Skip to main content
SpringerLink
Log in
Book cover

Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII pp 1–40Cite as

Keeping Secrets by Separation of Duties While Minimizing the Amount of Cloud Servers

  • Chapter
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((TLDKS,volume 10940))

Abstract

In this paper we address the problem of data confidentiality when outsourcing data to cloud service providers. In our separation of duties approach, the original data set is fragmented into insensitive subsets such that each subset can be managed by an independent cloud provider. Security policies are expressed as sets of confidentiality constraints that induce the fragmentation process. We assume that the different cloud providers do not communicate with each other so that only the actual data owner is able to link the subsets and reconstruct the original data set. While confidentiality is a hard constraint that has to be satisfied in our approach, we consider two further optimization goals (the minimization of the amount of cloud providers and the maximization of utility as defined by visibility constraints) as well as data dependencies that might lead to unwanted disclosure of data. We extend prior work by formally defining the confidentiality and optimization requirements as an optimization problem. We provide an integer linear program (ILP) formulation and analyze different settings of the problem. We present a prototype that exploits a distributed installation of several PostgreSQL database systems; we give an in-depth account of the sophisticated distributed query management that is enforced by defining views for the outsourced data sets and rewriting queries according to the fragments.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Aggarwal, G., et al.: Two can keep a secret: a distributed architecture for secure database services. In: The Second Biennial Conference on Innovative Data Systems Research (CIDR 2005) (2005)

    Google Scholar 

  2. Biskup, J., Preuß, M.: Database fragmentation with encryption: under which semantic constraints and a priori knowledge can two keep a secret? In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 17–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39256-6_2

    Chapter  Google Scholar 

  3. Biskup, J., Preuß, M.: Inference-proof data publishing by minimally weakening a database instance. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 30–49. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_3

    Chapter  Google Scholar 

  4. Biskup, J., Preuß, M., Wiese, L.: On the inference-proofness of database fragmentation satisfying confidentiality constraints. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 246–261. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_17

    Chapter  Google Scholar 

  5. Bollwein, F.: CloudDBSOD Client. http://www.uni-goettingen.de/de/558180.html

  6. Bollwein, F., Wiese, L.: Closeness constraints for separation of duties in cloud databases as an optimization problem. In: Calì, A., Wood, P., Martin, N., Poulovassilis, A. (eds.) BICOD 2017. LNCS, vol. 10365, pp. 133–145. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60795-5_14

    Chapter  Google Scholar 

  7. Bollwein, F., Wiese, L.: Separation of duties for multiple relations in cloud databases as an optimization problem. In: Proceedings of the 21st International Database Engineering and Applications Symposium, pp. 98–107. ACM (2017)

    Google Scholar 

  8. Canim, M., Kantarcioglu, M., Inan, A.: Query optimization in encrypted relational databases by vertical schema partitioning. In: Jonker, W., Petković, M. (eds.) SDM 2009. LNCS, vol. 5776, pp. 1–16. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04219-5_1

    Chapter  Google Scholar 

  9. Chakravarthy, S., Muthuraj, J., Varadarajan, R., Navathe, S.B.: An objective function for vertically partitioning relations in distributed databases and its analysis. Distrib. Parallel Databases 2(2), 183–207 (1994)

    Article  Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74835-9_12

    Chapter  Google Scholar 

  11. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation design for efficient query execution over sensitive distributed databases. In: ICDCS, pp. 32–39. IEEE Computer Society (2009)

    Google Scholar 

  12. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_27

    Chapter  Google Scholar 

  13. Ciriani, V., De Capitani Di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 22 (2010)

    Article  Google Scholar 

  14. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data outsourcing for enforcing privacy. J. Comput. Secur. 19(3), 531–566 (2011)

    Article  Google Scholar 

  15. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: An OBDD approach to enforce confidentiality and visibility constraints in data publishing. J. Comput. Secur. 20(5), 463–508 (2012)

    Article  Google Scholar 

  16. DBT-3. http://osdldbt.sourceforge.net/

  17. De Capitani di Vimercati, S., Erbacher, R.F., Foresti, S., Jajodia, S., Livraga, G., Samarati, P.: Encryption and fragmentation for data confidentiality in the cloud. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) FOSAD 2012-2013. LNCS, vol. 8604, pp. 212–243. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10082-1_8

    Chapter  MATH  Google Scholar 

  18. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Secure Comput. 11(6), 510–523 (2014)

    Article  Google Scholar 

  19. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragments and loose associations: respecting privacy in data publishing. Proc. VLDB Endow. 3(1–2), 1370–1381 (2010)

    Article  Google Scholar 

  20. Dwork, C.: Differential privacy: a survey of results. In: Agrawal, M., Du, D., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79228-4_1

    Chapter  MATH  Google Scholar 

  21. Göge, C., Waage, T., Homann, D., Wiese, L.: Improving fuzzy searchable encryption with direct bigram embedding. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds.) TrustBus 2017. LNCS, vol. 10442, pp. 115–129. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64483-7_8

    Chapter  Google Scholar 

  22. HammerDB. http://www.hammerdb.com/

  23. Homann, D., Göge, C., Wiese, L.: Dynamic similarity search over encrypted data with low leakage. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 19–35. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68063-7_2

    Chapter  Google Scholar 

  24. Hore, B., Jammalamadaka, R.C., Mehrotra, S.: Flexible anonymization for privacy preserving data publishing: a systematic search based approach. In: Seventh SIAM International Conference on Data Mining. SIAM (2007)

    Google Scholar 

  25. Jindal, A., Palatinus, E., Pavlov, V., Dittrich, J.: A comparison of knives for bread slicing. Proc. VLDB Endow. 6(6), 361–372 (2013)

    Article  Google Scholar 

  26. Özsu, M.T., Valduriez, P.: Principles of Distributed Database Systems. Springer, New York (2011). https://doi.org/10.1007/978-1-4419-8834-8

    Book  Google Scholar 

  27. Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)

    Article  Google Scholar 

  28. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(05), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  29. Transaction Processing Performance Council: TPC-E Benchmark Version 1.14.0. http://www.tpc.org/tpce/

  30. Transaction Processing Performance Council: TPC-H Benchmark Version 2.17.1. http://www.tpc.org/tpch/

  31. Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. In: Proceedings of the VLDB Endowment, vol. 6, pp. 289–300. VLDB Endowment (2013)

    Google Scholar 

  32. Waage, T., Homann, D., Wiese, L.: Practical application of order-preserving encryption in wide column stores. In: SECRYPT, pp. 352–359. SciTePress (2016)

    Google Scholar 

  33. Waage, T., Jhajj, R.S., Wiese, L.: Searchable encryption in Apache Cassandra. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 286–293. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30303-1_19

    Chapter  Google Scholar 

  34. Waage, T., Wiese, L.: Property preserving encryption in NoSQL wide column stores. In: Panetto, H., et al. (eds.) OTM 2017. LNCS, vol. 10574, pp. 3–21. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69459-7_1

    Chapter  Google Scholar 

  35. Wiese, L.: Horizontal fragmentation for data outsourcing with formula-based confidentiality constraints. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 101–116. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16825-3_8

    Chapter  Google Scholar 

  36. Wiese, L.: Advanced Data Management for SQL, NoSQL, Cloud and Distributed Databases. DeGruyter/Oldenbourg, Munich (2015)

    Google Scholar 

  37. Xiao, Y., Xiong, L., Yuan, C.: Differentially private data release through multidimensional partitioning. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 150–168. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15546-8_11

    Chapter  Google Scholar 

  38. Zakerzadeh, H., Aggarwal, C.C., Barker, K.: Managing dimensionality in data privacy anonymization. Knowl. Inf. Syst. 49(1), 341–373 (2016)

    Article  Google Scholar 

  39. Zhang, J., Xiao, X., Xie, X.: PrivTree: a differentially private algorithm for hierarchical decompositions. In: Proceedings of the 2016 International Conference on Management of Data, pp. 155–170. ACM (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computer Science, TU Clausthal, Clausthal-Zellerfeld, Germany

    Ferdinand Bollwein

  2. Institute of Computer Science, University of Goettingen, Göttingen, Germany

    Lena Wiese

Authors
  1. Ferdinand Bollwein
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lena Wiese
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lena Wiese .

Editor information

Editors and Affiliations

  1. IRIT, Paul Sabatier University, Toulouse, France

    Abdelkader Hameurlain

  2. FAW, University of Linz, Linz, Austria

    Roland Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer-Verlag GmbH Germany, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bollwein, F., Wiese, L. (2018). Keeping Secrets by Separation of Duties While Minimizing the Amount of Cloud Servers. In: Hameurlain, A., Wagner, R. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVII. Lecture Notes in Computer Science(), vol 10940. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-57932-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-57932-9_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-57931-2

  • Online ISBN: 978-3-662-57932-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation