skip to main content
10.1145/1755688.1755690acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Data protection in outsourcing scenarios: issues and directions

Published: 13 April 2010 Publication History

Abstract

Data outsourcing is an emerging paradigm that allows users and companies to give their (potentially sensitive) data to external servers that then become responsible for their storage, management, and dissemination. Although data outsourcing provides many benefits, especially for parties with limited resources for managing an ever more increasing amount of data, it introduces new privacy and security concerns. In this paper we discuss the main privacy issues to be addressed in data outsourcing, ranging from data confidentiality to data utility. We then illustrate the main research directions being investigated for providing effective data protection to data externally stored and for enabling their querying.

References

[1]
G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu. Two can keep a secret: a distributed architecture for secure database services. In Proc. of the Second Biennial Conference on Innovative Data Systems Research (CIDR 2005), Asilomar, CA, USA, January 2005.
[2]
R. Agrawal, J. Kierman, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proc. of ACM SIGMOD 2004, Paris, France, June 2004.
[3]
S. Akl and P. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer System, 1(3):239--248, August 1983.
[4]
M. Atallah, K. Frikken, and M. Blanton. Dynamic and efficient key management for access hierarchies. In Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, USA, November 2005.
[5]
D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In Proc. of the 4th Theory of Cryptography Conference (TCC 2007), Amsterdam, The Netherlands, February 2007.
[6]
C. Boyens and O. Günter. Using online services in untrusted environments - a privacy-preserving architecture. In Proc. of the 11th European Conference on Information Systems (ECIS 2003), Naples, Italy, June 2003.
[7]
A. Ceselli, E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security (TISSEC), 8(1):119--152, February 2005.
[8]
V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Fragmentation design for efficient query execution over sensitive distributed databases. In Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 2009.
[9]
V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Keep a few: Outsourcing data while maintaining confidentiality. In Proc. of the 14th European Symposium On Research In Computer Security (ESORICS 2009), Saint Malo, France, September 2009.
[10]
V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security (TISSEC), 2010. (to appear).
[11]
V. Ciriani, S. De Capitani di Vimercati, S. Foresti, and P. Samarati. k-Anonymity. In T. Yu and S. Jajodia, editors, Secure Data Management in Decentralized Systems. Springer-Verlag, 2007.
[12]
G. Cormode, D. Srivastava, T. Yu, and Q. Zhang. Anonymizing bipartite graph data using safe groupings. In Proc. of the 34th International Conference on Very Large Data Bases (VLDB 2008), Auckland, New Zealand, August 2008.
[13]
E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, DC, USA, October 2003.
[14]
T. K. Dang. Oblivious search and updates for outsourced tree-structured data on untrusted servers. International Journal of Computer Science & Applications, 2(2):67--84, 2005.
[15]
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: Management of access control evolution on outsourced data. In Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria, September 2007.
[16]
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Controlled information sharing in collaborative distributed query processing. In Proc. of the 28th International Conference on Distributed Computing Systems (ICDCS 2008), Beijing, China, June 2008.
[17]
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems, 2010. (to appear).
[18]
S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, and P. Samarati. Privacy of outsourced data. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. De Capitani di Vimercati, editors, Digital Privacy: Theory, Technologies and Practices. Auerbach Publications (Taylor and Francis Group), 2007.
[19]
G. Di Battista and B. Palazzi. Authenticated relational tables and authenticated skip lists. In Proc. of the 21th IFIP WG11.3 Working Conference on Data and Application Security, Redondo Beach, CA, USA, August 2007.
[20]
J. Domingo-Ferrer. A new privacy homomorphism and applications. Information Processing Letters, 60(5):277--282, December 1996.
[21]
W. Du and M. Atallah. Secure multi-party computation problems and their applications: A review and open problems. In Proc. of the New Security Paradigms Workshop (NSPW 2001), Cloudcroft, New Mexico, USA, September 2001.
[22]
C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of the 41st ACM Symposium on Theory of Computing (STOC 2009), Bethesda, Maryland, USA, May 2009.
[23]
O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431--473, May 1996.
[24]
H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In Proc. of ACM SIGMOD 2002, Madison, Wisconsin, USA, June 2002.
[25]
H. Hacigümüş, B. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of 18th International Conference on Data Engineering (ICDE 2002), San Jose, California, USA, February 2002.
[26]
H. Hacigümüş, B. Iyer, and S. Mehrotra. Efficient execution of aggregation queries over encrypted relational databases. In Proc. of the 9th International Conference on Database Systems for Advanced Applications (DASFAA 2004), Jeju Island, Korea, March 2004.
[27]
B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In Proc. of the 30th International Conference on Very Large Data Bases (VLDB 2004), Toronto, Canada, August-September 2004.
[28]
B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu. A framework for efficient storage security in RDBMS. In Proc. of International Conference on Extending Database Technology (EDBT 2004), Crete, Greece, March 2004.
[29]
P. Lin and K. Candan. Hiding traversal of tree structured data from untrusted data stores. In Proc. of the Workshop on Security In Information Systems (WOSIS 2004), Porto, Portugal, April 2004.
[30]
G. Miklau and D. Suciu. Controlling access to published data using cryptography. In Proc. of the 29th International Conference on Very Large Data Bases (VLDB 2003), Berlin, Germany, September 2003.
[31]
E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. ACM Transactions on Storage, 2(2):107--138, May 2006.
[32]
R. Rivest, L. Adleman, and M. Dertouzos. Foundations of Secure Computation, chapter On data banks and privacy homomorphisms, pages 169--179. Academic Press, Orlando, FL, USA, 1978.
[33]
P. Samarati. Protecting respondents' identities in microdata release. IEEE Transactions on Knowledge and Data Engineering, 13(6):1010--1027, November/December 2001.
[34]
B. Schneier. Applied Cryptography (2nd ed.). John Wiley & Sons, 1996.
[35]
D. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proc. of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA, May 2000.
[36]
H. Wang and L. Lakshmanan. Efficient secure query evaluation over encrypted XML databases. In Proc. of 32nd International Conference on Very Large Data Bases (VLDB 2006), Seoul, Korea, September 2006.
[37]
Z. Wang, W. Wang, and B. Shi. Storage and query over encrypted character and numerical data in database. In Proc. of the 5th International Conference on Computer and Information Technology (CIT 2005), Shanghai, China, September 2005.
[38]
P. Williams, R. Sion, and B. Carbunar. Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In Proc. of the 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, USA, October 2008.
[39]
M. Xie, H. Wang, J. Yin, and X. Meng. Integrity auditing of outsourced data. In Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria, September 2007.

Cited By

View all
  • (2024)PERSONAL DATA BREACH ON THE INTERNET: A CASE STUDY ON GOOGLE FONTBilişim Hukuku Dergisi10.55009/bilisimhukukudergisi.15101046:2(549-570)Online publication date: 30-Dec-2024
  • (2024)Analyzing Information Security Factors in Adoption of Intelligent Technologies for Medical Waste Management SystemsIEEE Transactions on Consumer Electronics10.1109/TCE.2023.334765070:1(2066-2077)Online publication date: Feb-2024
  • (2024)A comprehensive survey and taxonomy on privacy-preserving deep learningNeurocomputing10.1016/j.neucom.2024.127345576(127345)Online publication date: Apr-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '10: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
April 2010
363 pages
ISBN:9781605589367
DOI:10.1145/1755688
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 April 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access control
  2. confidentiality
  3. data fragmentation
  4. data outsourcing
  5. data protection
  6. encryption
  7. privacy

Qualifiers

  • Research-article

Funding Sources

Conference

ASIA CCS '10
Sponsor:

Acceptance Rates

ASIACCS '10 Paper Acceptance Rate 25 of 166 submissions, 15%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)34
  • Downloads (Last 6 weeks)4
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)PERSONAL DATA BREACH ON THE INTERNET: A CASE STUDY ON GOOGLE FONTBilişim Hukuku Dergisi10.55009/bilisimhukukudergisi.15101046:2(549-570)Online publication date: 30-Dec-2024
  • (2024)Analyzing Information Security Factors in Adoption of Intelligent Technologies for Medical Waste Management SystemsIEEE Transactions on Consumer Electronics10.1109/TCE.2023.334765070:1(2066-2077)Online publication date: Feb-2024
  • (2024)A comprehensive survey and taxonomy on privacy-preserving deep learningNeurocomputing10.1016/j.neucom.2024.127345576(127345)Online publication date: Apr-2024
  • (2024)A Review on Privacy Preservation in Cloud Computing and Recent TrendsMicro-Electronics and Telecommunication Engineering10.1007/978-981-99-9562-2_30(365-376)Online publication date: 22-Mar-2024
  • (2022)Complying With Data Handling Requirements in Cloud Storage SystemsIEEE Transactions on Cloud Computing10.1109/TCC.2020.300033610:3(1661-1674)Online publication date: 1-Jul-2022
  • (2022)Cloud Security2022 4th International Conference on Advances in Computing, Communication Control and Networking (ICAC3N)10.1109/ICAC3N56670.2022.10074139(1890-1894)Online publication date: 16-Dec-2022
  • (2022)Blockchain and Identity ManagementContext-Aware Systems and Applications10.1007/978-3-030-93179-7_15(192-204)Online publication date: 6-Jan-2022
  • (2021)Secure data outsourcing in presence of the inference problem: A graph-based approachJournal of Parallel and Distributed Computing10.1016/j.jpdc.2021.09.006Online publication date: Oct-2021
  • (2021)Role based access control using identity and broadcast based encryption for securing cloud dataJournal of Computer Virology and Hacking Techniques10.1007/s11416-021-00402-118:3(171-182)Online publication date: 18-Sep-2021
  • (2020)Secure data outsourcing in presence of the inference problem: issues and directionsJournal of Information and Telecommunication10.1080/24751839.2020.18196335:1(16-34)Online publication date: 24-Sep-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media