Implementation of a Storage Mechanism for Untrusted DBMSs

Several architectures have been recently proposed that store relational data in encrypted form on untrusted relational databases. Such architectures permit the creation of novel Internet services and also offer an opportunity for a better construction of ASP solutions. Environments where there are limited resources that do not permit an efficient management of databases or where it is critical to offer a robust Internet access to private data may all benefit from the above architectures. In this paper we analyze the impact that this architecture has on the typical services of a database. The analysis is based on the experience gained in the construction of a prototype of a complete architecture for the management of encrypted databases. Specifically, we illustrate the impact on query translation and optimization, and the main components of the software architecture of the prototype.

[1]  Shmuel Tomi Klein,et al.  Storing text retrieval systems on CD-ROM: compression and encryption considerations , 1989, TOIS.

[2]  Christian Damsgaard Jensen,et al.  CryptoCache: a secure sharable file cache for roaming users , 2000, ACM SIGOPS European Workshop.

[3]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[4]  David J. DeWitt,et al.  A multiuser performance analysis of alternative declustering strategies , 1990, [1990] Proceedings. Sixth International Conference on Data Engineering.

[5]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[6]  Stefano Paraboschi,et al.  Database Systems - Concepts, Languages and Architectures , 1999 .

[7]  Luc Bouganim,et al.  Chip-Secured Data Access: Confidential Data on Untrusted Servers , 2002, VLDB.

[8]  Julie Ward,et al.  Appia: Automatic Storage Area Network Fabric Design , 2002, FAST.

[9]  John B. Kam,et al.  A database encryption system with subkeys , 1981, TODS.

[10]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[11]  Stefano Paraboschi,et al.  Database Systems: Concepts, Languages & Architectures , 1999 .

[12]  Jie Xu,et al.  Private information retrieval in the presence of malicious failures , 2002, Proceedings 26th Annual International Computer Software and Applications.

[13]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.