Privacy-preserving OLTP database systems with OLAP support
Migration of data storage and processing appliances to the cloud is a stable trend in recent years. As many confirm, enterprises could gain various managerial and financial advantages from such change. However, at the same time, new security risks arise. In particular, certain risks of confidential...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Theses and Dissertations |
| Language: | English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/66931 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Migration of data storage and processing appliances to the cloud is a stable trend in recent years. As many confirm, enterprises could gain various managerial and financial advantages from such change. However, at the same time, new security risks arise. In particular, certain risks of confidential data leaks. Using cloud platforms typically means losing control over the hardware, which might be considered advantageous from many points of view, but aggravates the security risks and blocks some approaches to their mitigation. Additionally, the cloud platform provider itself could be considered a security threat. Encryption of the data could alleviate the problem for the storage, but being done in a directly, it makes processing of the data in the cloud impossible. Specifically, cloud-hosted database systems are very affected. Typically, database systems store large amounts of sensitive, confidential information; and typically, they are expected to be able to carry out complex data processing tasks—either transactional or analytical. Thus, finding a way for a cloud-hosted database system to operate the data it stores in a privacy-preserving manner is a demanded research direction. This work is dedicated to a careful and systematic investigation of this issue. Even though the history of relational database systems is now more than 40 years long, and many approaches had time to get standardized, there still is a notable diversity in practical database systems, many of which have a narrow purpose orientation, and many make attempts to be more or less universal. Moreover, the notion of "data security" is very diverse and volatile by itself; it depends on many factors, including the level of importance of specific data, and the set of threats it needs to be protected from. It is thus reasonable to explore abstract database models and abstract security models, and investigate how they interact, how they behave when combined, and how the database has to adapt its protocols in order to function under the security model. This work theoretically considers an abstract relational database system that is able to execute data processing primitives over encrypted data, and combine these primitives into more or less arbitrary sequences, which gives way to supporting significant subsets of SQL over encrypted data. The work also considers practical implementations of sample encrypted processing primitives and demonstrates a proof-of-concept encrypted database system, which shows that the theoretical model that is developed and discussed in this work is feasible in practice. |
|---|