Masking page reference patterns in encryption databases on untrusted storage

Authors:
Xi Ma;HweeHwa Pang;Kian-Lee Tan
Affiliations:
Department of Computer Science, National University of Singapore, Singapore;Institute for Infocomm Research, Singapore;Department of Computer Science, National University of Singapore, Singapore
Venue:
Data & Knowledge Engineering - Special issue: ER 2004
Year:
2006

Citing 18
Cited 0

File-system development with stackable layers

ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Informed prefetching and caching

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Software protection and simulation on oblivious RAMs

Journal of the ACM (JACM)
Computationally private information retrieval (extended abstract)

STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Private information retrieval

Journal of the ACM (JACM)
A database encryption system with subkeys

ACM Transactions on Database Systems (TODS)
Sequentiality and prefetching in database systems

ACM Transactions on Database Systems (TODS)
Secure dynamic adaptive traffic masking

Proceedings of the 1999 workshop on New security paradigms
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
OceanStore: an architecture for global-scale persistent storage

ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Cryptography and data security

Cryptography and data security
Executing SQL over encrypted data in the database-service-provider model

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
The Art of Deception: Controlling the Human Element of Security

The Art of Deception: Controlling the Human Element of Security
Providing Database as a Service

ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Anonymous Connections and Onion Routing

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Hiding Data Accesses in Steganographic File System

ICDE '04 Proceedings of the 20th International Conference on Data Engineering
Finding Constrained Frequent Episodes Using Minimal Occurrences

ICDM '04 Proceedings of the Fourth IEEE International Conference on Data Mining
Querying the internet with PIER

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29

Quantified Score

Hi-index	0.00

Visualization

Abstract

To support ubiquitous computing, the underlying data have to be persistent and available anywhere-anytime. The data thus have to migrate from devices that are local to individual computers, to shared storage volumes that are accessible over open network. This potentially exposes the data to heightened security risks. In particular, the activity on a database exhibits regular page reference patterns that could help attackers learn logical links among physical pages and then launch additional attacks. We propose two countermeasures to mitigate the risk of attacks initiated through analyzing the shared storage server's activity for those page patterns. The first countermeasure relocates data pages according to which page sequences they are in. The second countermeasure enhances the first by randomly prefetching pages from predicted page sequences. We have implemented the two countermeasures in MySQL, and experiment results demonstrate their effectiveness and practicality.