Securing SQL with Access Control for Database as a Service Model

'Software as a service - SaaS' is a well known model used in cloud infrastructure, outsourcing and pervasive computing. With the SaaS model, application service providers (ASP) facilitates various functionalities of software to application developers as well as to consumers over a public channel like Internet. In order to manage large volumes of users data, 'Database as a service - DaaS' model is a practical requirement for ASPs. The DaaS model allows implementation of need-based (e.g., role-based) privileges of database access to its users. However, the use of DaaS model raises security concerns (e.g. confidentiality and integrity of data) of data while storing users data in untrusted public storage server. In this paper, we review one DaaS tool, CryptDB [1], developed in recent times, and we observe some limitations in it and then present an improved solution for securing data in untrusted database provider. The proposed solution mitigates the limitations of CryptDB while keeping the efficiency of the service model used between ASP and DB intact.

[1]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[2]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[3]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[4]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[5]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[6]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[7]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[8]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[9]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.

[10]  Gang Chen,et al.  A Database Encryption Scheme for Enhanced Security and Easy Sharing , 2006, 2006 10th International Conference on Computer Supported Cooperative Work in Design.

[11]  Adam Chlipala,et al.  Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications , 2010, OSDI.

[12]  Min Wang,et al.  Cryptography and relational database management systems , 2001, Proceedings 2001 International Database Engineering and Applications Symposium.

[13]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[14]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[15]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[16]  Voratas Kachitvichyanukul,et al.  Algorithm 668: H2PEC: sampling from the hypergeometric distribution , 1988, TOMS.

[17]  Carlo Curino,et al.  Relational Cloud: a Database Service for the cloud , 2011, CIDR.

[18]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[19]  Ling Liu,et al.  Preserving data privacy in outsourcing data aggregation services , 2007, TOIT.

[20]  Sheng Zhong,et al.  Privacy-Preserving Queries on Encrypted Data , 2006, ESORICS.