Article

Query execution assurance for outsourced databases

Author:

Radu SionAuthors Info & Claims

VLDB '05: Proceedings of the 31st international conference on Very large data bases

Pages 601 - 612

Published: 30 August 2005 Publication History

Abstract

In this paper we propose and analyze a method for proofs of actual query execution in an outsourced database framework, in which a client outsources its data management needs to a specialized provider. The solution is not limited to simple selection predicate queries but handles arbitrary query types. While this work focuses mainly on read-only, compute-intensive (e.g. data-mining) queries, it also provides preliminary mechanisms for handling data updates (at additional costs). We introduce query execution proofs; for each executed batch of queries the database service provider is required to provide a strong cryptographic proof that provides assurance that the queries were actually executed correctly over their entire target data set. We implement a proof of concept and present experimental results in a real-world data mining application, proving the deployment feasibility of our solution. We analyze the solution and show that its overheads are reasonable and are far outweighed by the added security benefits. For example an assurance level of over 95% can be achieved with less than 25% execution time overhead.

References

[1]

IBM Data Encryption for DB2. Online at http://www.ibm.com/software/data/db2.

[2]

Oracle: Database Encryption in Oracle 10g. Online at http://www.oracle.com/database.

[3]

SETI @ Home. Online at http://setiathome.ssl.berkeley.edu.

[4]

Gagan Aggarwal, Mayank Bawa, Prasanna Ganesan, Hector Garcia-Molina, Krishnaram Kenthapadi, Rajeev Motwani, Utkarsh Srivastava, Dilys Thomas, and Ying Xu. Two can keep a secret: A distributed architecture for secure database services. In Proceedings of the Second Conference on Innovative Data Systems Research, 2005.

[5]

Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. Hippocratic databases. In Proceedings of the International Conference on Very Large Databases VLDB, pages 143--154, 2002.

Digital Library

[6]

Rakesh Agrawal and Ramakrishnan Srikant. Privacy-preserving data mining. In Proceedings of the ACM SIGMOD, pages 439--450, 2000.

Digital Library

[7]

Elisa Bertino, M. Braun, Silvana Castano, Elena Ferrari, and Marco Mesiti. Author-X: A Java-Based System for XML Data Protection. In IFIP Workshop on Database Security, pages 15--26, 2000.

Digital Library

[8]

Elisa Bertino, Sushil Jajodia, and Pierangela Samarati. A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems, 17(2), 1999.

Digital Library

[9]

D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In EuroCrypt, 2003.

Digital Library

[10]

Jim Challenger, Paul Dantzig, and Arun Iyengar. A scalable and highly available system for serving dynamic data at frequently accessed web sites. In Proceedings of the 1998 High Performance Networking and Computing Conference, Orlando, Fl, 1998.

Digital Library

[11]

Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. In IEEE Symposium on Foundations of Computer Science, pages 41--50, 1995.

Digital Library

[12]

Chris Clifton, Murat Kantarcioglu, AnHai Doan, Gunther Schadow, Jaideep Vaidya, Ahmed Elmagarmid, and Dan Suciu. Privacy-preserving data integration and sharing. In The 9th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery, pages 19--26. ACM Press, 2004.

Digital Library

[13]

Chris Clifton and Don Marks. Security and privacy implications of data mining. In Workshop on Data Mining and Knowledge Discovery, pages 15--19, Montreal, Canada, 1996. Computer Sciences, University of British Columbia.

[14]

Premkumar T. Devanbu, Michael Gertz, Chip Martel, and Stuart G. Stubblebine. Authentic third-party data publication. In IFIP Workshop on Database Security, pages 101--112, 2000.

Digital Library

[15]

Irini Fundulaki and Maarten Marx. Specifying access control policies for xml documents with xpath. In The ACM Symposium on Access Control Models and Technologies, pages 61--69. ACM Press, 2004.

Digital Library

[16]

Philippe Golle and Ilya Mironov. Uncheatable distributed computations. In Proceedings of the 2001 Conference on Topics in Cryptology, pages 425--440. Springer-Verlag, 2001.

Digital Library

[17]

H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the ACM SIGMOD international conference on Management of data, pages 216--227. ACM Press, 2002.

Digital Library

[18]

H. Hacigumus, B. R. Iyer, and S. Mehrotra. Providing database as a service. In IEEE International Conference on Data Engineering (ICDE), 2002.

Digital Library

[19]

J. Hale, J. Threet, and S. Shenoi. A framework for high assurance security of distributed objects, 1997.

Digital Library

[20]

E. Hildebrandt and G. Saake. User Authentication in Multidatabase Systems. In R. R. Wagner, editor, Proceedings of the Ninth International Workshop on Database and Expert Systems Applications, August 26--28, 1998, Vienna, Austria, pages 281--286, Los Alamitos, CA, 1998. IEEE Computer Society Press.

Digital Library

[21]

B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu. A framework for efficient storage security in rdbms. 2003.

[22]

S. Jajodia, P. Samarati, and V. S. Subrahmanian. A logical language for expressing authorizations. In IEEE Symposium on Security and Privacy. Oakland, CA, pages 31--42, 1997.

Digital Library

[23]

S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In SIGMOD, 1997.

Digital Library

[24]

Li, Feigenbaum, and Grosof. A logic-based knowledge representation for authorization with delegation. In PCSFW: Proceedings of the 12th Computer Security Foundations Workshop, 1999.

Digital Library

[25]

Dahlia Malkhi and Michael Reiter. Byzantine quorum systems. In The ACM Symposium on Theory of Computing, pages 569--578. ACM Press, 1997.

Digital Library

[26]

C. Martel, G. Nuckolls, P. Devanbu, M. Gertz, A. Kwong, and S. Stubblebine. A general model for authenticated data structures. Technical report, 2001.

[27]

R. Merkle. Protocols for public key cryptosystems. In IEEE Symposium on Research in Security and Privacy, 1980.

[28]

E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced databases. In ISOC Symposium on Network and Distributed Systems Security NDSS, 2004.

[29]

M. Nyanchama and S. L. Osborn. Access rights administration in role-based security systems. In Proceedings of the IFIP Workshop on Database Security, pages 37--56, 1994.

Digital Library

[30]

Sylvia L. Osborn. Database security integration using role-based access control. In Proceedings of the IFIP Workshop on Database Security, pages 245--258, 2000.

Digital Library

[31]

Shariq Rizvi, Alberto Mendelzon, S. Sudarshan, and Prasan Roy. Extending query rewriting techniques for fine-grained access control. In Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pages 551--562. ACM Press, 2004.

Digital Library

[32]

Staab S., Bhargava B., Lilien L., Rosenthal A., Winslett M., Sloman M., Dillon T. S., Chang E., Hussain F. K., Nejdl W., Olmedilla D., and Kashyap V. The pudding of trust. IEEE Intelligent Systems, 19(5):74--88, 2004.

Digital Library

[33]

Ravi S. Sandhu. On five definitions of data integrity. In Proceedings of the IFIP Workshop on Database Security, pages 257--267, 1993.

Digital Library

[34]

Bruce Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C. Wiley & Sons, 1996.

Digital Library

Cited By

Xu GAmariucai GGuan Y(2017)Delegation of Computation with Verification OutsourcingIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2016.259834228:3(717-730)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TPDS.2016.2598342
Parno BHowell JGentry CRaykova M(2016)PinocchioCommunications of the ACM10.1145/285644959:2(103-112)Online publication date: 25-Jan-2016
https://dl.acm.org/doi/10.1145/2856449
Xu LZhang XWu XShi WPark JSquicciarini A(2015)ABSSProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699135(167-169)Online publication date: 2-Mar-2015
https://dl.acm.org/doi/10.1145/2699026.2699135
Show More Cited By

Index Terms

Query execution assurance for outsourced databases

Recommendations

Authenticated join processing in outsourced databases
SIGMOD '09: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data

Database outsourcing requires that a query server constructs a proof of result correctness, which can be verified by the client using the data owner's signature. Previous authentication techniques deal with range queries on a single relation using an ...
Query Access Assurance in Outsourced Databases

Query execution assurance is an important concept in defeating lazy servers in the database as a service model. We show that extending query execution assurance to outsourced databases with multiple data owners is highly inefficient. To cope with lazy ...
Query assurance verification for outsourced multi-dimensional databases
Selected papers from the Third and Fourth Secure Data Management (SDM) workshops

In data outsourcing model, data owners engage third-party data servers (called publishers) to manage their data and process queries on their behalf. As these publishers may be untrusted or susceptible to attacks, it could produce incorrect query results ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

VLDB '05: Proceedings of the 31st international conference on Very large data bases

August 2005

1392 pages

ISBN:1595931546

General Chair:
Kjell Bratbergsengen
Norwegian University of Science & Technology, Trondheim, Norway

Publisher

VLDB Endowment

Publication History

Published: 30 August 2005

Qualifiers

Article

Conference

ICMI05

ICMI05: Seventh International Conference on Multimodal Interfaces 2005

August 30 - September 2, 2005

Trondheim, Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
799
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xu GAmariucai GGuan Y(2017)Delegation of Computation with Verification OutsourcingIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2016.259834228:3(717-730)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1109/TPDS.2016.2598342
Parno BHowell JGentry CRaykova M(2016)PinocchioCommunications of the ACM10.1145/285644959:2(103-112)Online publication date: 25-Jan-2016
https://dl.acm.org/doi/10.1145/2856449
Xu LZhang XWu XShi WPark JSquicciarini A(2015)ABSSProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699135(167-169)Online publication date: 2-Mar-2015
https://dl.acm.org/doi/10.1145/2699026.2699135
Yung DYu Li Lo EMan Lung Yiu (2015)Efficient Authentication of Continuously Moving $k$ NN QueriesIEEE Transactions on Mobile Computing10.1109/TMC.2014.236520314:9(1806-1819)Online publication date: 1-Sep-2015
https://dl.acm.org/doi/10.1109/TMC.2014.2365203
Jianfeng Wang Xiaofeng Chen Xinyi Huang Ilsun You Yang Xiang (2015)Verifiable Auditing for Outsourced Database in Cloud ComputingIEEE Transactions on Computers10.1109/TC.2015.240103664:11(3293-3303)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1109/TC.2015.2401036
Le MKant KJajodia S(2014)Consistent Query Plan Generation in Secure Cooperative Data AccessProceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 856610.1007/978-3-662-43936-4_15(227-242)Online publication date: 14-Jul-2014
https://dl.acm.org/doi/10.1007/978-3-662-43936-4_15
Wei WYu T(2014)Integrity Assurance for Outsourced Databases without DBMS ModificationProceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 856610.1007/978-3-662-43936-4_1(1-16)Online publication date: 14-Jul-2014
https://dl.acm.org/doi/10.1007/978-3-662-43936-4_1
Dinh TDatta AMukherjee TMondal A(2013)Towards secure outsourcing of collaborative sensing and analytic applications to the cloud - the pCloud approachProceedings of the First International Workshop on Middleware for Cloud-enabled Sensing10.1145/2541603.2541606(1-6)Online publication date: 9-Dec-2013
https://dl.acm.org/doi/10.1145/2541603.2541606
Braun BFeldman ARen ZSetty SBlumberg AWalfish MKaminsky MDahlin M(2013)Verifying computations with stateProceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles10.1145/2517349.2522733(341-357)Online publication date: 3-Nov-2013
https://dl.acm.org/doi/10.1145/2517349.2522733
Xu GAmariucai GGuan YFatourou PTaubenfeld G(2013)Delegation of computation with verification outsourcingProceedings of the 2013 ACM symposium on Principles of distributed computing10.1145/2484239.2484253(393-402)Online publication date: 22-Jul-2013
https://dl.acm.org/doi/10.1145/2484239.2484253
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents