Abstract
With the widespread use of e-business coupled with the public’s awareness of data privacy issues and recent database security related legislations, incorporating security features into modern database products has become an increasingly important topic. Several database vendors already offer integrated solutions that provide data privacy within existing products. However, treating security and privacy issues as an afterthought often results in inefficient implementations. Some notable RDBMS storage models (such as the N-ary Storage Model) suffer from this problem. In this work, we analyze issues in storage security and discuss a number of trade-offs between security and efficiency. We then propose a new secure storage model and a key management architecture which enable efficient cryptographic operations while maintaining a very high level of security. We also assess the performance of our proposed model by experimenting with a prototype implementation based on the well-known TPC-H data set.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Copeland, G.P., Khoshafian, S.F.: A Decomposition Storage Model. In: ACM SIGMOD International Conference on Management of Data, pp. 268–269 (1985)
Oracle Corporation: Database Encryption in Oracle9i (2001), http://otn.oracle.com/deploy/security/oracle9i
Department of Health and Human Services (U.S.). Gramm-Leach-Bliley (GLB) Act. FIPS PUB 81 (1999), http://www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm
Federal Trade Commission (U.S.): Health Insurance Portability and Accountability Act (HIPAA) (1996), http://www.hhs.gov/ocr/hipaa/privacy.html
IBM Data Encryption for IMS and DB2 Databases, Version 1.1 (2003), http://www-306.ibm.com/software/data/db2imstools/html/ibmdataencryp.html
He, J., Wang, M.: Cryptography and Relational Database Management Systems. In: Proceedings of the 5th International Database Engineering and Applications Symposium, pp. 273–284 (2001)
Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database Service Provider Model. In: ACM SIGMOD Conference on Management of Data (2002)
Bouganim, L., Pucheral, P.: Chip-Secured Data Access: Confidential Data on Untrusted Servers. In: VLDB Conference, Hong Kong, China (2002)
Hacigümüş, H., Iyer, B., Mehrotra, S.: Providing Database as a Service. In: ICDE (2002)
Karlsson, J.S.: Using Encryption for Secure Data Storage in Mobile Database Systems. Friedrich-Schiller-Universitat Jena (2002)
Rivest, R.L., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21 (1978)
NIST. Advanced Encryption Standard. FIPS PUB 197 (2001)
TPC Transaction Processing Performance Council, http://www.tpc.org
OpenSSL Project, http://www.openssl.org
NIST. Data Encryption Standard (DES). FIPS 46-3 (1993)
Schneier, B.: Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish). In: Fast software Encryption, Cambridge Security Workshop Proceedings, pp. 191–204 (1993)
Ramakrishnan, R., Gehrke, J.: Database Management Systems, 2nd edn. WCB/McGraw-Hill (2000)
Ailamaki, A., DeWitt, D.J., Hill, M.D., Skounakis, M.: Weaving Relations for Cache Performance. The VLDB Journal, 169–180 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y. (2004). A Framework for Efficient Storage Security in RDBMS. In: Bertino, E., et al. Advances in Database Technology - EDBT 2004. EDBT 2004. Lecture Notes in Computer Science, vol 2992. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24741-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-24741-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21200-3
Online ISBN: 978-3-540-24741-8
eBook Packages: Springer Book Archive