Abstract
A cloud database is a database that typically runs on a cloud computing platform. There are two common deployment models: users can run databases on virtual machines hosted and managed by a infrastructure as a service provider, or they can purchase access to a database service, maintained by a software as a service provider, without physically launching a virtual machine instance for the database. In a database service, application owners do not have to install and maintain the database themselves. Instead, the database as a service provider takes responsibility for installing and maintaining the database, and application owners pay according to their usage. Thus, database services decrease the need for local data storage and the infrastructure costs. Nevertheless, hosting confidential data at a database service requires the transfer of control of the data to a semi-trusted external provider. Therefore, data confidentiality is an important concern from cloud service providers. Recently, three main approaches have been introduced to ensure data confidentiality in cloud services: data encryption; combination of encryption and fragmentation; and fragmentation. Besides, other strategies use a mix of these three main approaches. In this paper, we present i-OBJECT, a new mechanism to preserve data confidentiality in database service scenarios. The proposed mechanism uses information decomposition to split data into unrecognizable parts and store them in different cloud service providers. Additionally, i-OBJECT is a flexible mechanism since it can be used alone or together with other previously approaches in order to increase the data confidentiality level. Thus, a user may trade performance or data utility for a potential increase in the degree of data confidentiality. Experimental results show the potential efficiency of i-OBJECT.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04444-1_27
Clarke, R.: Introduction to dataveillance and information privacy, and definition of terms (1999)
Camenisch, J., Fischer-Hübner, S., Rannenberg, K.: Privacy and Identity Management for Life. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20317-6
Zhifeng, X., Yang, X.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 15, 843–859 (2013)
Ciriani, V., Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13, 22:1–22:33 (2010)
Samarati, P., di Vimercati, S.D.C.: Data protection in outsourcing scenarios: issues and directions. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ASIACCS 2010, pp. 1–14. ACM (2010)
Joseph, N.M., Daniel, E., Vasanthi, N.A.: Article: survey on privacy-preserving methods for storage in cloud computing. In: IJCA Proceedings on Amrita International Conference of Women in Computing - 2013 AICWIC, pp. 1–4 (2013). (Full text available)
Ceselli, A., Damiani, E., Vimercati, S.D.C.D., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. (TISSEC) 8, 119–152 (2005)
Hegel, G.: The Encyclopedia Logic, vol. 1. Hackett, Indianapolis (1991). (Geraets, T.F., Suchting, W.A., Harris, H.S. (trans.))
Barbay, J., Navarro, G.: Compressed representations of permutations, and applications (2009). arXiv preprint: arXiv:0902.1038
Resch, J.K., Plank, J.S.: AONT-RS: blending security and performance in dispersed storage systems. In: Proceedings of FAST-2011: 9th Usenix Conference on File and Storage Technologies, February 2011
Wiese, L.: Horizontal fragmentation for data outsourcing with formula-based confidentiality constraints. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 101–116. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16825-3_8
Ning, C., Cong, W., Ming, L., Kui, R., Wenjing, L.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25, 222–233 (2014)
Shannon, C.E.: Communication theory of secrecy systems*. Bell Syst. Tech. J. 28, 656–715 (1949)
Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., Abramov, J.: Security issues in NoSQL databases. In: 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 541–547 (2011)
Aggarwal, C.C.: On k-anonymity and the curse of dimensionality. In: Proceedings of the 31st International Conference on Very Large Data Bases, pp. 901–909. VLDB Endowment (2005)
Xu, X., Xiong, L., Liu, J.: Database fragmentation with confidentiality constraints: a graph search approach. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, pp. 263–270. ACM (2015)
Krishna, R., Sayi, T., Mukkamala, R., Baruah, P.K.: Efficient privacy-preserving data distribution in outsourced environments: a fragmentation-based approach. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, ICACCI 2012, pp. 589–595. ACM (2012)
Rekatsinas, T., Deshpande, A., Machanavajjhala, A.: SPARSI: partitioning sensitive data amongst multiple adversaries. Proc. VLDB Endow. 6, 1594–1605 (2013)
Samarati, P.: Data security and privacy in the cloud. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 28–41. Springer, Cham (2014). doi:10.1007/978-3-319-06320-1_4
Acknowledgments
This Research was partially supported by LSBD/UFC and CNPQ - Brazil. We acknowledge that this work is a partial result of the Automatic Management of Cloud Databases project supported by CNPq (MCTI/CNPq 14/2014 - Universal) under grant number 446090/2014-0.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Branco, E.C., Monteiro, J.M., Reis, R., Machado, J.C. (2017). A New Mechanism to Preserving Data Confidentiality in Cloud Database Scenarios. In: Hammoudi, S., Maciaszek, L., Missikoff, M., Camp, O., Cordeiro, J. (eds) Enterprise Information Systems. ICEIS 2016. Lecture Notes in Business Information Processing, vol 291. Springer, Cham. https://doi.org/10.1007/978-3-319-62386-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-62386-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62385-6
Online ISBN: 978-3-319-62386-3
eBook Packages: Computer ScienceComputer Science (R0)