Advertisement

Confidentiality Protection in Large Databases

  • Sabrina De Capitani di Vimercati
  • Sara Foresti
  • Giovanni Livraga
  • Stefano Paraboschi
  • Pierangela SamaratiEmail author
Chapter
Part of the Studies in Big Data book series (SBD, volume 31)

Abstract

A growing trend in today’s society is outsourcing large databases to the cloud. This permits to move the management burden from the data owner to external providers, which can make vast and scalable infrastructures available at competitive prices. Since large databases can include sensitive information, effective protection of data confidentiality is a key issue to fully enable data owners to enjoy the benefits of cloud-based solutions. Data encryption and data fragmentation have been proposed as two natural solutions for protecting data confidentiality. However, their adoption does not permit to completely delegate query evaluation at the provider. In this chapter, we illustrate some encryption-based and fragmentation-based solutions for protecting data confidentiality, discussing also how they support query execution.

Notes

Acknowledgements

This work was supported in part by the EC within the H2020 under grant agreement 644579 (ESCUDO-CLOUD), and within the FP7 under grant agreement 312797 (ABC4EU).

References

  1. 1.
    G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, Y. Xu, Two can keep a secret: a distributed architecture for secure database services, in Proceedings of CIDR (Asilomar, CA, USA, 2005)Google Scholar
  2. 2.
    R. Agrawal, J. Kierman, R. Srikant, Y. Xu, Order preserving encryption for numeric data, in Proceedings of SIGMOD (Paris, France, 2004)Google Scholar
  3. 3.
    A. Arasu, S. Blanas, K. Eguro, M. Joglekar, R. Kaushik, D. Kossmann, R. Ramamurthy, P. Upadhyaya, R. Venkatesan, Secure database-as-a-service with cipherbase, in Proceedings of SIGMOD 2013 (New York, USA, 2013)Google Scholar
  4. 4.
    Z. Brakerski, V. Vaikuntanathan, Efficient fully homomorphic encryption from (standard) \({textsf{LWE}}\). SIAM J. Comput. 43(2), 831–871 (2014)Google Scholar
  5. 5.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Fragmentation and encryption to enforce privacy in data storage, in Proceedings of ESORICS (Dresden, Germany, 2007)Google Scholar
  6. 6.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Fragmentation design for efficient query execution over sensitive distributed databases, in Proceedings of ICDCS (Montreal, Canada, 2009)Google Scholar
  7. 7.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Keep a few: outsourcing data while maintaining confidentiality, in Proceedings of ESORICS (Saint Malo, France, 2009)Google Scholar
  8. 8.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Combining fragmentation and encryption to protect privacy in data storage. ACM TISSEC 13(3), 22:1–22:33 (2010)Google Scholar
  9. 9.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, Selective data outsourcing for enforcing privacy. JCS 19(3), 531–566 (2011)Google Scholar
  10. 10.
    V. Ciriani, S. De Capitani di Vimercati, S. Foresti, G. Livraga, P. Samarati, An OBDD approach to enforce confidentiality and visibility constraints in data publishing. JCS 20(5), 463–508 (2012)Google Scholar
  11. 11.
    J.S. Coron, A. Mandal, D. Naccache, M. Tibouchi, Fully homomorphic encryption over the integers with shorter public keys, in Proceedings of CRYPTO (Santa Barbara, CA, USA, 2011)Google Scholar
  12. 12.
    J.S. Coron, D. Naccache, M. Tibouchi, Public key compression and modulus switching for fully homomorphic encryption over the integers, in Proceedings of EUROCRYPT (Cambridge, UK, 2012)Google Scholar
  13. 13.
    E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, P. Samarati, Balancing confidentiality and efficiency in untrusted relational DBMSs, in Proceedings of CCS (Washington, DC, USA, 2003)Google Scholar
  14. 14.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati, Fragmentation in presence of data dependencies. IEEE TDSC (2014), to appearGoogle Scholar
  15. 15.
    S. De Capitani di Vimercati, S. Foresti, G. Livraga, P. Samarati, Practical techniques building on encryption for protecting and managing data in the cloud, in Festschrift for David Kahn, ed. by P. Ryan, D. Naccache, J.J. Quisquater (Springer, Berlin, 2016)Google Scholar
  16. 16.
    S. De Capitani di Vimercati, S. Foresti, P. Samarati, Managing and accessing data in the cloud: privacy risks and approaches, in Proceedings of CRiSIS (Cork, Ireland, 2012)Google Scholar
  17. 17.
    S. De Capitani di Vimercati, S. Foresti, P. Samarati, Protecting data in outsourcing scenarios, in Handbook on Securing Cyber-Physical Critical Infrastructure, ed by S. Das, K. Kant, N. Zhang (Morgan Kaufmann, 2012)Google Scholar
  18. 18.
    De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Selective and fine-grained access to data in the cloud. In: Jajodia, S., Kant, K., Samarati, P., Swarup, V., Wang, C. (eds.) Secure Cloud Computing. Springer (2014)Google Scholar
  19. 19.
    C. Gentry, Fully homomorphic encryption using ideal lattices, in Proceedings of STOC (Bethesda, MA, USA, 2009)Google Scholar
  20. 20.
    H. Hacigümüs, B. Iyer, S. Mehrotra, Providing database as a service, in Proceedings of ICDE (San Jose, CA, USA, 2002)Google Scholar
  21. 21.
    H. Hacigümüs, B. Iyer, S. Mehrotra, Efficient execution of aggregation queries over encrypted relational databases, in Proceedings of DASFAA (Jeju Island, Korea, 2004)Google Scholar
  22. 22.
    R. Jhawar, V. Piuri, Fault tolerance and resilience in cloud computing environments, in Computer and Information Security Handbook, ed by J. Vacca, 2nd edn (Morgan Kaufmann, Burlington, 2013), pp. 125–141Google Scholar
  23. 23.
    R. Jhawar, V. Piuri, P. Samarati, Supporting security requirements for resource management in cloud computing, in Proceedings of CSE (Paphos, Cyprus, 2012)Google Scholar
  24. 24.
    R. Popa, C. Redfield, N. Zeldovich, H. Balakrishnan, CryptDB: protecting confidentiality with encrypted query processing, in Proceedings of SOSP (Cascais, Portugal, 2011)Google Scholar
  25. 25.
    R. Rivest, L. Adleman, M. Dertouzos, On data banks and privacy homomorphisms, in Foundation of Secure Computations, ed by R. DeMillo, R. Lipton, A. Jones (Academic Press, Cambridge, 1978)Google Scholar
  26. 26.
    P. Samarati, S. De Capitani di Vimercati, Cloud security: issues and concerns, in Encyclopedia on Cloud Computing, ed by S. Murugesan, I. Bojanova (Wiley, New Jersey, 2016)Google Scholar
  27. 27.
    S. Tu, M.F. Kaashoek, S. Madden, N. Zeldovich, Processing analytical queries over encrypted data. Proc. VLDB Endowment 6(5), 289–300 (2013)CrossRefGoogle Scholar
  28. 28.
    H. Wang, L. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, in Proceedings of VLDB (Seoul, Korea, 2006)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Sabrina De Capitani di Vimercati
    • 1
  • Sara Foresti
    • 1
  • Giovanni Livraga
    • 1
  • Stefano Paraboschi
    • 2
  • Pierangela Samarati
    • 1
    Email author
  1. 1.Università degli Studi di MilanoCremaItaly
  2. 2.Università degli Studi di BergamoDalmineItaly

Personalised recommendations