Databases Reference
In-Depth Information
management a trustworthy solution, viable in both personal-level and large corpo-
rate settings.
1 Introduction
Today, sensitive data is being managed on remote servers maintained by third
party outsourcing vendors. This is because the total cost of data management
is 5-10 times higher than the initial acquisition costs [61]. In such an out-
sourced “database as a service” [72] model,
clients
outsource data manage-
ment to a “database service provider” that provides online access mechanisms
for querying and managing the hosted data sets.
This is advantageous and significantly more affordable for parties with
limited abilities to manage large in-house data centers of potentially large re-
source footprints. By comparison, database service providers [1-6, 6-9, 11-15]
- ranging from corporate-level services such as the IBM Data Center Out-
sourcing Services to personal level database hosting - have the advantage
of expertize consolidation. More-over, they are likely to be able to offer the
service much cheaper, with increased service availability (e.g. uptime) guar-
antees.
Notwithstanding these clear advantages, a data outsourcing paradigm
faces significant challenges to widespread adoption, especially in an online, un-
trusted environment. Current privacy guarantees of such services are at best
declarative and often subject customers to unreasonable fine-print clauses—
e.g., allowing the server operator (and thus malicious attackers gaining access
to its systems) to use customer behavior and content for commercial, profiling,
or governmental surveillance purposes [52]. Clients are naturally reluctant to
place sensitive data under the control of a foreign party without strong secu-
rity assurances of
correctness
,
confidentiality
, and data access
privacy
. These
assurances are essential for data outsourcing to become a sound and truly vi-
able alternative to in-house data management. However, developing assurance
mechanisms in such frameworks is challenging because the data is placed un-
der the authority of an external party whose honest behavior is not guaranteed
but rather needs to be ensured by this very solution.
In this chapter, we will explore the challenges of designing and implement-
ing robust, ecient, and scalable relational data outsourcing mechanisms,
with strong security assurances of
correctness
,
confidentiality
, and data access
privacy
. This is important because today's outsourced data services are fun-
damentally insecure and vulnerable to illicit behavior, as they do not handle
all three dimensions consistently and there exists a strong relationship be-
tween such assurances: e.g., the lack of access pattern privacy usually allows
for statistical attacks compromising data confidentiality. Even if privacy and
confidentiality are in place, to be practical, outsourced data services should
allow su
ciently expressive client queries (e.g., relational operators such as
JOINs with arbitrary predicates) without compromising confidentiality. This
