Sciweavers

DBSEC
2009

Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients

14 years 1 months ago
Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients
Existing approaches for protecting sensitive information stored (outsourced) at external "honest-but-curious" servers are typically based on an overlying layer of encryption that is applied on the whole information, or use a combination of fragmentation and encryption. The computational load imposed by encryption makes such approaches not suitable for scenarios with lightweight clients. In this paper, we address this issue and propose a novel model for enforcing privacy requirements on the outsourced information which departs from encryption. The basic idea of our approach is to store a small portion of the data (just enough to break sensitive associations) on the client, which is trusted being under the data owner control, while storing the remaining information in clear form at the external (honest-but-curious) server. We model the problem and provide a solution for it aiming at minimizing the data stored at the client. We also illustrate the execution of queries on the fra...
Valentina Ciriani, Sabrina De Capitani di Vimercat
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2009
Where DBSEC
Authors Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, Pierangela Samarati
Comments (0)