Metadata Management in Outsourced Encrypted Databases

Database outsourcing is becoming increasingly popular introducing a new paradigm, called database-as-a-service, where a client’s database is stored at an external service provider. Outsourcing databases to external providers promises higher availability and more effective disaster protection than in-house operations. This scenario presents new research challenges on which the usability of the system is based. In particular, one important aspect is the metadata that must be provided to support the proper working of the system. In this paper, we illustrate the metadata that are needed, at the client and server, to store and retrieve mapping information for processing a query issued by a client application to the server storing the outsourced database. We also present an approach to develop an efficient access control technique and the corresponding metadata needed for its enforcement.

[1]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[2]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[3]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[4]  Stefano Ceri,et al.  Distributed Databases: Principles and Systems , 1984 .

[5]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[6]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[7]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[8]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[9]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[10]  Hakan Hacigümüs,et al.  Performance-Conscious Key Management in Encrypted Databases , 2004, DBSec.

[11]  Josep Domingo-Ferrer,et al.  A Privacy Homomorphism Allowing Field Operations on Encrypted Data , 1998 .

[12]  Jeroen Doumen,et al.  Using Secret Sharing for Searching in Encrypted Data , 2004, Secure Data Management.

[13]  Wei-Pang Yang,et al.  Controlling access in large partially ordered hierarchies using cryptographic keys , 2003, J. Syst. Softw..

[14]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[15]  Sushil Jajodia,et al.  Implementation of a Storage Mechanism for Untrusted DBMSs , 2003, Second IEEE International Security in Storage Workshop.

[16]  John B. Kam,et al.  A database encryption system with subkeys , 1981, TODS.

[17]  Hakan Hacigümüs,et al.  Ensuring the Integrity of Encrypted Databases in the Database-as-a-Service Model , 2003, DBSec.

[18]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[19]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[20]  Oliver Günther,et al.  Using online services in untrusted environments: a privacy-preserving architecture , 2003, ECIS.

[21]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.