Secure and Efficient Query Processing over Hybrid Clouds

Oktay, Kerim Yasin; Kantarcıoğlu, Murat; Mehrotra, Sharad

doi:10.1109/icde.2017.125

Cited by 23 publications

(36 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Work closest to ours has addressed the problem of protecting data confidentiality in distributed computations (e.g., [8,18,24]). In [24] the authors present an approach to collaboratively execute queries on data subject to access restrictions, considering different join evaluation strategies.…”

Section: Related Workmentioning

confidence: 99%

“…In [8] the authors provide a solution for restricting access and sharing of distributed data, which supports the explicit consideration of join paths in the authorizations. The proposal in [18] aims to protect computations in hybrid clouds, preventing flows of sensitive information to the public cloud. These works confirm the relevance of the problem, but focus on different aspects.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An authorization model for multi provider queries

et al. 2017

View full text Add to dashboard Cite

We present a novel approach for the specification and enforcement of authorizations that enables controlled data sharing for collaborative queries in the cloud. Data authorities can establish authorizations regulating access to their data distinguishing three visibility levels (no visibility, encrypted visibility, and plaintext visibility). Authorizations are enforced in the query execution by possibly restricting operation assignments to other parties and by adjusting visibility of data on-the-fly. Our approach enables users and data authorities to fully enjoy the benefits and economic savings of the competitive open cloud market, while maintaining control over data.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

An authorization model for multi provider queries

et al. 2017

View full text Add to dashboard Cite

show abstract

“…The discussion above focused on partitioned computing in hybrid clouds in the context of SQL queries and is based primarily on the work that appeared in [37]. Several other approaches to partitioned computing in the hybrid cloud have also been developed in the literature that, similar to the above-mentioned method, offer security by controlling data distribution between private and public clouds.…”

Section: Other Approaches To Partitioned Computingmentioning

confidence: 99%

Exploiting Data Sensitivity on Partitioned Data

Mehrotra

Oktay

Sharma

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Several researchers have proposed solutions for secure data outsourcing on the public clouds based on encryption, secret-sharing, and trusted hardware. Existing approaches, however, exhibit many limitations including high computational complexity, imperfect security, and information leakage. This chapter describes an emerging trend in secure data processing that recognizes that an entire dataset may not be sensitive, and hence, non-sensitivity of data can be exploited to overcome some of the limitations of existing encryption-based approaches. In particular, data and computation can be partitioned into sensitive or non-sensitive datasets -sensitive data can either be encrypted prior to outsourcing or stored/processed locally on trusted servers. The non-sensitive dataset, on the other hand, can be outsourced and processed in the cleartext. While partitioned computing can bring new efficiencies since it does not incur (expensive) encrypted data processing costs on non-sensitive data, it can lead to information leakage. We study partitioned computing in two contexts -first, in the context of the hybrid cloud where local resources are integrated with public cloud resources to form an effective and secure storage and computational platform for enterprise data. In the hybrid cloud, sensitive data is stored on the private cloud to prevent leakage and a computation is partitioned between private and public clouds. Care must be taken that the public cloud cannot infer any information about sensitive data from inter-cloud data access during query processing. We then consider partitioned computing in a public cloud only setting, where sensitive data is encrypted before outsourcing. We formally define a partitioned security criterion that any approach to partitioned computing on public clouds must ensure in order to not introduce any new vulnerabilities to the existing secure solution. We sketch out an approach to secure partitioned computing that we refer to as query binning (QB) and show how QB can be used to support selection queries. We evaluate conditions under which partitioned computing approaches such as QB can improve the performance of cryptographic approaches that are prone to size, frequency-count, and workload attacks.

show abstract

“…Given the state of the research, this paper explores a radically different approach to secure outsourcing that scales cryptographic mechanisms using database techniques while providing strong security guarantees. Our work is motivated by recent works on the hybrid cloud that has exploited the fact that for a large class of application contexts, data can be partitioned into sensitive and non-sensitive components [22]- [24]. Such a classification, which is common in industries for secure computing [25], [26] and done via appropriately using existing techniques surveyed in [27]; for example, (i) inference detection using graph-based semantic data modeling [28], (ii) user-defined relationships between sensitive and non-sensitive data [29], (iii) constraints-based mechanisms, (iv) sensitive patterns hiding using sanitization matrix [30], and (v) common knowledge-based association rules [31].…”

Section: Introductionmentioning

confidence: 99%

Partitioned Data Security on Outsourced Sensitive and Non-Sensitive Data

Mehrotra

Sharma

Ullman

et al. 2019

2019 IEEE 35th International Conference on Data Engineering (ICDE)

Self Cite

View full text Add to dashboard Cite

Despite extensive research on cryptography, secure and efficient query processing over outsourced data remains an open challenge. This paper continues along the emerging trend in secure data processing that recognizes that the entire dataset may not be sensitive, and hence, non-sensitivity of data can be exploited to overcome limitations of existing encryption-based approaches. We propose a new secure approach, entitled query binning (QB) that allows non-sensitive parts of the data to be outsourced in clear-text while guaranteeing that no information is leaked by the joint processing of non-sensitive data (in cleartext) and sensitive data (in encrypted form). QB maps a query to a set of queries over the sensitive and non-sensitive data in a way that no leakage will occur due to the joint processing over sensitive and non-sensitive data. Interestingly, in addition to improve performance, we show that QB actually strengthens the security of the underlying cryptographic technique by preventing size, frequency-count, and workload-skew attacks.

show abstract

Secure and Efficient Query Processing over Hybrid Clouds

Cited by 23 publications

References 21 publications

An authorization model for multi provider queries

An authorization model for multi provider queries

Exploiting Data Sensitivity on Partitioned Data

Partitioned Data Security on Outsourced Sensitive and Non-Sensitive Data

Contact Info

Product

Resources

About