Abstract-Recent years have witnessed an increasing trend of enterprises outsource their IT services to third parties. A major concern in database outsourcing paradigm is integrity verification. Two important issues of integrity verification are correctness and completeness. In this paper, we consider these two issues for outsourced XML databases. We propose a novel auditing mechanism that provides the guarantees for both of them. Our experimental results demonstrate the effectiveness and efficiency of our approaches.
I. INTRODUCTIONAdvances in networking technologies and the continued growth of the Internet have triggered a new trend towards outsourcing data management and information technology to external service providers. However, the third-party service provider that in the database-as-service (DAS) model may not be trusted [10]. One of important security concerns in the database outsourcing paradigm is integrity; when a client receives a query result from the third-party service provider, he/she wants to be assured that the result is both correct and complete. Here correctness means that the answers are from the original database without being tampered with, while completeness means that the result includes all records in the original database that satisfy the query.The problem of providing security guarantee to outsourced databases has received considerable interests in recent years [11], [16], [18], [20], [23]. However, most of them only consider relational databases. As large amounts of data are stored in native XML database repositories now, there rises the need to consider integrity auditing of outsourced XML databases. In this paper, we focus on the mechanisms that provide both correctness and completeness auditing for XML databases that are hosted by untrusted third-party servers.We consider the system model that consists of three components, the data owner who possesses the original database, the third-party service provider, or the server, who hosts and manages the database from the data owner, and the verifier who validates the integrity of the server. Figure 1 shows the architecture of the system. We assume that the verifier can be the data owner him/herself. Thus the verifier may have limited resources such as disk space and computational power. One of our goals is to reduce the space overhead and computational complexity that is incurred by integrity auditing.We adapt the signature-based approach