Secure personal data servers

An increasing amount of personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on internet companies to store their data and make them reliable and highly available through the internet. However, these benefits must be weighed against privacy risks incurred by centralization. This paper suggests a radically different way of considering the management of personal data. It builds upon the emergence of new portable and secure devices combining the security of smart cards and the storage capacity of NAND Flash chips. By embedding a full-fledged Personal Data Server in such devices, user control of how her sensitive data is shared by others (by whom, for how long, according to which rule, for which purpose) can be fully reestablished and convincingly enforced. To give sense to this vision, Personal Data Servers must be able to interoperate with external servers and must provide traditional database services like durability, availability, query facilities, transactions. This paper proposes an initial design for the Personal Data Server approach, identifies the main technical challenges associated with it and sketches preliminary solutions. We expect that this paper will open exciting perspectives for future database research.

[1]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[2]  Ramesh K. Sitaraman,et al.  Lazy-Adaptive Tree: An Optimized Index Structure for Flash Devices , 2009, Proc. VLDB Endow..

[3]  Laura M. Haas,et al.  Seeking the truth about ad hoc join costs , 1997, The VLDB Journal.

[4]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[5]  Yufei Tao,et al.  Output perturbation with query relaxation , 2008, Proc. VLDB Endow..

[6]  Luc Bouganim,et al.  Trustworthiness of Pervasive Healthcare Folders , 2010 .

[7]  Sang-Won Lee,et al.  Design of flash-based DBMS: an in-page logging approach , 2007, SIGMOD '07.

[8]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[9]  Benjamin Nguyen,et al.  Safe Anonymization of Data Hosted in Smart Tokens , 2010 .

[10]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.

[11]  Philippe Bonnet,et al.  uFLIP: Understanding Flash IO Patterns , 2009, CIDR.

[12]  Luc Bouganim,et al.  Pluggable personal data servers , 2010, SIGMOD Conference.

[13]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[14]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[15]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[16]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[17]  David J. DeWitt,et al.  Data page layouts for relational databases on deep memory hierarchies , 2002, The VLDB Journal.

[18]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[19]  Roy Want,et al.  The Personal Server: Changing the Way We Think about Ubiquitous Computing , 2002, UbiComp.

[20]  Xiaofeng Meng,et al.  A sequential indexing scheme for flash-based embedded systems , 2009, EDBT '09.

[21]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[22]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[23]  Tei-Wei Kuo,et al.  An Efficient B-Tree Layer for Flash-Memory Storage Systems , 2003, RTCSA.

[24]  Kenneth A. Ross,et al.  Fast joins using join indices , 1999, The VLDB Journal.