Skip to main content
SpringerLink
Log in

Privacy Changes Everything

  • Conference paper
  • First Online:
Book cover Heterogeneous Data Management, Polystores, and Analytics for Healthcare (DMAH 2019, Poly 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11721))

Abstract

We are storing and querying datasets with the private information of individuals at an unprecedented scale in settings ranging from IoT devices in smart homes to mining enormous collections of click trails for targeted advertising. Here, the privacy of the people described in these datasets is usually addressed as an afterthought, engineered on top of a DBMS optimized for performance. At best, these systems support security or managing access to sensitive data. This status quo has brought us a plethora of data breaches in the news. In response, governments are stepping in to enact privacy regulations such as the EU’s GDPR. We posit that there is an urgent need for trustworthy database system that offer end-to-end privacy guarantees for their records with user interfaces that closely resemble that of a relational database. As we shall see, these guarantees inform everything in the database’s design from how we store data to what query results we make available to untrusted clients.

In this position paper we first define trustworthy database systems and put their research challenges in the context of relevant tools and techniques from the security community. We then use this backdrop to walk through the “life of a query” in a trustworthy database system. We start with the query parsing and follow the query’s path as the system plans, optimizes, and executes it. We highlight how we will need to rethink each step to make it efficient, robust, and usable for database clients.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aggarwal, G., et al.: Two can keep a secret: a distributed architecture for secure database services. In: CIDR (2005)

    Google Scholar 

  2. Allen, L., et al.: Veritas: shared verifiable databases and tables in the cloud. In: 9th Biennial Conference on Innovative Data Systems Research (CIDR) (2019)

    Google Scholar 

  3. Arasu, A., et al.: Secure database-as-a-service with cipherbase. In: Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data, pp. 1033–1036. ACM (2013)

    Google Scholar 

  4. Balke, W.T., Güntzer, U.: Multi-objective query processing for database systems. In: Proceedings of the Thirtieth International Conference on Very Large Databases, vol. 30, pp. 936–947. VLDB Endowment (2004)

    Google Scholar 

  5. Bater, J., Elliott, G., Eggen, C., Goel, S., Kho, A., Rogers, J.: SMCQL: secure querying for federated databases. Proc. VLDB Endow. 10(6), 673–684 (2017)

    Article  Google Scholar 

  6. Bater, J., He, X., Ehrich, W., Machanavajjhala, A., Rogers, J.: Shrinkwrap: differentially-private query processing in private data federations. Proc. VLDB Endow. 12(3), 307–320 (2019)

    Article  Google Scholar 

  7. Bellare, M., Hoang, V.T., Keelveedhi, S., Rogaway, P.: Efficient garbling from a fixed-key blockcipher. In: 2013 IEEE Symposium on Security and Privacy, pp. 478–492. IEEE Computer Society Press, Berkeley, CA, USA, 19–22 May 2013

    Google Scholar 

  8. Benedikt, M., Leblay, J., Tsamoura, E.: Querying with access patterns and integrity constraints. Proc. VLDB Endow. 8(6), 690–701 (2015)

    Article  Google Scholar 

  9. Bogdanov, D., Kamm, L., Kubo, B., Rebane, R., Sokk, V., Talviste, R.: Students and taxes: a privacy-preserving social study using secure computation. In: Privacy Enhancing Technologies Symposium (PETS) (2016)

    Google Scholar 

  10. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13

    Chapter  Google Scholar 

  11. Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_20

    Chapter  Google Scholar 

  12. Chowdhury, A.R., Wang, C., He, X., Machanavajjhala, A., Jha, S.: Outis: crypto-assisted differential privacy on untrusted servers. arXiv preprint arXiv:1902.07756, pp. 1–30 (2019)

  13. Crockett, E., Peikert, C., Sharp, C.: Alchemy: a language and compiler for homomorphic encryption made easy. In: CCS (2018)

    Google Scholar 

  14. Deshpande, A., Ives, Z.G., Raman, V.: Adaptive query processing. Found. Trends Databases 1(1), 1–140 (2007)

    Article  Google Scholar 

  15. Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: Proceedings of the Twenty-Second ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, PODS 2003, pp. 202–210. ACM, New York, NY, USA (2003)

    Google Scholar 

  16. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  17. El-Hindi, M., Heyden, M., Binnig, C., Ramamurthy, R., Arasu, A., Kossmann, D.: BlockchainDB-towards a shared database on blockchains. In: Proceedings of the 2019 International Conference on Management of Data, pp. 1905–1908. ACM (2019)

    Google Scholar 

  18. Eskandarian, S., Zaharia, M.: An oblivious general-purpose SQL database for the cloud. arXiv preprint 1710.00458 (2017)

    Google Scholar 

  19. Ge, C., He, X., Ilyas, I.F., Machanavajjhala, A.: APEx: accuracy-aware differentially private data exploration. In: Proceedings of the 2019 International Conference on Management of Data, SIGMOD 2019, pp. 177–194. ACM, New York, NY, USA (2019). https://doi.org/10.1145/3299869.3300092

  20. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37

    Chapter  Google Scholar 

  21. Gentry, C.: Fully homomorphic eneryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM (2009)

    Google Scholar 

  22. Gentry, C., Halevi, S., Raykova, M., Wichs, D.: Outsourcing private RAM computation. In: 2014 IEEE 55th Annual Symposium on Foundations of Computer Science, pp. 404–413. IEEE (2014)

    Google Scholar 

  23. Gupta, D., Mood, B., Feigenbaum, J., Butler, K., Traynor, P.: Using intel software guard extensions for efficient two-party secure function evaluation. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 302–318. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_20

    Chapter  Google Scholar 

  24. He, Z., et al.: SDB: a secure query processing system with data interoperability. VLDB 8(12), 1876–1879 (2015). 2150-8097/15/08

    Google Scholar 

  25. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  26. Johnson, N., Near, J.P., Song, D.: Towards practical differential privacy for SQL queries. Proc. VLDB Endow. 11(5), 526–539 (2018). https://doi.org/10.1145/3187009.3177733

    Article  Google Scholar 

  27. Keller, M., Pastro, V., Rotaru, D.: Overdrive: making SPDZ great again. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 158–189. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_6

    Chapter  Google Scholar 

  28. Kotsogiannis, I., Tao, Y., Machanavajjhala, A., Miklau, G., Hay, M.: Architecting a differentially private SQL engine. In: CIDR (2019)

    Google Scholar 

  29. Kotsogiannis, I., et al.: PrivateSQL: a differentially private SQL engine. Proc. VLDB Endow. 12(12), 1371–1384 (2019)

    Article  Google Scholar 

  30. Krishnan, S., Yang, Z., Goldberg, K., Hellerstein, J., Stoica, I.: Learning to optimize join queries with deep reinforcement learning. arXiv preprint arXiv:1808.03196 (2018)

  31. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: ObliVM : a programming framework for secure computation, Oakland, pp. 359–376 (2015). https://doi.org/10.1109/SP.2015.29

  32. Marcus, R., Papaemmanouil, O.: Deep reinforcement learning for join order enumeration. In: Proceedings of the First International Workshop on Exploiting Artificial Intelligence Techniques for Data Management, p. 3. ACM (2018)

    Google Scholar 

  33. Markl, V., Lohman, G.M., Raman, V.: LEO: an autonomic query optimizer for DB2. IBM Syst. J. 42(1), 98–106 (2003)

    Article  Google Scholar 

  34. McGregor, A., Mironov, I., Pitassi, T., Reingold, O., Talwar, K., Vadhan, S.: The limits of two-party differential privacy. In: Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS 2010, pp. 81–90. IEEE Computer Society, Washington, DC, USA (2010). https://doi.org/10.1109/FOCS.2010.14

  35. McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, SIGMOD 2009, pp. 19–30. ACM, New York, NY, USA (2009). https://doi.org/10.1145/1559845.1559850

  36. Menon, P., Mowry, T.C., Pavlo, A.: Relaxed operator fusion for in-memory databases: making compilation, vectorization, and prefetching work together at last. Proc. VLDB Endow. 11(1), 1–13 (2017)

    Article  Google Scholar 

  37. Mironov, I., Pandey, O., Reingold, O., Vadhan, S.: Computational differential privacy. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 126–142. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_8

    Chapter  Google Scholar 

  38. Nathan, S., Govindarajan, C., Saraf, A., Sethi, M., Jayachandran, P.: Blockchain meets database: design and implementation of a blockchain relational database (2019)

    Article  Google Scholar 

  39. Neumann, T., Leis, V.: Compiling database queries into machine code. IEEE Data Eng. Bull. 37(1), 3–11 (2014)

    Google Scholar 

  40. Ortiz, J., Balazinska, M., Gehrke, J., Keerthi, S.S.: Learning state representations for query optimization with deep reinforcement learning. arXiv preprint arXiv:1803.08604 (2018)

  41. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252. IEEE (2013)

    Google Scholar 

  42. Pavlo, A., et al.: Self-driving database management systems. In: CIDR, vol. 4, p. 1 (2017)

    Google Scholar 

  43. Pirk, H., et al.: CPU and cache efficient management of memory-resident databases. In: 2013 IEEE 29th International Conference on Data Engineering (ICDE), pp. 14–25. IEEE (2013)

    Google Scholar 

  44. Popa, R., Redfield, C.: CryptDB: protecting confidentiality with encrypted query processing. In: SOSP, pp. 85–100 (2011). https://doi.org/10.1145/2043556.2043566

  45. Rajan, A., Qin, L., Archer, D.W., Boneh, D., Lepoint, T., Varia, M.: Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct. In: Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies, p. 49. ACM (2018)

    Google Scholar 

  46. Selinger, P.G., Astrahan, M.M., Chamberlin, D.D., Lorie, R.A., Price, T.G.: Access path selection in a relational database management system. In: SIGMOD, pp. 23–34 (1979). https://doi.org/10.1145/582095.582099

  47. Suresh, M., She, Z., Wallace, W., Lahlou, A., Rogers, J.: KloakDB: a platform for analyzing sensitive data with k-anonymous query processing. CoRR abs/1904.00411 (2019). http://arxiv.org/abs/1904.00411

  48. Trummer, I., Koch, C.: Multi-objective parametric query optimization. Proc. VLDB Endow. 8(3), 221–232 (2014)

    Article  Google Scholar 

  49. Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endow. 6(5), 289–300 (2013). https://doi.org/10.14778/2535573.2488336

    Article  Google Scholar 

  50. Volgushev, N., Schwarzkopf, M., Getchell, B., Varia, M., Lapets, A., Bestavros, A.: Conclave: secure multi-party computation on big data. In: European Conference on Computer Systems (2019)

    Google Scholar 

  51. Wang, F., Yun, C., Goldwasser, S., Vaikuntanathan, V., Zaharia, M.: Splinter: practical private queries on public data. In: NSDI, pp. 299–313 (2017)

    Google Scholar 

  52. Wang, W., Zhang, M., Chen, G., Jagadish, H.V., Ooi, B.C., Tan, K.L.: Database meets deep learning: challenges and opportunities. ACM SIGMOD Record 45(2), 17–22 (2016)

    Article  Google Scholar 

  53. Wang, X., Ranellucci, S., Katz, J.: Authenticated garbling and efficient maliciously secure two-party computation. In: CCS (2017)

    Google Scholar 

  54. Wang, X.S., et al.: Oblivious data structures. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS 2014, pp. 215–226 (2014). https://doi.org/10.1145/2660267.2660314

  55. Wei, Z., Leck, U., Link, S.: Entity integrity, referential integrity, and query optimization with embedded uniqueness constraints. In: ICDE (2019)

    Google Scholar 

  56. Wong, W.K., Kao, B., Cheung, D.W.L., Li, R., Yiu, S.M.: Secure query processing with data interoperability in a cloud database environment. In: SIGMOD, pp. 1395–1406. ACM (2014)

    Google Scholar 

  57. Yao, A.C.: Protocols for secure computations. In: FOCS, pp. 160–164. IEEE (1982)

    Google Scholar 

  58. Yao, A.C.C.: How to generate and exchange secrets (extended abstract). In: 27th FOCS, pp. 162–167. IEEE Computer Society Press, Toronto, Ontario, Canada, 27–29 October 1986

    Google Scholar 

  59. Zhang, Y., Genkin, D., Katz, J., Papadopoulos, D., Papamanthou, C.: vSQL: verifying arbitrary SQL queries over dynamic outsourced databases. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 863–880. IEEE (2017)

    Google Scholar 

  60. Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an Oblivious and Encrypted Distributed Analytics Platform. In: NSDI, pp. 283–298 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Northwestern University, Evanston, USA

    Jennie Rogers, Johes Bater, Madhav Suresh & Xiao Wang

  2. University of Waterloo, Waterloo, Canada

    Xi He

  3. Duke University, Durham, USA

    Ashwin Machanavajjhala

Authors
  1. Jennie Rogers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johes Bater
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xi He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ashwin Machanavajjhala
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Madhav Suresh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jennie Rogers .

Editor information

Editors and Affiliations

  1. Massachusetts Institute of Technology, Lexington, MA, USA

    Vijay Gadepally

  2. Intel Corporation, Portland, OR, USA

    Timothy Mattson

  3. Massachusetts Institute of Technology, Cambridge, MA, USA

    Michael Stonebraker

  4. Stony Brook University, Stony Brook, NY, USA

    Fusheng Wang

  5. University of Washington, Seattle, WA, USA

    Gang Luo

  6. Google, Mountain View, CA, USA

    Yanhui Laing

  7. Lucerne University of Applied Sciences, Rotkreuz, Switzerland

    Alevtina Dubovitskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rogers, J., Bater, J., He, X., Machanavajjhala, A., Suresh, M., Wang, X. (2019). Privacy Changes Everything. In: Gadepally, V., et al. Heterogeneous Data Management, Polystores, and Analytics for Healthcare. DMAH Poly 2019 2019. Lecture Notes in Computer Science(), vol 11721. Springer, Cham. https://doi.org/10.1007/978-3-030-33752-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-33752-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-33751-3

  • Online ISBN: 978-3-030-33752-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation