Distributed databases principles and systems
Distributed databases principles and systems
Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Trust Is not Enough: Privacy and Security in ASP and Web Service Environments
ADBIS '02 Proceedings of the 6th East European Conference on Advances in Databases and Information Systems
Privacy Preserving Data Mining
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Balancing confidentiality and efficiency in untrusted relational DBMSs
Proceedings of the 10th ACM conference on Computer and communications security
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
A generic approach for healthcare data anonymization
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Distributing Data for Secure Database Services
Transactions on Data Privacy
Hi-index | 0.00 |
We describe an architecture for a database service that does not assume that the service provider can be trusted. Unlike other architectures that address this problem, this architecture, which we call blind custodians, does not rely on encryption. Instead, it offers confidentiality by means of information dissociation: The server only stores “fragments” of information that are considered safe (i.e., each fragment does not violate privacy), while the client stores the associations between the fragments that are necessary to reconstruct the information. We argue that this architecture allows satisfactory confidentiality, while offering two important advantages: (1) It does not restrict the types of queries that can be submitted by clients (as encryption-based methods invariably do), and (2) it requires only light processing at the client, assigning the bulk of the processing to the server (as befits a true service). Moreover, the architecture permits flexible control over the level of confidentiality that should be maintained (at the cost of additional overhead).