Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases
ICDCS '09 Proceedings of the 2009 29th IEEE International Conference on Distributed Computing Systems
Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Secure and efficient access to outsourced data
Proceedings of the 2009 ACM workshop on Cloud computing security
Data protection in outsourcing scenarios: issues and directions
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Keep a few: outsourcing data while maintaining confidentiality
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Horizontal fragmentation for data outsourcing with formula-based confidentiality constraints
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Selective data outsourcing for enforcing privacy
Journal of Computer Security - DBSEC 2008
Hi-index | 0.00 |
With the increasing cost of maintaining IT centers, there is a trend among organizations to outsource data management functions to a third-party service provider to reduce storage and computational cost. However, this opens the door for privacy violations. Existing approaches for protecting data confidentiality are based on encryption or a combination of encryption and fragmentation. In this paper, we propose an approach based only on fragmentation. In particular, we discuss the issue of employing both vertical and horizontal fragmentation to a database relation so that a minimum amount of data is stored at the owner. We represent the privacy (confidentiality) constraints as a graph. The constraint graph may have some cycles. We employ the two-coloring technique for the acyclic portion of the graph. We propose some heuristic algorithms to eliminate cycles and complete the coloring of all the nodes in the graph. This leads to an effective fragmentation process. The algorithm assigns one set of nodes to owner and the other to the external server. The proposed scheme considers both data dependent and data independent confidentiality constraints. In addition, it considers dependency constraints. We illustrate the proposed scheme using an example and show its efficacy. We provide proof of correctness for the proposed scheme.