On the Hardness of Separation of Duties Problems for Cloud Databases

Using cloud databases puts confidential data at risk. We apply vertical fragmentation of data tables in order to obtain insensitive data fragments. These fragments can then be hosted in databases at different cloud providers. Under the assumption that the cloud providers do not communicate, we then obtain a separation of duties such that each provider is unable to recombine the original confidential data set. In this paper, we view this separation of duties as an optimization problem. We show that it is a combination of the two famous NP-hard problems bin packing and vertex coloring. We analyze the complexity of the problem in the standard case (when only confidentiality is required) and the extended case (when also utility is a requirement).

[1]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Lena Wiese Horizontal Fragmentation for Data Outsourcing with Formula-Based Confidentiality Constraints , 2010, IWSEC.

[4]  Sushil Jajodia,et al.  Fragmentation in Presence of Data Dependencies , 2014, IEEE Transactions on Dependable and Secure Computing.

[5]  Nora Cuppens-Boulahia,et al.  Preserving Multi-relational Outsourced Databases Confidentiality using Fragmentation and Encryption , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[6]  Lena Wiese,et al.  Closeness Constraints for Separation of Duties in Cloud Databases as an Optimization Problem , 2017, BICOD.

[7]  Sushil Jajodia,et al.  Encryption and Fragmentation for Data Confidentiality in the Cloud , 2013, FOSAD.

[8]  Sushil Jajodia,et al.  Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[9]  Lena Wiese,et al.  Separation of Duties for Multiple Relations in Cloud Databases as an Optimization Problem , 2017, IDEAS.

[10]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[11]  Alekh Jindal,et al.  A Comparison of Knives for Bread Slicing , 2013, Proc. VLDB Endow..

[12]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[13]  Sushil Jajodia,et al.  Selective data outsourcing for enforcing privacy , 2011, J. Comput. Secur..

[14]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[15]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[16]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[17]  E. F. CODD,et al.  A relational model of data for large shared data banks , 1970, CACM.

[18]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[19]  Joachim Biskup,et al.  On the Inference-Proofness of Database Fragmentation Satisfying Confidentiality Constraints , 2011, ISC.

[20]  Tim Waage,et al.  Property Preserving Encryption in NoSQL Wide Column Stores , 2017, OTM Conferences.

[21]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[22]  Sabrina De Capitani di Vimercati,et al.  An OBDD approach to enforce confidentiality and visibility constraints in data publishing , 2012, J. Comput. Secur..