Existing approaches for protecting sensitive information stored (outsourced) at external "honest-but-curious" servers are typically based on an overlying layer of encryption that is applied on the whole information, or use a combination of fragmentation and encryption. The computational load imposed by encryption makes such approaches not suitable for scenarios with lightweight clients. In this paper, we address this issue and propose a novel model for enforcing privacy requirements on the outsourced information which departs from encryption. The basic idea of our approach is to store a small portion of the data (just enough to break sensitive associations) on the client, which is trusted being under the data owner control, while storing the remaining information in clear form at the external (honest-but-curious) server. We model the problem and provide a solution for it aiming at minimizing the data stored at the client. We also illustrate the execution of queries on the fragmented information.
Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients / V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati - In: Data and applications security XXIII : 23. Annual IFIP WG 11.3 working conference : Montreal, Canada, july 2009 : proceedings / [a cura di] E. Gudes, J. Vaidya. - Berlin : Springer, 2009. - ISBN 9783642030062. - pp. 225-239 (( Intervento presentato al 23. convegno IFIP WG 11.3 Working Conference on Data and Applications Security tenutosi a Montreal nel 2009.
Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients
V. CirianiPrimo
;S. De Capitani di VimercatiSecondo
;S. Foresti;P. SamaratiUltimo
2009
Abstract
Existing approaches for protecting sensitive information stored (outsourced) at external "honest-but-curious" servers are typically based on an overlying layer of encryption that is applied on the whole information, or use a combination of fragmentation and encryption. The computational load imposed by encryption makes such approaches not suitable for scenarios with lightweight clients. In this paper, we address this issue and propose a novel model for enforcing privacy requirements on the outsourced information which departs from encryption. The basic idea of our approach is to store a small portion of the data (just enough to break sensitive associations) on the client, which is trusted being under the data owner control, while storing the remaining information in clear form at the external (honest-but-curious) server. We model the problem and provide a solution for it aiming at minimizing the data stored at the client. We also illustrate the execution of queries on the fragmented information.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
