ABSTRACT
Data outsourcing is an emerging paradigm that allows users and companies to give their (potentially sensitive) data to external servers that then become responsible for their storage, management, and dissemination. Although data outsourcing provides many benefits, especially for parties with limited resources for managing an ever more increasing amount of data, it introduces new privacy and security concerns. In this paper we discuss the main privacy issues to be addressed in data outsourcing, ranging from data confidentiality to data utility. We then illustrate the main research directions being investigated for providing effective data protection to data externally stored and for enabling their querying.
- G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu. Two can keep a secret: a distributed architecture for secure database services. In Proc. of the Second Biennial Conference on Innovative Data Systems Research (CIDR 2005), Asilomar, CA, USA, January 2005.Google Scholar
- R. Agrawal, J. Kierman, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proc. of ACM SIGMOD 2004, Paris, France, June 2004. Google ScholarDigital Library
- S. Akl and P. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer System, 1(3):239--248, August 1983. Google ScholarDigital Library
- M. Atallah, K. Frikken, and M. Blanton. Dynamic and efficient key management for access hierarchies. In Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, USA, November 2005. Google ScholarDigital Library
- D. Boneh and B. Waters. Conjunctive, subset, and range queries on encrypted data. In Proc. of the 4th Theory of Cryptography Conference (TCC 2007), Amsterdam, The Netherlands, February 2007. Google ScholarDigital Library
- C. Boyens and O. Günter. Using online services in untrusted environments - a privacy-preserving architecture. In Proc. of the 11th European Conference on Information Systems (ECIS 2003), Naples, Italy, June 2003.Google Scholar
- A. Ceselli, E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security (TISSEC), 8(1):119--152, February 2005. Google ScholarDigital Library
- V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Fragmentation design for efficient query execution over sensitive distributed databases. In Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 2009. Google ScholarDigital Library
- V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Keep a few: Outsourcing data while maintaining confidentiality. In Proc. of the 14th European Symposium On Research In Computer Security (ESORICS 2009), Saint Malo, France, September 2009. Google ScholarDigital Library
- V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security (TISSEC), 2010. (to appear). Google ScholarDigital Library
- V. Ciriani, S. De Capitani di Vimercati, S. Foresti, and P. Samarati. k-Anonymity. In T. Yu and S. Jajodia, editors, Secure Data Management in Decentralized Systems. Springer-Verlag, 2007.Google Scholar
- G. Cormode, D. Srivastava, T. Yu, and Q. Zhang. Anonymizing bipartite graph data using safe groupings. In Proc. of the 34th International Conference on Very Large Data Bases (VLDB 2008), Auckland, New Zealand, August 2008.Google ScholarDigital Library
- E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, DC, USA, October 2003. Google ScholarDigital Library
- T. K. Dang. Oblivious search and updates for outsourced tree-structured data on untrusted servers. International Journal of Computer Science & Applications, 2(2):67--84, 2005.Google Scholar
- S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: Management of access control evolution on outsourced data. In Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria, September 2007. Google ScholarDigital Library
- S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Controlled information sharing in collaborative distributed query processing. In Proc. of the 28th International Conference on Distributed Computing Systems (ICDCS 2008), Beijing, China, June 2008. Google ScholarDigital Library
- S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems, 2010. (to appear). Google ScholarDigital Library
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, and P. Samarati. Privacy of outsourced data. In A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. De Capitani di Vimercati, editors, Digital Privacy: Theory, Technologies and Practices. Auerbach Publications (Taylor and Francis Group), 2007.Google Scholar
- G. Di Battista and B. Palazzi. Authenticated relational tables and authenticated skip lists. In Proc. of the 21th IFIP WG11.3 Working Conference on Data and Application Security, Redondo Beach, CA, USA, August 2007. Google ScholarDigital Library
- J. Domingo-Ferrer. A new privacy homomorphism and applications. Information Processing Letters, 60(5):277--282, December 1996. Google ScholarDigital Library
- W. Du and M. Atallah. Secure multi-party computation problems and their applications: A review and open problems. In Proc. of the New Security Paradigms Workshop (NSPW 2001), Cloudcroft, New Mexico, USA, September 2001. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of the 41st ACM Symposium on Theory of Computing (STOC 2009), Bethesda, Maryland, USA, May 2009. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious RAMs. Journal of the ACM, 43(3):431--473, May 1996. Google ScholarDigital Library
- H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In Proc. of ACM SIGMOD 2002, Madison, Wisconsin, USA, June 2002. Google ScholarDigital Library
- H. Hacigümüş, B. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of 18th International Conference on Data Engineering (ICDE 2002), San Jose, California, USA, February 2002. Google ScholarDigital Library
- H. Hacigümüş, B. Iyer, and S. Mehrotra. Efficient execution of aggregation queries over encrypted relational databases. In Proc. of the 9th International Conference on Database Systems for Advanced Applications (DASFAA 2004), Jeju Island, Korea, March 2004.Google Scholar
- B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In Proc. of the 30th International Conference on Very Large Data Bases (VLDB 2004), Toronto, Canada, August-September 2004. Google ScholarDigital Library
- B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu. A framework for efficient storage security in RDBMS. In Proc. of International Conference on Extending Database Technology (EDBT 2004), Crete, Greece, March 2004.Google ScholarCross Ref
- P. Lin and K. Candan. Hiding traversal of tree structured data from untrusted data stores. In Proc. of the Workshop on Security In Information Systems (WOSIS 2004), Porto, Portugal, April 2004.Google Scholar
- G. Miklau and D. Suciu. Controlling access to published data using cryptography. In Proc. of the 29th International Conference on Very Large Data Bases (VLDB 2003), Berlin, Germany, September 2003. Google ScholarDigital Library
- E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. ACM Transactions on Storage, 2(2):107--138, May 2006. Google ScholarDigital Library
- R. Rivest, L. Adleman, and M. Dertouzos. Foundations of Secure Computation, chapter On data banks and privacy homomorphisms, pages 169--179. Academic Press, Orlando, FL, USA, 1978.Google Scholar
- P. Samarati. Protecting respondents' identities in microdata release. IEEE Transactions on Knowledge and Data Engineering, 13(6):1010--1027, November/December 2001. Google ScholarDigital Library
- B. Schneier. Applied Cryptography (2nd ed.). John Wiley & Sons, 1996.Google Scholar
- D. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proc. of the IEEE Symposium on Security and Privacy, Berkeley, CA, USA, May 2000. Google ScholarDigital Library
- H. Wang and L. Lakshmanan. Efficient secure query evaluation over encrypted XML databases. In Proc. of 32nd International Conference on Very Large Data Bases (VLDB 2006), Seoul, Korea, September 2006. Google ScholarDigital Library
- Z. Wang, W. Wang, and B. Shi. Storage and query over encrypted character and numerical data in database. In Proc. of the 5th International Conference on Computer and Information Technology (CIT 2005), Shanghai, China, September 2005. Google ScholarDigital Library
- P. Williams, R. Sion, and B. Carbunar. Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In Proc. of the 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, USA, October 2008. Google ScholarDigital Library
- M. Xie, H. Wang, J. Yin, and X. Meng. Integrity auditing of outsourced data. In Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria, September 2007. Google ScholarDigital Library
Index Terms
- Data protection in outsourcing scenarios: issues and directions
Recommendations
k-anonymity-based horizontal fragmentation to preserve privacy in data outsourcing
DBSec'12: Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and PrivacyThis paper proposes a horizontal fragmentation method to preserve privacy in data outsourcing. The basic idea is to identify sensitive tuples, anonymize them based on a privacy model and store them at the external server. The remaining non-sensitive ...
On opening sensitive data sets in light of GDPR
ICEGOV '19: Proceedings of the 12th International Conference on Theory and Practice of Electronic GovernanceDisclosure of personal data is considered as one of the main threats for data opening. In this contribution we consider the data that are sensitive in GDPR terms (for example, criminal justice data within the Dutch justice domain) and discuss how they ...
Confidentiality-Preserving query execution of fragmented outsourced data
ICT-EurAsia'13: Proceedings of the 2013 international conference on Information and Communication TechnologyEnsuring confidentiality of outsourced data continues to be an area of active research in the field of privacy protection. Almost all existing privacy-preserving approaches to address this problem rely on heavyweight cryptographic techniques with a ...
Comments