Abstract
Database outsourcing is becoming increasingly popular introducing a new paradigm, called database-as-a-service, where a client’s database is stored at an external service provider. Outsourcing databases to external providers promises higher availability and more effective disaster protection than in-house operations. This scenario presents new research challenges on which the usability of the system is based. In particular, one important aspect is the metadata that must be provided to support the proper working of the system.
In this paper, we illustrate the metadata that are needed, at the client and server, to store and retrieve mapping information for processing a query issued by a client application to the server storing the outsourced database. We also present an approach to develop an efficient access control technique and the corresponding metadata needed for its enforcement.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. of ACM SIGMOND 2004, Paris, France (June 2004)
Akl, S., Taylor, P.: Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer System 1(3), 239–248 (1983)
Boyens, C., Gunter, O.: Using online services in untrusted environments - a privacy-preserving architecture. In: Proc. of the 11th European Conference on Information Systems (ECIS 2003), Naples, Italy (June 2003)
Brinkman, R., Doumen, J., Jonker, W.: Using secret sharing for searching in encrypted data. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 18–27. Springer, Heidelberg (2004)
Ceri, S., Pelegatti, G.: Distributed Database Systems: Principles and Systems. McGraw-Hill, New York (1984)
Ceselli, A., Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security (TISSEC) 8(1), 119–152 (2005)
Damiani, E., De di Capitani Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Selective release of information in outsourced encrypted database. Technical report, University of Milan (2005)
Damiani, E., De di Capitani Vimercati, S., Finetti, M., Paraboschi, S., Samarati, P., Jajodia, S.: Implementation of a storage mechanism for untrusted DBMSs. In: Proc. of the Second International IEEE Security in Storage Workshop, Washington DC, USA (May 2003)
Damiani, E., De di Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-31 (2003)
Davida, G.I., Wells, D.L., Kam, J.B.: A database encryption system with subkeys. ACM Transactions on Database Systems 6(2), 312–328 (1981)
Domingo-Ferrer, J., Herrera-Joanconmarti, J.: A privacy homomorphism allowing field operations on encrypted data. Jornades de Matematica Discreta i Algorismica (1998)
Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of 18th International Conference on Data Engineering, San Jose, California, USA (February 2002)
Hacigümüs, H., Iyer, B., Mehrotra, S.: Ensuring integrity of encrypted databases in database as a service model. In: Proc. of the IFIP Conference on Data and Applications Security, Estes Park Colorado (August 2003)
Hacigumus, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Proc. of the 9th International Conference on Database Systems for Advanced Applications, Jeju Island, Korea (March 2004)
Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD’2002, Madison, Wisconsin, USA (June 2002)
Hacigumus, H., Mehrotra, S.: Performance-conscious key management in encrypted databases. In: Proc. of the 18th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sitges, Catalonia, Spain (July 2004)
Harn, L., Lin, H.: A cryptographic key generation scheme for multilevel data security. Computers and Security 9(6), 539–546 (1990)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proc. of the 30th VLDB Conference, Toronto, Canada (2004)
Hwang, M., Yang, W.: Controlling access in large partially ordered hierarchies using cryptographic keys. The Journal of Systems and Software 67(2), 99–107 (2003)
MacKinnon, S., Taylor, P., Meijer, H., Akl, S.: An optimal algorithm for assigning cryptographic keys to control access in a hierarchy. IEEE Transactions on Computers 34(9), 797–802 (1985)
E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced database. In Proc. of the 11th Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 2004.
R.S. Sandhu. Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters, 27(2):95–98, April 1988.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P. (2005). Metadata Management in Outsourced Encrypted Databases. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_2
Download citation
DOI: https://doi.org/10.1007/11552338_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)