Security in Outsourced Databases
Gene Tsudik - UC Irvine
Apr 07, 2004
AbstractContinued growth of the Internet and advances in networking have fostered an interesting new trend toward outsourcing data management and information technology needs to external Application Service Providers (ASPs).
By outsourcing, organizations can access business applications via the Internet or through private networks, rather than incurring substantial hardware, software and personnel costs to run applications in house. Database outsourcing is a recent manifestation of this trend. In the Outsourced Database
(ODB) model, a service provider is responsible for adequate software, hardware and network resources to host the clients' databases and also for providing efficient mechanisms to efficiently create, upate and access
(query) remote data.
The ODB model poses numerous research challenges which influence its overall performance, usability and scalability. One of the foremost challenges is the security of outsourced data. In ODB, a client stores its private data at an external (and not always fully trusted) service provider. Therefore, outsourced data must be protected from both malicious outsiders as well as from the service provider itself. This prompts the need for data authenticity/integrity and privacy techniques that differ from the usual database security issues. In this talk, we will overview research challenges in the ODB model, present some recent research results and discuss on-going relevant work.
About the SpeakerGene Tsudik is a Professor and Associate Dean of Research and Graduate Studies in the School of Information and Computer Science at the University of California, Irvine. He has been active in the area of internetworking, network security and applied cryptography since 1987. He obtained a Ph.D.
in Computer Science from USC in 1991; his dissertation focused on access control in internetworks. Before coming to UCI in 2000, he was a Project Leader at IBM Research, Zurich Laboratory (1991-1996) and USC Information Science Institute (1996-2000). Over the years, his research interests
included: routing, firewalls, authentication, mobile network security, secure e-commerce, anonymity, secure group communication, digital signatures, key management, ad hoc networks, and, more recently, database security.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.