Abstract
Data integrity is an assurance that data has not been modified in an unknown or unauthorized manner. The goal of this paper is to allow a user to leverage a small amount of trusted client-side computation to achieve guarantees of integrity when interacting with a vulnerable or untrusted database server. To achieve this goal we describe a novel relational hash tree, designed for efficient database processing, and evaluate the performance penalty for integrity guarantees. We show that strong cryptographic guarantees of integrity can be provided in a relational database with modest overhead.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anley, C.: Advanced SQL injection in SQL server applications. NGSSoftware Insight Security (2002), available from http://www.ngssoftware.com
Bertino, E., Mella, G., Correndo, G., Ferrari, E.: An infrastructure for managing secure update operations on xml data. In: Symposium on Access control models and technologies, pp. 110–122. ACM Press, New York (2003)
Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G., Stubblebine, S.G.: Flexible authentication of XML documents. In: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 136–145. ACM Press, New York (2001)
Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic data publication over the internet. J. of Computer Security 11(3), 291–314 (2003)
Devanbu, P.T., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: IFIP Work. on Database Security (2000)
Edelsbrunner, H.: Dynamic data structures for orthogonal intersection queries. Technical report, Technical University of Graz, Austria (1980)
Secure hash standard (SHA). Federal Information Processing Standard Publication 180-2 (2000)
Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: 2004 CSI/FBI computer crime and security survey. Computer Security Institute (2004)
Kocher, P.C.: On certificate revocation and validation. In: Fin. Cryptography, pp. 172–177 (1998)
Kriegel, H.-P., Potke, M., Seidl, T.: Managing intervals efficiently in object-relational databases. In: VLDB Conference, pp. 407–418 (2000)
Merkle, R.C.: Secrecy, authentication, and public key systems. PhD thesis, Information Systems Laboratory, Stanford University (1979)
Merkle, R.C.: Protocols for public key cryptosystems. In: Symp. Security & Privacy (1980)
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS (2003)
Miklau, G., Suciu, D.: Managing integrity for data exchanged on the web. In: Doan, A., Neven, F., McCann, R., Bex, G.J. (eds.) WebDB, pp. 13–18 (2005)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: USENIX Security Symp. (1998)
Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proofs on a committed database
The 10 most critical web application security vulnerabilities. OWASP (January 2004), http://aspectsecurity.com/topten/
Pang, H., Jain, A., Ramamritham, K., Tan, K.-L.: Verifying completeness of relational query results in data publishing. In: SIGMOD Conference, pp. 407–418 (2005)
Pang, H., Tan, K.-L.: Authenticating query results in edge computing. In: ICDE (2004)
Preparata, F.P., Shamos, M.I.: Computational Geometry. Springer, New York (1985)
The 20 most critical internet security vulnerabilities. SANS Inst (October 2004), http://www.sans.org/top20/
SQL injection: Are your web applications vulnerable? SPI Dynamics Inc. White Paper, Retrieved Oct 1, 2004 from (2002), http://www.spidynamics.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Miklau, G., Suciu, D. (2005). Implementing a Tamper-Evident Database System. In: Grumbach, S., Sui, L., Vianu, V. (eds) Advances in Computer Science – ASIAN 2005. Data Management on the Web. ASIAN 2005. Lecture Notes in Computer Science, vol 3818. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596370_5
Download citation
DOI: https://doi.org/10.1007/11596370_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30767-9
Online ISBN: 978-3-540-32249-8
eBook Packages: Computer ScienceComputer Science (R0)