Simultaneous scalability and security for data-intensive web applications

For Web applications in which the database component is the bottleneck, scalability can be provided by a third-party Database Scalability Service Provider (DSSP) that caches application data and supplies query answers on behalf of the application. Cost-effective DSSPs will need to cache data from many applications, inevitably raising concerns about security. However, if all data passing through a DSSP is encrypted to enhance security, then data updates trigger invalidation of large regions of cache. Consequently, achieving good scalability becomes virtually impossible. There is a tradeoff between security and scalability, which requires careful consideration.In this paper we study the security-scalability tradeoff, both formally and empirically. We begin by providing a method for statically identifying segments of the database that can be encrypted without impacting scalability. Experiments over a prototype DSSP system show the effectiveness of our static analysis method--for all three realistic bench-mark applications that we study, our method enables a significant fraction of the database to be encrypted without impacting scalability. Moreover, most of the data that can be encrypted without impacting scalability is of the type that application designers will want to encrypt, all other things being equal. Based on our static analysis method, we propose a new scalability-conscious security design methodology that features: (a) compulsory encryption of highly sensitive data like credit card information, and (b) encryption of data for which encryption does not impair scalability. As a result, the security-scalability tradeoff needs to be considered only over data for which encryption impacts scalability, thus greatly simplifying the task of managing the tradeoff.

[1]  Yu Jeffrey Hu,et al.  Consumer Surplus in the Digital Economy: Estimating the Value of Increased Product Variety at Online Booksellers , 2003 .

[2]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[3]  Alon Y. Halevy,et al.  Queries Independent of Updates , 1993, VLDB.

[4]  Sriram Padmanabhan,et al.  DBProxy: a dynamic data cache for web applications , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[5]  Qiong Luo,et al.  Template-Based Runtime Invalidation for Database-Generated Web Contents , 2004, APWeb.

[6]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[7]  Bruce M. Maggs,et al.  A Scalability Service for Dynamic Web Applications , 2005, CIDR.

[8]  Erik Brynjolfsson,et al.  Consumer Surplus in the Digital Economy: Estimating the Value of Increased Product Variety at Online Booksellers , 2003, Manag. Sci..

[9]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[10]  Jennifer Widom,et al.  Making views self-maintainable for data warehousing , 1996, Fourth International Conference on Parallel and Distributed Information Systems.

[11]  Jeffrey F. Naughton,et al.  Middle-tier database caching for e-business , 2002, SIGMOD '02.

[12]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[13]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[14]  D. Agrawal,et al.  View Invalidation for Dynamic Content Caching in Multitiered Architectures , 2002, Very Large Data Bases Conference.

[15]  Per-Åke Larson,et al.  Updating derived relations: detecting irrelevant and autonomously computable updates , 1986, VLDB.

[16]  Ashish Gupta,et al.  Using Partial Information to Update Materialized Views , 1995, Inf. Syst..

[17]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[18]  Bruce M. Maggs,et al.  Globally Distributed Content Delivery , 2002, IEEE Internet Comput..

[19]  Hamid Pirahesh,et al.  Cache Tables: Paving the Way for an Adaptive Database Cache , 2003, VLDB.

[20]  Divyakant Agrawal,et al.  CachePortal II: Acceleration of Very Large Scale Data Center-Hosted Database-driven Web Applications , 2003, VLDB.

[21]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OPSR.