ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Balancing confidentiality and efficiency in untrusted relational DBMSs
Full text PdfPdf (301 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 10th ACM conference on Computer and communications security table of contents
Washington D.C., USA
SESSION: Access control table of contents
Pages: 93 - 102  
Year of Publication: 2003
ISBN:1-58113-738-9
Authors
Ernesto Damiani  DTI - Università di Milano, Crema - Italy
S. De Capitani Vimercati  DTI - Università di Milano, Crema - Italy
Sushil Jajodia  George Mason University, Fairfax, VA
Stefano Paraboschi  DIGI - Università di Bergamo, Dalmine - Italy
Pierangela Samarati  DTI - Università di Milano, Crema - Italy
Sponsor
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 117,   Citation Count: 19
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/948109.948124
What is a DOI?

ABSTRACT

The scope and character of today's computing environments are progressively shifting from traditional, one-on-one client-server interaction to the new cooperative paradigm. It then becomes of primary importance to provide means of protecting the secrecy of the information, while guaranteeing its availability to legitimate clients. Operating on-line querying services securely on open networks is very difficult; therefore many enterprises outsource their data center operations to external application service providers. A promising direction towards prevention of unauthorized access to outsourced data is represented by encryption. However, data encryption is often supported for the sole purpose of protecting the data in storage and assumes trust in the server, that decrypts data for query execution.In this paper, we present a simple yet robust single-server solution for remote querying of encrypted databases on untrusted servers. Our approach is based on the use of indexing information attached to the encrypted database which can be used by the server to select the data to be returned in response to a query without the need of disclosing the database content. Our indexes balance the trade off between efficiency requirements in query execution and protection requirements due to possible inference attacks exploiting indexing information. We also investigate quantitative measures to model inference exposure and provide some related experimental results.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
L. Bouganim and P. Pucheral. Chip-secured data access: Confidential data on untrusted servers. In Proc. of the 28th International Conference on Very Large Data Bases, pages 131--142, Hong Kong, China, August 2002.
2
S. Ceri , M. Negri , G. Pelagatti, Horizontal data partitioning in database design, Proceedings of the 1982 ACM SIGMOD international conference on Management of data, June 02-04, 1982, Orlando, Florida  [doi>10.1145/582353.582376]
 
3
Han‐Chieh Chao , T. Y. Wu , Jiann‐Liang Chen, Security‐enhanced packet video with dynamic multicast throughput adjustment, International Journal of Network Management, v.11 n.3, p.147-159, May 10, 2001  [doi>10.1002/nem.398]
 
4
Thomas T. Cormen , Charles E. Leiserson , Ronald L. Rivest, Introduction to algorithms, MIT Press, Cambridge, MA, 1990
5
George I. Davida , David L. Wells , John B. Kam, A database encryption system with subkeys, ACM Transactions on Database Systems (TODS), v.6 n.2, p.312-328, June 1981  [doi>10.1145/319566.319580]
 
6
Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
 
7
Shahram Ghandeharizadeh , David J. DeWitt, A Multiuser Performance Analysis of Alternative Declustering Strategies, Proceedings of the Sixth International Conference on Data Engineering, p.466-475, February 05-09, 1990
8
Hakan Hacigümüş , Bala Iyer , Chen Li , Sharad Mehrotra, Executing SQL over encrypted data in the database-service-provider model, Proceedings of the 2002 ACM SIGMOD international conference on Management of data, June 03-06, 2002, Madison, Wisconsin  [doi>10.1145/564691.564717]
 
9
Providing Database as a Service, Proceedings of the 18th International Conference on Data Engineering, p.29, February 26-March 01, 2002
10
Christian D. Jensen, CryptoCache: a secure sharable file cache for roaming users, Proceedings of the 9th workshop on ACM SIGOPS European workshop: beyond the PC: new challenges for the operating system, September 17-20, 2000, Kolding, Denmark  [doi>10.1145/566726.566744]
11
Shmuel T. Klein , Abraham Bookstein , Scott Deerwester, Storing text retrieval systems on CD-ROM: compression and encryption considerations, ACM Transactions on Information Systems (TOIS), v.7 n.3, p.230-245, July 1989  [doi>10.1145/65943.65946]
 
12
B.D. McKay. Practical graph isomorphism. Congressus Numerantium, 30:45--87, 1981.
 
13
P. Samarati, Protecting Respondents' Identities in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, v.13 n.6, p.1010-1027, November 2001  [doi>10.1109/69.971193]
 
14
Dawn Xiaodong Song , David Wagner , Adrian Perrig, Practical Techniques for Searches on Encrypted Data, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.44, May 14-17, 2000
15
Jinx P. Walton, Developing an enterprise information security policy, Proceedings of the 30th annual ACM SIGUCCS conference on User services, p.153-156, November 20-23, 2002, Providence, Rhode Island, USA  [doi>10.1145/588646.588678]
 
16
Julie Ward , Michael O'Sullivan , Troy Shahoumian , John Wilkes, Appia: Automatic Storage Area Network Fabric Design, Proceedings of the Conference on File and Storage Technologies, p.203-217, January 28-30, 2002
 
17
Erica Y. Yang , Jie Xu , Keith H. Bennett, Private Information Retrieval in the Presence of Malicious Failures, Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment, p.805-812, August 26-19, 2002

CITED BY  19
Alberto Ceselli , Ernesto Damiani , Sabrina De Capitani Di Vimercati , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, Modeling and assessing inference exposure in encrypted databases, ACM Transactions on Information and System Security (TISSEC), v.8 n.1, p.119-152, February 2005
Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Order preserving encryption for numeric data, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France
Ernesto Damiani , S. De Capitani di Vimercati , Sara Foresti , Sushil Jajodia , Stefano Paraboschi , Pierangela Samarati, Key management for multi-user encrypted databases, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
Hui Wang , Laks V. S. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Yin Yang , Dimitris Papadias , Stavros Papadopoulos , Panos Kalnis, Authenticated join processing in outsourced databases, Proceedings of the 35th SIGMOD international conference on Management of data, June 29-July 02, 2009, Providence, Rhode Island, USA
Da-Wei Wang , Churn-Jung Liau , Tsan-sheng Hsu, An epistemic framework for privacy protection in database linking, Data & Knowledge Engineering, v.61 n.1, p.176-205, April, 2007
E. Damiani , S. De Capitani di Vimercati , S. Foresti , S. Jajodia , S. Paraboschi , P. Samarati, Selective Data Encryption in Outsourced Dynamic Environments, Electronic Notes in Theoretical Computer Science (ENTCS), 168, p.127-142, February, 2007
Bogdan Cautis, Distributed access control: a privacy-conscious approach, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Bijit Hore , Sharad Mehrotra , Gene Tsudik, A privacy-preserving index for range queries, Proceedings of the Thirtieth international conference on Very large data bases, p.720-731, August 31-September 03, 2004, Toronto, Canada
Nicolas Anciaux , Mehdi Benzine , Luc Bouganim , Philippe Pucheral , Dennis Shasha, GhostDB: querying visible and hidden data without leaks, Proceedings of the 2007 ACM SIGMOD international conference on Management of data, June 11-14, 2007, Beijing, China
Yi Tang , Jun Yun , Quan Zhou, A Multi-agent Based Method for Reconstructing Buckets in Encrypted Databases, Proceedings of the IEEE/WIC/ACM international conference on Intelligent Agent Technology, p.564-570, December 18-22, 2006
Ravi Chandra Jammalamadaka, Middleware support for protecting personal data from web based data services, Proceedings of the 4th on Middleware doctoral symposium, p.1-6, November 26-30, 2007, Newport Beach, California
Ozan Ünay , Taflan I. Gündem, A survey on querying encrypted XML documents for databases as a service, ACM SIGMOD Record, v.37 n.1, March 2008
Ravi Chandra Jammalamadaka , Roberto Gamboni , Sharad Mehrotra , Kent E. Seamons , Nalini Venkatasubramanian, iDataGuard: middleware providing a secure network drive interface to untrusted internet data storage, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
Ravi Chandra Jammalamadaka , Roberto Gamboni , Sharad Mehrotra , Kent Seamons , Nalini Venkatasubramanian, iDataGuard: an interoperable security middleware for untrusted internet data storage, Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion, December 01-05, 2008, Leuven, Belgium
Farookh Khadeer Hussain , Elizabeth Chang , Omar Hussain, A robust methodology for prediction of trust and reputation values, Proceedings of the 2008 ACM workshop on Secure web services, October 31-31, 2008, Alexandria, Virginia, USA
Nicolas Anciaux , Mehdi Benzine , Luc Bouganim , Philippe Pucheral , Dennis Shasha, Revelation on demand, Distributed and Parallel Databases, v.25 n.1-2, p.5-28, April 2009
Yin Yang , Stavros Papadopoulos , Dimitris Papadias , George Kollios, Authenticated indexing for outsourced spatial databases, The VLDB Journal — The International Journal on Very Large Data Bases, v.18 n.3, p.631-648, June 2009
Zhao Wei , Zhao Dan-Feng , Gao Feng , Liu Guo-Hua, On indexing and information disclosure measure for efficient cryptograph query, Proceedings of the WSEAES 13th international conference on Computers, p.476-480, July 23-25, 2009, Rodos, Greece

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.4 Systems
          Subjects: Relational databases

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection
  H.3 INFORMATION STORAGE AND RETRIEVAL
      H.3.1 Content Analysis and Indexing
          Subjects: Indexing methods
      H.3.3 Information Search and Retrieval
          Subjects: Query formulation


General Terms:
Design, Security


Keywords:
cryptography, database service, indexing

Collaborative Colleagues:
Ernesto Damiani: colleagues
S. De Capitani Vimercati: colleagues
Sushil Jajodia: colleagues
Stefano Paraboschi: colleagues
Pierangela Samarati: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player