Abstract
Existing approaches for protecting sensitive information stored (outsourced) at external “honest-but-curious” servers are typically based on an overlying layer of encryption that is applied on the whole information, or use a combination of fragmentation and encryption. The computational load imposed by encryption makes such approaches not suitable for scenarios with lightweight clients.
In this paper, we address this issue and propose a novel model for enforcing privacy requirements on the outsourced information which departs from encryption. The basic idea of our approach is to store a small portion of the data (just enough to break sensitive associations) on the client, which is trusted being under the data owner control, while storing the remaining information in clear form at the external (honest-but-curious) server. We model the problem and provide a solution for it aiming at minimizing the data stored at the client. We also illustrate the execution of queries on the fragmented information.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: Proc. of the 2nd Biennial Conference on Innovative Data Systems Research (CIDR 2005), Asilomar, CA, USA (January 2005)
Atzeni, P., Ceri, S., Paraboschi, S., Torlone, R.: Database systems - Concepts, languages and architectures. McGraw-Hill Book, New York (1999)
Ausiello, G., D’Atri, A., Protasi, M.: Structure preserving reductions among convex optimization problems. Journal of Computer and System Sciences 21(1), 136–153 (1980)
Bernstein, P., Goodman, N., Wong, E., Reeve, C., Rothnie, J.J.B.: Query processing in a system for distributed databases (SDD-1). ACM Transactions on Database Systems 6(4), 602–625 (1981)
Biskup, J., Embley, D., Lochner, J.: Reducing inference control to access control for normalized database schemas. Information Processing Letters 106(1), 8–12 (2008)
Ceri, S., Pelagatti, G.: Distributed Databases: Principles and Systems. McGraw-Hill, New York (1984)
Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security 8(1), 119–152 (2005)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation design for efficient query execution over sensitive distributed databases. In: Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Canada (June 2009)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-Anonymity. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Springer, Heidelberg (2007)
Dawson, S., De Capitani di Vimercati, S., Lincoln, P., Samarati, P.: Maximizing sharing of protected information. Journal of Computer and System Sciences 64(3), 496–541 (2002)
Feige, U.: A threshold of ln n for approximating set cover. Journal of the ACM 45(4), 634–652 (1998)
Garey, M., Johnson, D.: Computers and intractability; a guide to the theory of NP-completeness. W.H. Freeman, New York (1979)
Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of the 18th International Conference on Data Engineering (ICDE 2002), San Jose, CA, USA (February/March 2002)
Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the 21st ACM SIGMOD International Conference on Management of Data, Madison, WI, USA (June 2002)
Johnson, D.: Approximation algorithms for combinatorial problems. In: Proc. of the ACM Symposium on Theory of Computing (STOC 1973), Austin, TX, USA (April/May 1973)
Kossmann, D.: The state of the art in distributed query processing. ACM Computing Surveys 32(4), 422–469 (2000)
Navathe, S., Ra, M.: Vertical partitioning for database design: A graphical algorithm. In: Proc. of the ACM SIGMOD International Conference on Management of Data, Portland, OR, USA (June 1989)
Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of the 32nd International Conference on Very Large Data Bases (VLDB 2006), Seoul, Korea (September 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P. (2009). Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients. In: Gudes, E., Vaidya, J. (eds) Data and Applications Security XXIII. DBSec 2009. Lecture Notes in Computer Science, vol 5645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03007-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-03007-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03006-2
Online ISBN: 978-3-642-03007-9
eBook Packages: Computer ScienceComputer Science (R0)