数据库服务——安全与隐私保护

微信服务号

微信订阅号

2025年8月21日 17:27 星期四

首页 > 过刊浏览>2010年第21卷第5期 >991-1006

数据库服务——安全与隐私保护
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        田秀霞田秀霞
上海电力学院 计算机与信息工程学院,上海 200090 复旦大学 上海市智能信息处理重点实验室,上海 200433
在期刊界中查找
在百度中查找
在本站中查找
王晓玲王晓玲
华东师范大学 上海市高可信计算重点实验室,上海 200062
在期刊界中查找
在百度中查找
在本站中查找
高 明高 明
复旦大学 上海市智能信息处理重点实验室,上海 200433
在期刊界中查找
在百度中查找
在本站中查找
周傲英周傲英
复旦大学 上海市智能信息处理重点实验室,上海 200433 华东师范大学 上海市高可信计算重点实验室,上海 200062
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National Natural Science Foundation of China under Grant Nos.60673137, 60773075, 60925008 (国家自然科学基金); the National High-Tech Research and Development Plan of China under Grant No.2008AA01Z1470967 (国家高技术研究发展计划(863)), the Shanghai Leading Academic Discipline Project of China under Grant No.B412 (上海市重点学科建设项目); the ResearchFund for Excellent Youth Scholars of Shanghai Higher Education of China under Grant No.Z-2006-52 (上海市高校选拔优青教师科研专项基金)

Database as a Service?Security and Privacy Preserving

Author:

TIAN Xiu-Xia
TIAN Xiu-Xia

在期刊界中查找
在百度中查找
在本站中查找
WANG Xiao-Ling
WANG Xiao-Ling

在期刊界中查找
在百度中查找
在本站中查找
GAO Ming
GAO Ming

在期刊界中查找
在百度中查找
在本站中查找
ZHOU Ao-Ying
ZHOU Ao-Ying

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [57]

相似文献

引证文献

资源附件

文章评论

摘要:

主要从数据的机密性、数据的完整性、数据的完备性、查询隐私保护以及访问控制策略这5 个关键技术,综述国际上在数据库服务——安全与隐私保护方面的研究进展.数据的机密性主要从基于加密和基于数据分布展开分析;数据的完整性和完备性主要从基于签名、基于挑战-响应和基于概率的方法展开分析;查询隐私保护和访问控制策略主要从目前存在的问题展开分析.最后展望了数据库服务——安全与隐私保护领域未来的研究方向、存在的问题及面临的挑战.

关键词:数据库服务;数据的机密性;数据的完整性;数据的完备性;访问控制策略

Abstract:

This paper gives a summary of the secure and privacy preserving in database as a service (DaaS) from five primary techniques such as data confidentiality, data integrity, data completeness, query privacy preserving and access control policy. Data confidentiality is analyzed from the encrypted-based and division-based aspects; Data integrity and data completeness focus on the signature-based, challenge-response and probability-based aspects; Query privacy preserving and access control policy are analyzed mainly from exist problems. Finally, this paper gives the future research directions, existing problems and challenges of DaaS in the security and privacy preserving.

Key words:DaaS (database as a service); data confidentiality; data integrity; data completeness; access control policy

参考文献

[1] Hacigümüs H, Mehrotra S, Iyer B. Providing database as a service. In: Proc. of the Int’l Conf. on Data Engineering. Washington: IEEE Computer Society Press, 2002. 29?38.

[2] Mykletun E, Narasimha M, Tsudik G. Authentication and integrity in outsourced databases. ACM Trans. on Storage, 2006,2(2): 107?138.

[3] Schneier B, Wrote; Wu SZ, Zhu SX, Zhang WZ, Trans. Applied Cryptography?Protocols, Algorithms, and Source Code in C (Second Edition). Beijing: China Machine Press, 2006 (in Chinese).

[4] Shmueli E, Waisenberg R, Elovici Y, Gudes E. Designing secure indexes for encrypted databases. In: Proc. of the IFIP Conf. on Database and Applications Security. LNCS 3654, Heidelberg, Berlin: Sprnger-Verlag, 2005. 54?68.

[5] Yang ZQ, Zhong S, Wright RN. Privacy-Preserving queries on encrypted data. In: Proc. of the 11th European Symp. on Research in Computer Security. LNCS 4189, Heidelberg, Berlin: Springer-Verlag, 2006. 479?495.

[6] Davida GI, Wells DL, Kam JB. A database encryption system with subkeys. ACM Trans. on Database Systems, 1981,6(2):312?328. [doi: 10.1145/319566.319580]

[7] Song DX, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proc. of 2000 IEEE Symp. on Research in Security and Privacy. Washington: IEEE Computer Society Press, 2000. 44?55.

[8] Hacigümüs H, Iyer B, Mehrotra S, Li C. Executing SQL over encrypted data in the database service provider model. In: Proc. of the ACM SIGMOD Conf. New York: ACM Press, 2002. 216?227.

[9] ?zsoyoglu G, Singer DA, Chung SS. Anti-Tamper databases: Querying encrypted databases. In: Proc. of the 17th Annual IFIP WG 11.3 Working Conf. on Database Applications and Security. Cleveland: Case Western Reserve University, 2003. 133?146.

[10] Hore B, Mehrotra S, Tsudik G. A privacy-preserving index for range queries. In: Nascimento MA, ?zsu MT, Kossmann D, Miller, Blakeley RJJA, Schiefer KB, eds. Proc. of the 13th Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2004. 720?731.

[11] Agrawal R, Kiernan J, Srikant R, Xu YR. Order preserving encryption for numeric data. In: Proc. of the ACM SIGMOD Conf. New York: ACM Press, 2004. 563?574.

[12] Kantarcioglu M, Clifton C. Security issues in querying encrypted data. In: Proc. of the IFIP Conf. on Database and Applications Security. LNCS 3654, Heidelberg, Berlin: Springer-Verlag, 2005. 325?337.

[13] Li J, Omiecinski ER. Efficiency, security trade-off in supporting range queries on encrypted databases. In: Proc. of the IFIP Conf. on Database and Applications Security. LNCS 3654, Heidelberg, Berlin: Springer-Verlag, 2005. 69?83.

[14] Chung SS, Ozsoygolu G. Anti-Tamper databases: Processing aggregate queries over encrypted databases. In: Proc. of the 22nd Int’l Conf. on Data Engineering Workshops. LNCS 4127, Heidelberg, Berlin: Springer-Verlag, 2006. 89?103.

[15] Ge TJ, Zdonik SB. Answering aggregation queries in a secure system model. In: Koch C, Gehrke J, Garofalakis MN, Srivastava D, Aberer K, Deshpande A, Florescu D, Chan CY, Ganti V, Kanne CC, Klas W, Neuhold EJ, eds. Proc. of the 33rd Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2007. 519?530.

[16] Emekci F, Agrawal D, ElAbbadi AE. Abacus: A distributed middleware for privacy preserving data sharing across private data warehouses. In: Proc. of ACM/IFIP/USENIX the 6th Int’l Middleware Conf. LNCS 3790, Heidelberg, Berlin: Springer-Verlag, 2005. 21?41.

[17] Emekci F, Agrawal D, Abbadi AE, Gulbeden A. Privacy preserving query processing using third parties. In: Barga RS, Zhou XF, eds. Proc. of the Int’l Conf. on Data Engineering. Washington: IEEE Computer Society Press, 2006. 27.

[18] Cao ZF. The Public Cryptography. Harbin: Heilongjiang Education Press, 1993. 158?195 (in Chinese).

[19] Shamir A. How to share a secret. Communications of the ACM, 1979,22(11):612?613.

[20] Merkle RC. A certified digital signature. In: Proc. of the 9th Annual Int’l Cryptology Conf. on Advances in Cryptology. LNCS 435,Heidelberg, Berlin: Springer-Verlag, 1989. 218?238.

[21] Pang H, Jain A, Ramamritham K, Tan KL. Verifying completeness of relational query results in data publishing. In: Ozcan F, ed. Proc. of the ACM SIGMOD Conf. New York: ACM Press, 2005. 407?418.

[22] Narasimha M, Tsudik G. Authentication of outsourced database using signature aggregation and chaining. In: Lee ML, Tan KL, eds. Proc. of the 11th Int’l Conf. on Database Systems for Advanced Application. LNCS 3882, Heidelberg, Berlin: Springer-Verlag, 2006, 420?436.

[23] Sion R. Secure data outsourcing. In: Koch C, Gehrke J, Garofalakis MN, Srivastava D, Aberer K, Deshpande A, Florescu D, Chan CY, Ganti V, Kanne CC, Klas W, Neuhold EJ, eds. Proc. of the 33rd Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2007. 1431?1432.

[24] Xie M, Wang HS, Yin J, Meng XF. Integrity audit of outsourced data. In: Koch C, Gehrke J, Garofalakis MN, Srivastava D, Aberer K, Deshpande A, Florescu D, Chan CY, Ganti V, Kanne CC, Klas W, Neuhold EJ, eds. Proc. of the 33rd Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2007. 782?793.

[25] Xie M, Wang HX, Yin J, Meng XF. Providing freshness guarantees for outsourced databases. In: Kemper A, Valduriez P, Mouaddib N, Teubner J, Bouzeghoub M, Markl V, Amsaleg L, Manolescu I, eds. Proc. of the 11th Int’l Conf. on Extending Database Technology: Advances in Database Technology, Vol.261. New York: ACM Press, 2008. 323?332.

[26] Sion R. Query execution assurance for outsourced database. In: Bohm K, Jensen CS, eds. Proc. of the 31st Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2005. 601?612.

[27] Wang HX, Yin J, Perng CS, Yu PS. Dual encryption for query integrity assurance. In: Proc. of the 17th ACM Conf. on Information and Knowledge Management. New York: ACM Press, 2008. 863?872.

[28] Mouratidis K, Sacharidis D. Pang H. Partially materialized digest scheme: An efficient verification method for outsourced databases. The VLDB Journal, 2009,18(1):363?381. [doi: 10.1007/s00778-008-0108-z]

[29] Pang H, Tan KL. Verifying completeness of relational query answers from online servers. ACM Trans. on Information and System Security, 2008,11(2):1?50. [doi: 10.1145/1330332.1330337]

[30] Li FF, Hadjieleftheriou M, Kollios G, Reyzin L. Dynamic authenticated index structures for outsourced databases. In: Proc. of the ACM SIGMOD Conf. New York: ACM Press, 2006. 121?132.

[31] Chor B, Goldreich O, Kushilevitz E, Sudan M. Private information retrieval. Journal of the ACM, 1998,45(6):965?982. [doi: 10.1145/293347.293350]

[32] Razborov AA, Yekhanin S. An Ω(n1/3) lower bound for bilinear group-based private information retrieval. Theory of Computing, 2007,3(1):221?238. [doi: 10.4086/toc.2007.v003a012]

[33] Beime A, Stahl Y. Robust information-theoretic private information retrieval. Journal of Cryptology, 2002,20(3):295?321.

[34] Saint-Jean F. Java implementation of a single-database computationally symmetric private information retrieval (cSPIR) protocol. Technical Report, YALEU/DCS/TR-1333, Department of Computer Science, Yale University, 2005.

[35] Aggarwal G, Bawa M, Ganesan P, Garcia-Molina H, Kenthapadi K, Motwani R, Srivastava U, Thomas D, Xu Y. Two can keep a secret: A distributed architecture for secure database services. In: Proc. of the 2nd Biennial Conf. on Innovative Data Systems Research. 2005. 186?199.

[36] Gasarch W. A survey on private information retrieval. Bulletin of the EATCS, 2004,82:72?107.

[37] Yekhanin S. Towards 3-query locally decodable codes of subexponential length. Journal of the ACM, 2008,55(1):1?16.

[38] Kedlaya KS, Yekhanin S. Locally decodable codes from nice subsets of finite fields and prime factors of Mersenne numbers. In: Proc. of the 2008 IEEE 23rd Annual Conf. on Computational Complexity. Washington: IEEE Computer Society Press, 2007. 175?186.

[39] Sion R, Carbunar B. On the computational practicality of private information retrieval. 2007. http://citeseerx.ist.psu.edu/viewdoc/ summary?doi=10.1.1.70.793

[40] Goldberg I. Improving the robustness of private information retrieval. In: Proc. of the 2007 IEEE Symp. on Security and Privacy. Washington: IEEE Computer Society Press, 2007. 131?148.

[41] Damiani E, De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Key management for multi-user encrypted databases. In: Proc. of the ACM Workshop on Storage Security and Survivability. New York: ACM Press, 2005. 74?83.

[42] Zych A, Petkovi M. Key management method for cryptographically enforced access control. 2006. https://www.cosic.esat.kuleuven. be/wissec2006/papers/5.pdf

[43] Petkovi? M, Conrado C, Hammoutne M. Cryptographically enforced personalized role-based access control. In: Proc. of the 21st IFIP Int’l Information Security Conf. Boston: Springer-Verlag, 2006. 364?376.

[44] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. A data outsourcing architecture combining cryptography and access control. In: Proc. of the ACM Workshop on Computer Security Architecture. New York: ACM Press, 2007. 63?69.

[45] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Over-Encryption: Management of access control evolution on outsourced data. In: Koch C, Gehrke J, Garofalakis MN, Srivastava D, Aberer K, Deshpande A, Florescu D, Chan CY, Ganti V, Kanne CC, Klas W, Neuhold EJ, eds. Proc. of the 33rd Int’l Conf. on Very Large Data Bases. New York: ACM Press, 2007. 123?134.

[46] Damiani E, De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Selective data encryption in outsourced dynamic environments. Electronic Notes in Theoretical Computer Science, 2007,168:127?14. [doi: 10.1016/j.entcs.2006.11.003]

[47] Damiani E, De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P. Metadata management in outsourced encrypted databases. In: Jonker W, Petkovic M, eds. Proc. of the 4th VLDB Workshop on Secure Data Management (SDM 2007). LNCS 3674, Heidelberg: Springer-Verlag, 2007. 16?32.

[48] De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Pelosi G, Samarati P. Preserving confidentiality of security policies in data outsourcing. In: Proc. of the 7th ACM Workshop on Privacy in the Electronic Society. New York: ACM Press, 2008. 75?84.

[49] Miklau G, Suciu D. Controlling access to published data using cryptography. In: Freytag JC, Lockemann PC, eds. Proc. of the 29th VLDB. Berlin: VLDB Endowment, 2003. 898?909.

[50] Bertino E, Ferrale E. Secure and selective dissemination of XML documents. ACM Trans. on Information and System Security, 2002,5(3):290?331.

[51] Akl SG, Taylor PD. Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. on Computer System, 1983, 1(3):239?248. [doi: 10.1145/357369.357372]

[52] Anciaux N, Benzine M, Bouganim L, Pucheral P, Shasha D. Ghostdb: Querying visible and hidden data without leaks. In: Chan CY, Ooi BC, Zhou AY, eds. Proc. of the ACM SIGMOD Conf. New York: ACM Press, 2007. 677?688.

[53] Challenger D, Yoder K, Catherman R, Stafford D, Van Doorn L, Wrote; Zhao B, Yan F, Yu FJ, Trans. A Practical Guide to Trust Computing. Beijing: China Machine Press, 2009. 9?30 (in Chinese).

[54] Sion R. Trusted hardware: Can it be trustworthy? In: Proc. of the 44th Annual Design Automation Conf. New York: ACM Press, 2007. 1?4.

附中文参考文献: [3] Schneier B,著;吴世忠,祝世雄,张文政,译.应用密码学协议、算法与C 源程序.北京:机械工业出版社,2006.

[18] 曹珍富.公钥密码学.哈尔滨:黑龙江教育出版社,1993.158?195.

[53] Challenger D, Yoder K, Catherman R, Stafford D, Van Doorn L,著;赵波,严飞,余发江,译.可信计算.北京:机械工业出版社,2009. 9?30.

引用本文

田秀霞,王晓玲,高明,周傲英.数据库服务——安全与隐私保护.软件学报,2010,21(5):991-1006

复制

文章指标

点击次数:9708
下载次数: 21449
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2009-05-11
最后修改日期:2009-10-10
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码