Databases Reference
In-Depth Information
3.2 XML Sharing
In [30] Bertino et al. discuss a solution for access control to XML data. They
deploy multi-key encryption such that only the appropriate parts of out-
sourced XML documents can be accessed by principals. In [32] (also in [28]),
they propose a mechanism deploying watermarking [23,69,92,115,116,120] to
protect ownership for outsourced medical data. Similarly, Carminati et al. en-
sure the confidentiality of XML in a distributed peer network by using access
rights and encryption keys associated with XML nodes [43]. They enforce the
authenticity and integrity of query answers using Merkle signatures [100]. This
complicates outsourcing of new documents as new Merkle trees will need to be
generated. To ensure query correctness, the server also stores encrypted query
templates containing the structure of the original documents. This solution is
insecure because it leaks decryption keys and content access patterns.
3.3 Secure Storage
Encrypted Storage.
Blaze's CFS [34], TCFS [44], EFS [101], StegFS [99],
and NCryptfs [124] are file systems that encrypt data before writing to stable
storage. NCryptfs is implemented as a layered file system [74] and is capable of
being used even over network file systems such as NFS. SFS [70] and BestCrypt
[82] are device driver level encryption systems. Encryption file systems and
device drivers protect the confidentiality of data, but do not allow for ecient
queries, search, correctness, or access privacy assurances.
Integrity-Assured Storage.
Tripwire [84,85] is a user level tool that verifies
stored file integrity at scheduled intervals of time. File systems such as I
3
FS
[83], GFS [62], and Checksummed NCryptfs [119] perform online real-time
integrity verification. Venti [109] is an archival storage system that performs
integrity assurance on read-only data. SUNDR [91] is a network file system
designed to store data securely on untrusted servers and allow clients to detect
unauthorized accesses as long as they see each other's file modifications.
3.4 Searches on Encrypted Data
Song et al. [121] propose a scheme for performing simple keyword search on
encrypted data in a scenario where a mobile, bandwidth-restricted user wishes
to store data on an untrusted server. The scheme requires the user to split the
data into fixed-size words and perform encryption and other transformations.
Drawbacks of this scheme include fixing the size of words, the complexities of
encryption and search, the inability of this approach to support access pat-
tern privacy, or retrieval correctness. Eu-Jin Goh [64] proposes to associate
indexes with documents stored on a server. A document's index is a Bloom
filter [35] containing a codeword for each unique word in the document. Chang
and Mitzenmacher [46] propose a similar approach, where the index associ-
ated with documents consists of a string of bits of length equal to the total
