Journal of the ACM (JACM)
Authentic Third-party Data Publication
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Verifying completeness of relational query results in data publishing
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Query execution assurance for outsourced databases
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Authentication of outsourced databases using signature aggregation and chaining
DASFAA'06 Proceedings of the 11th international conference on Database Systems for Advanced Applications
Encryption policies for regulating access to outsourced data
ACM Transactions on Database Systems (TODS)
Pluggable personal data servers
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
The networked and increasingly ubiquitous nature of today's data management services mandates assurances to detect and deter malicious or faulty behavior. This is particularly relevant for outsourced data frameworks in which clients place data management with specialized service providers. Clients are reluctant to place sensitive data under the control of a foreign party without assurances of confidentiality. Additionally, once outsourced, privacy and data access correctness (data integrity and query completeness) become paramount. Today's solutions are fundamentally insecure and vulnerable to illicit behavior, because they do not handle these dimensions. In this tutorial we will explore how to design and build robust, efficient, and scalable data outsourcing mechanisms providing strong security assurances of (1) correctness, (2) confidentiality, and (3) data access privacy. There exists a strong relationship between such assurances; for example, the lack of access pattern privacy usually allows for statistical attacks compromising data confidentiality. Confidentiality can be achieved by data encryption. However, to be practical, outsourced data services should allow expressive client queries (e.g., relational joins with arbitrary predicates) without compromising confidentiality. This is a hard problem because decryption keys cannot be directly provided to potentially untrusted servers. Moreover, if the remote server cannot be fully trusted, protocol correctness become essential. Therefore, solutions that do not address all three dimensions are incomplete and insecure.