Efficient secure query evaluation over encrypted XML databases

Hui Wang, Laks V.S. Lakshmanan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

109 Scopus citations

Abstract

Motivated by the "database-as-service" paradigm wherein data owned by a client is hosted on a third-party server, there is significant interest in secure query evaluation over encrypted databases. We consider this problem for XML databases. We consider an attack model where the attacker may possess exact knowledge about the domain values and their occurrence frequencies, and We wish to protect sensitive structural information as well as value associations. We capture such security requirements using a novel notion of security constraints. For security reasons, sensitive parts of the hosted database are encrypted. There is a tension between data security and efficiency of query evaluation for different granularities of encryption. We show that finding an optimal, secure encryption scheme is NP-hard. For speeding up query processing, we propose to keep metadata, consisting oi structure and value indices, on the server. We want to prevent the server, or an attacker who gains access to the server, from learning sensitive information in the database. We propose security properties for such a hosted XML database system to satisfy and prove that our proposal satisfies these properties. Intuitively, this means the attacker cannot improve his prior belief probability distribution about which candidate database led to the given encrypted database, by looking at the encrypted database as well as the metadata. We also prove that by observing a series of queries and their answers, the attacker cannot improve his prior belief probability distribution over which sensitive queries (structural or value associations) hold in the hosted database. Finally, we demonstrate with a detailed set of experiments that our techniques enable efficient query processing while satisfying the secu-rity properties defined in the paper.

Original languageEnglish
Title of host publicationVLDB 2006 - Proceedings of the 32nd International Conference on Very Large Data Bases
Pages127-138
Number of pages12
StatePublished - 2006
Event32nd International Conference on Very Large Data Bases, VLDB 2006 - Seoul, Korea, Republic of
Duration: 12 Sep 200615 Sep 2006

Publication series

NameVLDB 2006 - Proceedings of the 32nd International Conference on Very Large Data Bases

Conference

Conference32nd International Conference on Very Large Data Bases, VLDB 2006
Country/TerritoryKorea, Republic of
CitySeoul
Period12/09/0615/09/06

Fingerprint

Dive into the research topics of 'Efficient secure query evaluation over encrypted XML databases'. Together they form a unique fingerprint.

Cite this