An Authorization Model for Multi-Provider Queries

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced in the query execution by possibly restricting operation assignments to other parties and by adjusting visibility of data on-the-fly. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.

[1]  Jennie Duggan,et al.  SMCQL: Secure Query Processing for Private Data Networks , 2016, Proc. VLDB Endow..

[2]  Murat Kantarcioglu,et al.  Secure and Efficient Query Processing over Hybrid Clouds , 2017, 2017 IEEE 33rd International Conference on Data Engineering (ICDE).

[3]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[4]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[5]  Andreas Schaad,et al.  Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data , 2014, Sicherheit.

[6]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[7]  Lakshminarayanan Subramanian,et al.  Two-Party Computation Model for Privacy-Preserving Queries over Distributed Databases , 2009, NDSS.

[8]  Ken Barker,et al.  Privacy-preservation in the integration and querying of multidimensional data models , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[9]  Sushil Jajodia,et al.  Efficient integrity checks for join queries in the cloud , 2016, J. Comput. Secur..

[10]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[11]  Jorge Lobo,et al.  Enforcement of Autonomous Authorizations in Collaborative Distributed Query Evaluation , 2015, IEEE Transactions on Knowledge and Data Engineering.

[12]  Ting Yu,et al.  PAQO: Preference-aware query optimization for decentralized database systems , 2014, 2014 IEEE 30th International Conference on Data Engineering.

[13]  Sushil Jajodia,et al.  Authorization enforcement in distributed query evaluation , 2011, J. Comput. Secur..

[14]  Divesh Srivastava,et al.  Data model and query evaluation in global information systems , 1995, Journal of Intelligent Information Systems.

[15]  Joseph M. Hellerstein,et al.  MAD Skills: New Analysis Practices for Big Data , 2009, Proc. VLDB Endow..

[16]  Michael Benedikt,et al.  Querying with Access Patterns and Integrity Constraints , 2015, Proc. VLDB Endow..

[17]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[18]  Joseph K. Bradley,et al.  Spark SQL: Relational Data Processing in Spark , 2015, SIGMOD Conference.

[19]  Ulf Leser,et al.  Optimization of Complex Dataflows with User-Defined Functions , 2017, ACM Comput. Surv..

[20]  Marco Guarnieri,et al.  Optimal Security-Aware Query Processing , 2014, Proc. VLDB Endow..

[21]  Sabrina De Capitani di Vimercati,et al.  Practical Techniques Building on Encryption for Protecting and Managing Data in the Cloud , 2015, The New Codebreakers.

[22]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[23]  Sushil Jajodia,et al.  Fragmentation in Presence of Data Dependencies , 2014, IEEE Transactions on Dependable and Secure Computing.

[24]  Jaideep Vaidya Privacy in the context of digital government , 2012, dg.o '12.