Security checking in relational database management systems augmented with inference engines
Computers and Security
The platform for privacy preferences
Communications of the ACM
On specifying security policies for web documents with an XML-based language
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible authentication of XML documents
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Network Security Essentials: Applications and Standards
Network Security Essentials: Applications and Standards
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
A temporal key management scheme for secure broadcasting of XML documents
Proceedings of the 9th ACM conference on Computer and communications security
Securing XML Documents with Author-X
IEEE Internet Computing
The Use of Conceptual Structures for Handling the Inference Problem
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Authentic Third-party Data Publication
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Providing Database as a Service
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Secure Third Party Distribution of XML Data
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Database Security-Concepts, Approaches, and Challenges
IEEE Transactions on Dependable and Secure Computing
Exploring Privacy Issues in Web Services Discovery Agencies
IEEE Security and Privacy
Securing XML data in third-party distribution systems
Proceedings of the 14th ACM international conference on Information and knowledge management
Directions for security and privacy for semantic e-business applications
Communications of the ACM - The semantic e-business vision
Dynamic authenticated index structures for outsourced databases
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Security and privacy for multimedia database management systems
Multimedia Tools and Applications
Distributed access control: a privacy-conscious approach
Proceedings of the 12th ACM symposium on Access control models and technologies
Proof-infused streams: enabling authentication of sliding window queries on streams
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
iDataGuard: middleware providing a secure network drive interface to untrusted internet data storage
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
Security for Enterprise Resource Planning Systems
Information Systems Security
Authenticating the query results of text search engines
Proceedings of the VLDB Endowment
Structural signatures for tree data structures
Proceedings of the VLDB Endowment
Access Control Friendly Query Verification for Outsourced Data Publishing
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Partially materialized digest scheme: an efficient verification method for outsourced databases
The VLDB Journal — The International Journal on Very Large Data Bases
Small synopses for group-by query verification on outsourced data streams
ACM Transactions on Database Systems (TODS)
Scalable verification for outsourced dynamic databases
Proceedings of the VLDB Endowment
Authenticated relational tables and authenticated skip lists
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Super-efficient verification of dynamic outsourced databases
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Authenticated Index Structures for Aggregation Queries
ACM Transactions on Information and System Security (TISSEC)
Access Control for Databases: Concepts and Systems
Foundations and Trends in Databases
Verified query results from hybrid authentication trees
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Web data protection: principles and research issues
EDBT'04 Proceedings of the 2004 international conference on Current Trends in Database Technology
An approach for XML inference control based on RDF
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Orchestrating access control in peer data management systems
EDBT'06 Proceedings of the 2006 international conference on Current Trends in Database Technology
Confidentiality enforcement for XML outsourced data
EDBT'06 Proceedings of the 2006 international conference on Current Trends in Database Technology
Efficient privacy preserving content based publish subscribe systems
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Efficient verification of web-content searching through authenticated web crawlers
Proceedings of the VLDB Endowment
Data security services, solutions and standards for outsourcing
Computer Standards & Interfaces
Security Issues for Cloud Computing
International Journal of Information Security and Privacy
Policy Enforcement System for Inter-Organizational Data Sharing
International Journal of Information Security and Privacy
A Privacy Agreement Negotiation Model in B2C E-Commerce Transactions
International Journal of Information Security and Privacy
Access control and query verification for untrusted databases
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
Hi-index | 0.00 |
Third-party architectures for data publishing over the Internet today are receiving growing attention, due to their scalability properties and to the ability of efficiently managing large number of subjects and great amount of data. In a third-party architecture, there is a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publishers are responsible for managing (a portion of) the Owner information and for answering subject queries. A relevant issue in this architecture is how the Owner can ensure a secure and selective publishing of its data, even if the data are managed by a third-party, which can prune some of the nodes of the original document on the basis of subject queries and access control policies. An approach can be that of requiring the Publisher to be trusted with regard to the considered security properties. However, the serious drawback of this solution is that large Web-based systems cannot be easily verified to be secure and can be easily penetrated. For these reasons, in this paper, we propose an alternative approach, based on the use of digital signature techniques, which does not require the Publisher to be trusted. The security properties we consider are authenticity and completeness of a query response, where completeness is intended with regard to the access control policies stated by the information Owner. In particular, we show that, by embedding in the query response one digital signature generated by the Owner and some hash values, a subject is able to locally verify the authenticity of a query response. Moreover, we present an approach that, for a wide range of queries, allows a subject to verify the completeness of query results.