DBMask: Encrypted Query Processing over an Encrypted Database
Project Members
Mohamed Nabeel, Jianneng Cao, Mohamed Sarfraz, Elisa Bertino
Mohamed Nabeel, Jianneng Cao, Mohamed Sarfraz, Elisa Bertino
Abstract
Many organizations are moving their data to cloud based relational databases to manage their data due to many economical benefits it offers. However, there are many other organizations hesitant to move their sensitive data to the cloud due to security and privacy concerns. One such concern is the confidentiality of the data stored in a relational cloud. Most commonly utilized technique is to encrypt the data before uploading to the cloud. However, a simple encryption negates the benefits provided by a relational database and makes it difficult to control access to the data. In this work, we propose an approach to preserve the confidentiality of the data stored in a relational database in the cloud while supporting relational operations over encrypted data. Further, our solution supports fine-grained access control when executing SQL queries over encrypted relational data. Our approach does not require modifications to the relational database engine and hence can utilize any existing relational database available in the cloud. DBMask, our prototype system, is implemented to demonstrate the feasibility of our approach on Amazon RDS, a public cloud based relational database service.