skip to main content
10.1145/2699026.2699101acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
research-article

DBMask: Fine-Grained Access Control on Encrypted Relational Databases

Published: 02 March 2015 Publication History

Abstract

For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of "database as a service" by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.

References

[1]
A. Arasu, S. Blanas, K. Eguro, M. Joglekar, R. Kaushik, D. Kossmann, R. Ramamurthy, P. Upadhyaya, and R. Venkatesan. Secure database-as-a-service with cipherbase. In SIGMOD 2013, pages 1033--1036, New York, NY, USA. ACM.
[2]
M. R. Asghar, G. Russello, B. Crispo, and M. Ion. Supporting complex queries and access policies for multi-user encrypted databases. In CCSW 2013, pages 77--88. ACM.
[3]
S. Bajaj and R. Sion. Trusteddb: A trusted hardware based database with privacy and data confidentiality. In SIGMOD 2011, pages 205--216, New York, NY, USA. ACM.
[4]
S. Berkovits. How to broadcast a secret. In EUROCRYPT 1991, pages 535--541.
[5]
J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In SP 2007, pages 321--334, Washington, DC, USA. IEEE Computer Society.
[6]
A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO 2011, volume 6841 of Lecture Notes in Computer Science, pages 578--595. Springer Berlin Heidelberg, 2011.
[7]
J. Camenisch, M. Dubovitskaya, and G. Neven. Oblivious transfer with access control. In CCS 2009, pages 131--140, New York, NY, USA. ACM.
[8]
G. Chiou and W. Chen. Secure broadcasting using the secure lock. IEEE TSE, 15(8):929--934, Aug 1989.
[9]
R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: Improved definitions and efficient constructions. In CCS 2006, pages 79--88, New York, NY, USA. ACM.
[10]
E. Damiani, S. D. C. di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational dbmss. In CCS, pages 93--102, 2003.
[11]
M. Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. Fully homomorphic encryption over the integers. In H. Gilbert, editor, EUROCRYPT 2010, volume 6110 of Lecture Notes in Computer Science, pages 24--43. Springer Berlin Heidelberg.
[12]
C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC 2009, pages 169--178, New York, NY, USA. ACM.
[13]
H. Hacigümüs, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD 2002, pages 216--227.
[14]
B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In VLDB 2004, pages 720--731.
[15]
J. Li and N. Li. OACerts: Oblivious attribute certificates. IEEE TDSC, 3(4):340--352, 2006.
[16]
M. Nabeel and E. Bertino. Poster. towards attribute based group key management. In CCS 2011, pages 821--824.
[17]
M. Nabeel and E. Bertino. Attribute based group key management. To Appear in Transactions on Data Privacy, 2014.
[18]
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT 1999, pages 223--238.
[19]
T. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In CRYPTO 1992, pages 129--140, London, UK. Springer-Verlag.
[20]
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP 2011, pages 85--100.
[21]
B. K. Samanthula, G. Howser, Y. Elmehdwi, and S. Madria. An efficient and secure data sharing framework using homomorphic encryption in the cloud. In CLOUD-I 2012, pages 8--16. ACM, 2012.
[22]
C. Schnorr. Efficient identification and signatures for smart cards. In CRYPTO 1989, pages 239--252, New York, NY, USA. Springer-Verlag New York, Inc.
[23]
A. Shamir. How to share a secret. The Communication of ACM, 22:612--613, November 1979.
[24]
N. Shang, M. Nabeel, F. Paci, and E. Bertino. A privacy-preserving approach to policy-based content dissemination. In ICDE 2010, pages 944--955.
[25]
D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In SP 2000, pages 44--55.
[26]
S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich. Processing analytical queries over encrypted data. In PVLDB 2013, pages 289--300. VLDB Endowment.
[27]
S. Wang, D. Agrawal, and A. El Abbadi. A comprehensive framework for secure query processing on relational data in the cloud. In SDM 2011, pages 52--69.
[28]
S. Yu, C. Wang, K. Ren, and W. Lou. Attribute based data sharing with attribute revocation. In ASIACCS 2010, pages 261--270, New York, NY, USA. ACM.

Cited By

View all
  • (2024)EnC-IoT: An Efficient Encryption and Access Control Framework based on IPFS for Decentralized IoT2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00055(425-434)Online publication date: 6-May-2024
  • (2023)Zero Update Encryption Adjustment on Encrypted Database QueriesInformation Systems Security and Privacy10.1007/978-3-031-37807-2_2(25-47)Online publication date: 11-Jul-2023
  • (2022)Enabling personal consent in databasesProceedings of the VLDB Endowment10.14778/3489496.348951615:2(375-387)Online publication date: 4-Feb-2022
  • Show More Cited By

Index Terms

  1. DBMask: Fine-Grained Access Control on Encrypted Relational Databases

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        CODASPY '15: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
        March 2015
        362 pages
        ISBN:9781450331913
        DOI:10.1145/2699026
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 02 March 2015

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. attribute-based group key management
        2. database-as-a-service
        3. encrypted query processing

        Qualifiers

        • Research-article

        Funding Sources

        Conference

        CODASPY'15
        Sponsor:

        Acceptance Rates

        CODASPY '15 Paper Acceptance Rate 19 of 91 submissions, 21%;
        Overall Acceptance Rate 149 of 789 submissions, 19%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)27
        • Downloads (Last 6 weeks)2
        Reflects downloads up to 20 Jan 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2024)EnC-IoT: An Efficient Encryption and Access Control Framework based on IPFS for Decentralized IoT2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00055(425-434)Online publication date: 6-May-2024
        • (2023)Zero Update Encryption Adjustment on Encrypted Database QueriesInformation Systems Security and Privacy10.1007/978-3-031-37807-2_2(25-47)Online publication date: 11-Jul-2023
        • (2022)Enabling personal consent in databasesProceedings of the VLDB Endowment10.14778/3489496.348951615:2(375-387)Online publication date: 4-Feb-2022
        • (2021)An End to End Cloud Computing Privacy Framework Using Blind ProcessingResearch Anthology on Privatizing and Securing Data10.4018/978-1-7998-8954-0.ch019(406-427)Online publication date: 2021
        • (2021)Privacy-preserving Dynamic Symmetric Searchable Encryption with Controllable LeakageACM Transactions on Privacy and Security10.1145/344692024:3(1-35)Online publication date: 20-Apr-2021
        • (2021)Stateless Key Management Scheme for Proxy-Based Encrypted DatabasesComputer Networks, Big Data and IoT10.1007/978-981-16-0965-7_43(557-584)Online publication date: 22-Jun-2021
        • (2020)An End to End Cloud Computing Privacy Framework Using Blind ProcessingInternational Journal of Smart Security Technologies10.4018/IJSST.20200101017:1(1-20)Online publication date: 1-Jan-2020
        • (2020)GDPR Compliant Information Confidentiality Preservation in Big Data ProcessingIEEE Access10.1109/ACCESS.2020.30369168(205034-205050)Online publication date: 2020
        • (2020)Fine-Grained Access Control for Querying Over Encrypted Document-Oriented DatabaseInformation Systems Security and Privacy10.1007/978-3-030-49443-8_19(403-425)Online publication date: 28-Jun-2020
        • (2019)vABS: Towards Verifiable Attribute-Based Search Over Shared Cloud Data2019 IEEE 35th International Conference on Data Engineering (ICDE)10.1109/ICDE.2019.00231(2028-2031)Online publication date: Apr-2019
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media