Confidentiality Enforcement for XML Outsourced Data
Data outsourcing is today receiving growing attention due to its benefits in terms of cost reduction and better services. According to such paradigm, the data owner is no more responsible for data management, rather it outsources its data to one or more service providers (referred to as publishers) that provide management services and query processing functionalities. Clearly, data outsourcing leads to challenging security issues in that, by outsourcing its data, the data owner may potentially loose control over them. Therefore, a lot of research is currently carrying on to ensure secure management of data even in the presence of an untrusted publisher. One of the key issues is confidentiality enforcement, that is, how to ensure that data are not read by unauthorized users. In this paper, we propose a solution for XML data, which exploits cryptographic techniques and it is robust to the most common and relevant security threats. In the paper, we present the encryption methods and query processing strategies.
KeywordsQuery Processing Pseudorandom Number Data Owner Access Control Policy Encrypt Data
Unable to display preview. Download preview PDF.
- 3.Bertino, E., Carminati, B., Ferrari, E.: A Temporal Key Management Scheme for Broadcasting XML Documents. In: Proc. of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington (November 2002)Google Scholar
- 4.Carminati, B., Ferrari, E., Bertino, E.: Securing XML Data in Third-Party Distribution Systems. In: Proc. of the ACM Fourteenth Conference on Information and Knowledge Management (CIKM 2005), Bremen, Germany (November 2005)Google Scholar
- 6.Hacigumus, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database Service Provider Model. In: Proc. of the ACM SIGMOD 2002, Madison, WI, USA (June 2002)Google Scholar
- 8.Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
- 9.Salton, G., McGill, M.: Introduction to Modern Information Retrival. McGraw-Hill, New York (1983)Google Scholar
- 10.Song, D.X., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proc. of the IEEE Symposium on Security and Privacy, Oakland, California (2000)Google Scholar
- 11.World Wide Web Consortium, http://www.w3.org