) Conceptual modelling and ontology: possibilities and pitfalls. J Database Manag 14:1\u201320","journal-title":"J Database Manag"},{"key":"1589_CR22","doi-asserted-by":"crossref","unstructured":"Herre H (2010) General formal ontology (gfo): A foundational ontology for conceptual modelling. In: Theory and applications of ontology: computer applications. Springer, pp 297\u2013345","DOI":"10.1007\/978-90-481-8847-5_14"},{"key":"1589_CR23","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.is.2018.11.009","volume":"81","author":"M Verdonck","year":"2019","unstructured":"Verdonck M, Gailly F, Pergl R, Guizzardi G, Martins B, Pastor O (2019) Comparing traditional conceptual modeling with ontology-driven conceptual modeling: an empirical study. Inf Syst 81:92\u2013103","journal-title":"Inf Syst"},{"key":"1589_CR24","unstructured":"Object Rocket (2019) Get the Name of All Keys in a MongoDB Collection"},{"key":"1589_CR25","unstructured":"EU, Regulation (European Union) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation), Official Journal L 119, 04\/05\/2016, p 1\u201388, 2016"},{"key":"1589_CR26","unstructured":"EU, Directive 2002\/58\/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), Official Journal L 201, 31\/07\/2002, pp 37\u201347, 2002"},{"key":"1589_CR27","doi-asserted-by":"crossref","unstructured":"Strack B, DeShazo JP, Gennings C, Olmo JL, Ventura S, Cios KJ, Clore JN (2014) Impact of hba1c measurement on hospital readmission rates: analysis of 70,000 clinical database patient records. BioMed Res Int 2014:781670","DOI":"10.1155\/2014\/781670"},{"key":"1589_CR28","first-page":"795","volume":"41","author":"NC Smeeton","year":"1985","unstructured":"Smeeton NC (1985) Early history of the kappa statistic. Biometrics 41:795","journal-title":"Biometrics"}],"container-title":["Knowledge and Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10115-021-01589-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10115-021-01589-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10115-021-01589-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,30]],"date-time":"2021-10-30T09:07:30Z","timestamp":1635584850000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10115-021-01589-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,13]]},"references-count":28,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2021,8]]}},"alternative-id":["1589"],"URL":"https:\/\/doi.org\/10.1007\/s10115-021-01589-x","relation":{},"ISSN":["0219-1377","0219-3116"],"issn-type":[{"type":"print","value":"0219-1377"},{"type":"electronic","value":"0219-3116"}],"subject":[],"published":{"date-parts":[[2021,7,13]]},"assertion":[{"value":"30 October 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 June 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 June 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 July 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 October 2021","order":5,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Update","order":6,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Funding information updated.","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}]}}