Privacy-preserving OLTP database systems with OLAP support

Migration of data storage and processing appliances to the cloud is a stable trend in recent years. As many confirm, enterprises could gain various managerial and financial advantages from such change. However, at the same time, new security risks arise. In particular, certain risks of confidential...

Full description

Saved in:
Bibliographic Details
Main Author: Sidorov, Vasily
Other Authors: Ng Wee Keong
Format: Theses and Dissertations
Language:English
Published: 2016
Subjects:
Online Access:https://hdl.handle.net/10356/66931
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-66931
record_format dspace
spelling sg-ntu-dr.10356-669312023-03-04T00:38:36Z Privacy-preserving OLTP database systems with OLAP support Sidorov, Vasily Ng Wee Keong School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering::Data::Data encryption DRNTU::Engineering::Computer science and engineering::Information systems::Database management DRNTU::Engineering::Computer science and engineering::Information systems::Information storage and retrieval Migration of data storage and processing appliances to the cloud is a stable trend in recent years. As many confirm, enterprises could gain various managerial and financial advantages from such change. However, at the same time, new security risks arise. In particular, certain risks of confidential data leaks. Using cloud platforms typically means losing control over the hardware, which might be considered advantageous from many points of view, but aggravates the security risks and blocks some approaches to their mitigation. Additionally, the cloud platform provider itself could be considered a security threat. Encryption of the data could alleviate the problem for the storage, but being done in a directly, it makes processing of the data in the cloud impossible. Specifically, cloud-hosted database systems are very affected. Typically, database systems store large amounts of sensitive, confidential information; and typically, they are expected to be able to carry out complex data processing tasks—either transactional or analytical. Thus, finding a way for a cloud-hosted database system to operate the data it stores in a privacy-preserving manner is a demanded research direction. This work is dedicated to a careful and systematic investigation of this issue. Even though the history of relational database systems is now more than 40 years long, and many approaches had time to get standardized, there still is a notable diversity in practical database systems, many of which have a narrow purpose orientation, and many make attempts to be more or less universal. Moreover, the notion of "data security" is very diverse and volatile by itself; it depends on many factors, including the level of importance of specific data, and the set of threats it needs to be protected from. It is thus reasonable to explore abstract database models and abstract security models, and investigate how they interact, how they behave when combined, and how the database has to adapt its protocols in order to function under the security model. This work theoretically considers an abstract relational database system that is able to execute data processing primitives over encrypted data, and combine these primitives into more or less arbitrary sequences, which gives way to supporting significant subsets of SQL over encrypted data. The work also considers practical implementations of sample encrypted processing primitives and demonstrates a proof-of-concept encrypted database system, which shows that the theoretical model that is developed and discussed in this work is feasible in practice. DOCTOR OF PHILOSOPHY (SCE) 2016-05-05T08:24:03Z 2016-05-05T08:24:03Z 2016 Thesis Sidorov, V. (2016). Privacy-preserving OLTP database systems with OLAP support. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/66931 10.32657/10356/66931 en 150 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic DRNTU::Engineering::Computer science and engineering::Data::Data encryption
DRNTU::Engineering::Computer science and engineering::Information systems::Database management
DRNTU::Engineering::Computer science and engineering::Information systems::Information storage and retrieval
spellingShingle DRNTU::Engineering::Computer science and engineering::Data::Data encryption
DRNTU::Engineering::Computer science and engineering::Information systems::Database management
DRNTU::Engineering::Computer science and engineering::Information systems::Information storage and retrieval
Sidorov, Vasily
Privacy-preserving OLTP database systems with OLAP support
description Migration of data storage and processing appliances to the cloud is a stable trend in recent years. As many confirm, enterprises could gain various managerial and financial advantages from such change. However, at the same time, new security risks arise. In particular, certain risks of confidential data leaks. Using cloud platforms typically means losing control over the hardware, which might be considered advantageous from many points of view, but aggravates the security risks and blocks some approaches to their mitigation. Additionally, the cloud platform provider itself could be considered a security threat. Encryption of the data could alleviate the problem for the storage, but being done in a directly, it makes processing of the data in the cloud impossible. Specifically, cloud-hosted database systems are very affected. Typically, database systems store large amounts of sensitive, confidential information; and typically, they are expected to be able to carry out complex data processing tasks—either transactional or analytical. Thus, finding a way for a cloud-hosted database system to operate the data it stores in a privacy-preserving manner is a demanded research direction. This work is dedicated to a careful and systematic investigation of this issue. Even though the history of relational database systems is now more than 40 years long, and many approaches had time to get standardized, there still is a notable diversity in practical database systems, many of which have a narrow purpose orientation, and many make attempts to be more or less universal. Moreover, the notion of "data security" is very diverse and volatile by itself; it depends on many factors, including the level of importance of specific data, and the set of threats it needs to be protected from. It is thus reasonable to explore abstract database models and abstract security models, and investigate how they interact, how they behave when combined, and how the database has to adapt its protocols in order to function under the security model. This work theoretically considers an abstract relational database system that is able to execute data processing primitives over encrypted data, and combine these primitives into more or less arbitrary sequences, which gives way to supporting significant subsets of SQL over encrypted data. The work also considers practical implementations of sample encrypted processing primitives and demonstrates a proof-of-concept encrypted database system, which shows that the theoretical model that is developed and discussed in this work is feasible in practice.
author2 Ng Wee Keong
author_facet Ng Wee Keong
Sidorov, Vasily
format Theses and Dissertations
author Sidorov, Vasily
author_sort Sidorov, Vasily
title Privacy-preserving OLTP database systems with OLAP support
title_short Privacy-preserving OLTP database systems with OLAP support
title_full Privacy-preserving OLTP database systems with OLAP support
title_fullStr Privacy-preserving OLTP database systems with OLAP support
title_full_unstemmed Privacy-preserving OLTP database systems with OLAP support
title_sort privacy-preserving oltp database systems with olap support
publishDate 2016
url https://hdl.handle.net/10356/66931
_version_ 1759857457012670464