Privacy requirements have an increasing impact on the realization of modern applications. Technical considerations and many significant commercial and legal regulations demand today that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper we address this problem and propose a solution to enforce privacy over data collections by combining data fragmentation with encryption. The idea behind our approach is to use encryption as an underlying (conveniently available) measure for making data unintelligible, while exploiting fragmentation as a way to break sensitive associations between information.
Fragmentation and encryption to enforce privacy in data storage / V. Ciriani, S. DE CAPITANI DI VIMERCATI, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati (LECTURE NOTES IN COMPUTER SCIENCE). - In: Computer security : ESORICS 2007 / [a cura di] J. Biskup, J. Lopez. - Berlin : Springer, 2007. - ISBN 9783540748342. - pp. 171-186 (( Intervento presentato al 12. convegno European Symposium on Research in Computer Security tenutosi a Dresden nel 2007 [10.1007/978-3-540-74835-9_12].
Fragmentation and encryption to enforce privacy in data storage
V. CirianiPrimo
;S. DE CAPITANI DI VIMERCATISecondo
;S. Foresti;P. SamaratiUltimo
2007
Abstract
Privacy requirements have an increasing impact on the realization of modern applications. Technical considerations and many significant commercial and legal regulations demand today that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper we address this problem and propose a solution to enforce privacy over data collections by combining data fragmentation with encryption. The idea behind our approach is to use encryption as an underlying (conveniently available) measure for making data unintelligible, while exploiting fragmentation as a way to break sensitive associations between information.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
