Enabling Secure Data Exchange

The emergence of diverse networked data sources has created new opportunities for the sharing and exchange of data. In support of this, a fruitful line of research has resulted in distributed data processing and integration systems [19, 17, 29, 30, 3]. However in practice, fear of unauthorized disclosure or malicious tampering requires that data stay safely behind firewalls or remain protected by secure servers. Our goal is to overcome these limitations and enable secure data exchange and sharing in distributed integration scenarios. Such scenarios are characterized by many interacting data sources and many data consumers. Primary sources create and publish data; intermediate sources combine, extract, and modify the data for further dissemination; data consumers query it. This paper describes issues in secure data exchange, and illustrates some solutions proposed in the authors’ own work. The basic requirements of secure data exchange are confidentiality and integrity. Confidentiality means that unauthorized parties are prevented from reading data. In data exchange, confidentiality is provided through encryption and managing keys that allow access. Confidentiality benefits data sources who need to protect data. Integrity (in its basic form) means that unauthorized parties are prevented from modifying data. In data exchange, integrity is provided through digital signatures and data certification techniques. Integrity benefits both data sources (who need to make sure data attributed to them is not modified) and data consumers (who need guarantees that the data they use has not been tampered with). Confidentiality and integrity are distinct goals and the tools for each are different. In particular, techniques for providing confidentiality do not by themselves provide integrity. Participants can guarantee both properties by combining techniques. We describe the basic features of our envisioned framework for secure data exchange below:

[1]  Stefan Saroiu,et al.  Self-organizing data sharing communities with SAGRES , 2000, SIGMOD '00.

[2]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[3]  Elisa Bertino,et al.  A temporal key management scheme for secure broadcasting of XML documents , 2002, CCS '02.

[4]  Sanjeev Khanna,et al.  Why and Where: A Characterization of Data Provenance , 2001, ICDT.

[5]  Michael Stonebraker,et al.  Mariposa: a wide-area distributed database system , 1996, The VLDB Journal.

[6]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[7]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[8]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[9]  Joann J. Ordille,et al.  Querying Heterogeneous Information Sources Using Source Descriptions , 1996, VLDB.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  R. Ostrovsky,et al.  Efficient Consistency Proofs on a Committed Database , 2003 .

[12]  Sanjeev Khanna,et al.  Edinburgh Research Explorer On the Propagation of Deletions and Annotations through Views , 2013 .

[13]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[14]  Peter Stañski,et al.  Content extraction signatures using XML digital signatures and custom transforms on-demand , 2003, WWW '03.

[15]  Dan Suciu,et al.  The Piazza peer data management project , 2003, SGMD.

[16]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[17]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[18]  Bogdan Warinschi,et al.  Completeness Theorems for the Abadi-Rogaway Language of Encrypted Expressions , 2004, J. Comput. Secur..

[19]  Verena Kantere,et al.  The hyperion project: from data integration to data coordination , 2003, SGMD.

[20]  Michael Stonebraker,et al.  Predicate migration: optimizing queries with expensive predicates , 1992, SIGMOD Conference.

[21]  Michael Gertz,et al.  Flexible authentication of XML documents , 2001, CCS '01.

[22]  Jennifer Widom,et al.  Practical lineage tracing in data warehouses , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[23]  Elisa Bertino,et al.  An infrastructure for managing secure update operations on XML data , 2003, SACMAT '03.

[24]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.