Author
Mohamed Nabeel, Muhammad I. Sarfraz, Jianneng Cao, Elisa Bertino
Abstract
For efficient data management and economic benefits,
organizations are increasingly moving towards the paradigm
of “database as a service” where their data are managed by a
database management system (DBMS) hosted in a public cloud.
However, data are the most valuable asset in an organization, and
inappropriate data disclosure puts the organization’s business at
risk. Therefore, data are usually encrypted in order to preserve
their confidentiality. Past research has extensively investigated
query processing on encrypted data. However, a naive encryption
scheme negates the benefits provided by the use of a DBMS. In
particular, past research efforts do not have adequately addressed
flexible access control on encrypted data at different granularity
levels which is critical when data are shared among different
users and applications. Previous access control approaches in
the best case only support as minimum granularity level the
table column, by which the authorization is associated with an
entire column within a table. Other approaches only support
access control granularity at the database level, meaning that
authorizations are associated with the entire database, and thus
either a user can access the entire database or cannot access any
data item. In this paper, we propose DBMask, a novel solution
that supports fine-grained access control, including row and cell
level access control, when evaluating SQL queries on encrypted
data. Our solution does not require modification to the database
engine, and thus maximizes the reuse of the existing DBMS
infrastructures. Our experimental results show that our solution
is efficient and scalable to large datasets.
Key alpha
encrypted database, cloud computing, access control, confidentiality, privacy