Difference between revisions of "Journal:Secure data outsourcing in presence of the inference problem: Issues and directions"

From LIMSWiki
Jump to navigationJump to search
(Saving and adding more.)
(Saving and adding more.)
Line 33: Line 33:
==Introduction==
==Introduction==
In light of the increasing volume and variety of data from diverse sources—e.g., from health systems, social insurance systems, scientific and academic data systems, smart cities, and social networks—in-house storage and processing of large collections of data has becoming very costly. Hence, modern database systems have evolved from a centralized storage architecture to a distributed one, and with it the database- as-a-service paradigm has emerged. Data owners are increasingly moving their data to cloud service providers (CSPs) in order to increase flexibility, optimize storage, enhance data manipulation, and decrease processing times. Nonetheless, [[Cybersecurity|security]] concerns are widely recognized as a major barrier to [[cloud computing]] and other data outsourcing or database-as-a-service arrangements. Users remain reluctant to place their sensitive data in the cloud due to concerns about data disclosure to potentially untrusted external parties and other malicious parties.<ref name="XuDatabase15">{{cite journal |title=Database Fragmentation with Confidentiality Constraints: A Graph Search Approach |journal=Proceedings of the 5th ACM Conference on Data and Application Security and Privacy |author=Xu, X.; Xiong, L.; Liu, J. |pages=263–70 |year=2015 |doi=10.1145/2699026.2699121}}</ref> Being processed and stored externally, data owners feel they have little control over their sensitive data, consequently putting data privacy at risk. From this perspective, access control is a major challenge seeing that the security policy of a data owner must be preserved when data is moved to the cloud. Access control policies are enforced by CSPs by keeping some sensitive data separated from each other.<ref name="SamaratiData10">{{cite journal |title=Data protection in outsourcing scenarios: Issues and directions |journal=Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security |author=Samarati, P.; di Vimarcati, S.D.C. |pages=1–14 |year=2010 |doi=10.1145/1755688.1755690}}</ref> However, some techniques like [[encryption]] are helpful to better guarantee the confidentiality of data.<ref name="BiskupData13">{{cite journal |title=Database Fragmentation with Encryption: Under Which Semantic Constraints and A Priori Knowledge Can Two Keep a Secret? |journal=Data and Applications Security and Privacy XXVIII |author=Biskup, J.; Preuß, M. |pages=17–32 |year=2013 |doi=10.1007/978-3-642-39256-6_2}}</ref><ref name="BkakriaPreserv13">{{cite journal |title=Preserving Multi-relational Outsourced Databases Confidentiality using  Fragmentation and Encryption |journal=JoWUA |author=Bkakria, A.; Cuppens, F.; Cuppens-Boulahia, N. et al. |volume=4 |issue=2 |pages=39–62 |year=2013 |doi=10.22667/JOWUA.2013.06.31.039}}</ref><ref name="CirianiFrag07">{{cite journal |title=Fragmentation and Encryption to Enforce Privacy in Data Storage |journal=Computer Security - ESORICS 2007 |author=Ciriani, V.; di Vimaercati, S.D.C.; Foresti, S. et al. |pages=171–86 |year=2007 |doi=10.1007/978-3-540-74835-9_12}}</ref> The intent of encryption is to break sensitive associations among outsourced data by encrypting some attributes of that data. However, other data security concerns exist as well. Security breaches in distributed cloud databases could be exacerbated due to inference leakage, which occurs when a malicious actor uses information from a legitimate public response to discover more sensitive information, often from metadata. During the last two decades, researchers have devoted significant effort to enforcing access control policies and privacy protection requirements externally while maintaining a balance with data utility.<ref name="AggarwalTwoCan05">{{cite journal |title=Two Can Keep a Secret: A Distributed Architecture for Secure Database Services |journal=Second Biennial Conference on Innovative Data Systems Research |author=Aggarwal, G.; Bawa, M.; Ganesan, P. et al. |pages=1–14 |year=2005 |url=http://ilpubs.stanford.edu:8090/659/}}</ref><ref name="AlsirhaniImprov17">{{cite journal |title=Improving Database Security in Cloud Computing by Fragmentation of Data |journal=Proceedings of the 2017 International Conference on Computer and Applications |author=Alsirhani, A.; Bodorik, P. Sampalli, S. |pages=43–49 |year=2017 |doi=10.1109/COMAPP.2017.8079737}}</ref><ref name="BollweinSepar17">{{cite journal |title=Separation of Duties for Multiple Relations in Cloud Databases as an Optimization Problem |journal=Proceedings of the 21st International Database Engineering & Applications Symposium |author=Bollwein, F.; Wiese, L. |pages=98–107 |year=2017 |doi=10.1145/3105831.3105873}}</ref><ref name="BollweinOnTheHard18">{{cite journal |title=Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases |journal=Proceedings of the 29th IEEE International Conference on Distributed Computing Systems |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=32–39 |year=2009 |doi=10.1109/ICDCS.2009.52}}</ref><ref name="CirianiFrag09">{{cite journal |title=Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases |journal=Proceedings of the 29th IEEE International Conference on Distributed Computing Systems |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=32–39 |year=2009 |doi=10.1109/ICDCS.2009.52}}</ref><ref name="CirianiKeep09">{{cite journal |title=Keep a Few: Outsourcing Data While Maintaining Confidentiality |journal=Computing Security - ESORICS 2009 |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=440–55 |year=2009 |doi=10.1007/978-3-642-04444-1_27}}</ref><ref name="diVimercatiFrag14">{{cite journal |title=Fragmentation in Presence of Data Dependencies |journal=IEEE Transactions on Dependable and Secure Computing |author=di Vimercati, S.D.C.; Foresti, S.; Jajodia, S. et al. |volume=11 |issue=6 |pages=510–23 |year=2014 |doi=10.1109/TDSC.2013.2295798}}</ref>
In light of the increasing volume and variety of data from diverse sources—e.g., from health systems, social insurance systems, scientific and academic data systems, smart cities, and social networks—in-house storage and processing of large collections of data has becoming very costly. Hence, modern database systems have evolved from a centralized storage architecture to a distributed one, and with it the database- as-a-service paradigm has emerged. Data owners are increasingly moving their data to cloud service providers (CSPs) in order to increase flexibility, optimize storage, enhance data manipulation, and decrease processing times. Nonetheless, [[Cybersecurity|security]] concerns are widely recognized as a major barrier to [[cloud computing]] and other data outsourcing or database-as-a-service arrangements. Users remain reluctant to place their sensitive data in the cloud due to concerns about data disclosure to potentially untrusted external parties and other malicious parties.<ref name="XuDatabase15">{{cite journal |title=Database Fragmentation with Confidentiality Constraints: A Graph Search Approach |journal=Proceedings of the 5th ACM Conference on Data and Application Security and Privacy |author=Xu, X.; Xiong, L.; Liu, J. |pages=263–70 |year=2015 |doi=10.1145/2699026.2699121}}</ref> Being processed and stored externally, data owners feel they have little control over their sensitive data, consequently putting data privacy at risk. From this perspective, access control is a major challenge seeing that the security policy of a data owner must be preserved when data is moved to the cloud. Access control policies are enforced by CSPs by keeping some sensitive data separated from each other.<ref name="SamaratiData10">{{cite journal |title=Data protection in outsourcing scenarios: Issues and directions |journal=Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security |author=Samarati, P.; di Vimarcati, S.D.C. |pages=1–14 |year=2010 |doi=10.1145/1755688.1755690}}</ref> However, some techniques like [[encryption]] are helpful to better guarantee the confidentiality of data.<ref name="BiskupData13">{{cite journal |title=Database Fragmentation with Encryption: Under Which Semantic Constraints and A Priori Knowledge Can Two Keep a Secret? |journal=Data and Applications Security and Privacy XXVIII |author=Biskup, J.; Preuß, M. |pages=17–32 |year=2013 |doi=10.1007/978-3-642-39256-6_2}}</ref><ref name="BkakriaPreserv13">{{cite journal |title=Preserving Multi-relational Outsourced Databases Confidentiality using  Fragmentation and Encryption |journal=JoWUA |author=Bkakria, A.; Cuppens, F.; Cuppens-Boulahia, N. et al. |volume=4 |issue=2 |pages=39–62 |year=2013 |doi=10.22667/JOWUA.2013.06.31.039}}</ref><ref name="CirianiFrag07">{{cite journal |title=Fragmentation and Encryption to Enforce Privacy in Data Storage |journal=Computer Security - ESORICS 2007 |author=Ciriani, V.; di Vimaercati, S.D.C.; Foresti, S. et al. |pages=171–86 |year=2007 |doi=10.1007/978-3-540-74835-9_12}}</ref> The intent of encryption is to break sensitive associations among outsourced data by encrypting some attributes of that data. However, other data security concerns exist as well. Security breaches in distributed cloud databases could be exacerbated due to inference leakage, which occurs when a malicious actor uses information from a legitimate public response to discover more sensitive information, often from metadata. During the last two decades, researchers have devoted significant effort to enforcing access control policies and privacy protection requirements externally while maintaining a balance with data utility.<ref name="AggarwalTwoCan05">{{cite journal |title=Two Can Keep a Secret: A Distributed Architecture for Secure Database Services |journal=Second Biennial Conference on Innovative Data Systems Research |author=Aggarwal, G.; Bawa, M.; Ganesan, P. et al. |pages=1–14 |year=2005 |url=http://ilpubs.stanford.edu:8090/659/}}</ref><ref name="AlsirhaniImprov17">{{cite journal |title=Improving Database Security in Cloud Computing by Fragmentation of Data |journal=Proceedings of the 2017 International Conference on Computer and Applications |author=Alsirhani, A.; Bodorik, P. Sampalli, S. |pages=43–49 |year=2017 |doi=10.1109/COMAPP.2017.8079737}}</ref><ref name="BollweinSepar17">{{cite journal |title=Separation of Duties for Multiple Relations in Cloud Databases as an Optimization Problem |journal=Proceedings of the 21st International Database Engineering & Applications Symposium |author=Bollwein, F.; Wiese, L. |pages=98–107 |year=2017 |doi=10.1145/3105831.3105873}}</ref><ref name="BollweinOnTheHard18">{{cite journal |title=Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases |journal=Proceedings of the 29th IEEE International Conference on Distributed Computing Systems |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=32–39 |year=2009 |doi=10.1109/ICDCS.2009.52}}</ref><ref name="CirianiFrag09">{{cite journal |title=Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases |journal=Proceedings of the 29th IEEE International Conference on Distributed Computing Systems |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=32–39 |year=2009 |doi=10.1109/ICDCS.2009.52}}</ref><ref name="CirianiKeep09">{{cite journal |title=Keep a Few: Outsourcing Data While Maintaining Confidentiality |journal=Computing Security - ESORICS 2009 |author=Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. |pages=440–55 |year=2009 |doi=10.1007/978-3-642-04444-1_27}}</ref><ref name="diVimercatiFrag14">{{cite journal |title=Fragmentation in Presence of Data Dependencies |journal=IEEE Transactions on Dependable and Secure Computing |author=di Vimercati, S.D.C.; Foresti, S.; Jajodia, S. et al. |volume=11 |issue=6 |pages=510–23 |year=2014 |doi=10.1109/TDSC.2013.2295798}}</ref>
In this paper, we review the current and emerging research on privacy and confidentiality concerns in data outsourcing and highlight research directions in this field. In summary, our systematic review addresses security concerns in cloud database systems for both communicating and non-communicating servers. We also survey this research field in relation to the inference problem and the unresolved problems that are introduced. Recognizing these challenges, this paper provides an overview of our proposed (because this is an ongoing work) solution. The crux of that solution is to firstly optimize data distribution without the need to query the workload, then partition the database in the cloud by taking into consideration access control policies and data utility, before finally running a query evaluation model on a big data framework to securely process distributed queries while retaining access control.
The reminder of this paper is organized as follows. The next section describes the literature review methodology adopted in this paper. After that, we review emerging research on data outsourcing in the context of privacy concerns and data utility. Then we discuss data outsourcing in relation to the inference problem. Afterwards, we introduce our proposed solution to implement a secure distributed cloud database on a big data framework (Apache Spark). We close with future research directions and challenges, as well as our final conclusions.
==Literature review methodology==




Revision as of 21:59, 5 April 2021

Full article title Secure data outsourcing in presence of the inference problem: Issues and directions
Journal Journal of Information and Telecommunication
Author(s) Jebali, Adel; Sassi, Salma; Jemai, Akderrazak
Author affiliation(s) Tunis El Manar University, Jendouba University, Carthage University
Primary contact Email: adel dot jbali at fst dot utm dot tn
Year published 2020
Volume and issue 5(1)
Article # 16–34
DOI 10.1080/24751839.2020.1819633
ISSN 2475-1847
Distribution license Creative Commons Attribution 4.0 International
Website https://www.tandfonline.com/doi/full/10.1080/24751839.2020.1819633
Download https://www.tandfonline.com/doi/pdf/10.1080/24751839.2020.1819633 (PDF)
Emblem-important-yellow.svg This article should be considered a work in progress and incomplete. Consider this article incomplete until this notice is removed.

Abstract

With the emergence of the cloud computing paradigms, secure data outsourcing—moving some or most data to a third-party provider of secure data management services—has become one of the crucial challenges of modern computing. Data owners place their data among cloud service providers (CSPs) in order to increase flexibility, optimize storage, enhance data manipulation, and decrease processing time. Nevertheless, from a security point of view, access control proves to be a major concern in this situation seeing that the security policy of the data owner must be preserved when data is moved to the cloud. The lack of a comprehensive and systematic review on this topic in the available literature motivated us to review this research problem. Here, we discuss current and emerging research on privacy and confidentiality concerns in cloud-based data outsourcing and pinpoint potential issues that are still unresolved.

Keywords: cloud computing, data outsourcing, access control, inference leakage, secrecy and privacy

Introduction

In light of the increasing volume and variety of data from diverse sources—e.g., from health systems, social insurance systems, scientific and academic data systems, smart cities, and social networks—in-house storage and processing of large collections of data has becoming very costly. Hence, modern database systems have evolved from a centralized storage architecture to a distributed one, and with it the database- as-a-service paradigm has emerged. Data owners are increasingly moving their data to cloud service providers (CSPs) in order to increase flexibility, optimize storage, enhance data manipulation, and decrease processing times. Nonetheless, security concerns are widely recognized as a major barrier to cloud computing and other data outsourcing or database-as-a-service arrangements. Users remain reluctant to place their sensitive data in the cloud due to concerns about data disclosure to potentially untrusted external parties and other malicious parties.[1] Being processed and stored externally, data owners feel they have little control over their sensitive data, consequently putting data privacy at risk. From this perspective, access control is a major challenge seeing that the security policy of a data owner must be preserved when data is moved to the cloud. Access control policies are enforced by CSPs by keeping some sensitive data separated from each other.[2] However, some techniques like encryption are helpful to better guarantee the confidentiality of data.[3][4][5] The intent of encryption is to break sensitive associations among outsourced data by encrypting some attributes of that data. However, other data security concerns exist as well. Security breaches in distributed cloud databases could be exacerbated due to inference leakage, which occurs when a malicious actor uses information from a legitimate public response to discover more sensitive information, often from metadata. During the last two decades, researchers have devoted significant effort to enforcing access control policies and privacy protection requirements externally while maintaining a balance with data utility.[6][7][8][9][10][11][12]

In this paper, we review the current and emerging research on privacy and confidentiality concerns in data outsourcing and highlight research directions in this field. In summary, our systematic review addresses security concerns in cloud database systems for both communicating and non-communicating servers. We also survey this research field in relation to the inference problem and the unresolved problems that are introduced. Recognizing these challenges, this paper provides an overview of our proposed (because this is an ongoing work) solution. The crux of that solution is to firstly optimize data distribution without the need to query the workload, then partition the database in the cloud by taking into consideration access control policies and data utility, before finally running a query evaluation model on a big data framework to securely process distributed queries while retaining access control.

The reminder of this paper is organized as follows. The next section describes the literature review methodology adopted in this paper. After that, we review emerging research on data outsourcing in the context of privacy concerns and data utility. Then we discuss data outsourcing in relation to the inference problem. Afterwards, we introduce our proposed solution to implement a secure distributed cloud database on a big data framework (Apache Spark). We close with future research directions and challenges, as well as our final conclusions.

Literature review methodology

References

  1. Xu, X.; Xiong, L.; Liu, J. (2015). "Database Fragmentation with Confidentiality Constraints: A Graph Search Approach". Proceedings of the 5th ACM Conference on Data and Application Security and Privacy: 263–70. doi:10.1145/2699026.2699121. 
  2. Samarati, P.; di Vimarcati, S.D.C. (2010). "Data protection in outsourcing scenarios: Issues and directions". Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security: 1–14. doi:10.1145/1755688.1755690. 
  3. Biskup, J.; Preuß, M. (2013). "Database Fragmentation with Encryption: Under Which Semantic Constraints and A Priori Knowledge Can Two Keep a Secret?". Data and Applications Security and Privacy XXVIII: 17–32. doi:10.1007/978-3-642-39256-6_2. 
  4. Bkakria, A.; Cuppens, F.; Cuppens-Boulahia, N. et al. (2013). "Preserving Multi-relational Outsourced Databases Confidentiality using Fragmentation and Encryption". JoWUA 4 (2): 39–62. doi:10.22667/JOWUA.2013.06.31.039. 
  5. Ciriani, V.; di Vimaercati, S.D.C.; Foresti, S. et al. (2007). "Fragmentation and Encryption to Enforce Privacy in Data Storage". Computer Security - ESORICS 2007: 171–86. doi:10.1007/978-3-540-74835-9_12. 
  6. Aggarwal, G.; Bawa, M.; Ganesan, P. et al. (2005). "Two Can Keep a Secret: A Distributed Architecture for Secure Database Services". Second Biennial Conference on Innovative Data Systems Research: 1–14. http://ilpubs.stanford.edu:8090/659/. 
  7. Alsirhani, A.; Bodorik, P. Sampalli, S. (2017). "Improving Database Security in Cloud Computing by Fragmentation of Data". Proceedings of the 2017 International Conference on Computer and Applications: 43–49. doi:10.1109/COMAPP.2017.8079737. 
  8. Bollwein, F.; Wiese, L. (2017). "Separation of Duties for Multiple Relations in Cloud Databases as an Optimization Problem". Proceedings of the 21st International Database Engineering & Applications Symposium: 98–107. doi:10.1145/3105831.3105873. 
  9. Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. (2009). "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases". Proceedings of the 29th IEEE International Conference on Distributed Computing Systems: 32–39. doi:10.1109/ICDCS.2009.52. 
  10. Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. (2009). "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases". Proceedings of the 29th IEEE International Conference on Distributed Computing Systems: 32–39. doi:10.1109/ICDCS.2009.52. 
  11. Ciriani, V.; di Vimercati, S.D.C.; Foresti, S. et al. (2009). "Keep a Few: Outsourcing Data While Maintaining Confidentiality". Computing Security - ESORICS 2009: 440–55. doi:10.1007/978-3-642-04444-1_27. 
  12. di Vimercati, S.D.C.; Foresti, S.; Jajodia, S. et al. (2014). "Fragmentation in Presence of Data Dependencies". IEEE Transactions on Dependable and Secure Computing 11 (6): 510–23. doi:10.1109/TDSC.2013.2295798. 

Notes

This presentation is faithful to the original, with only a few minor changes to presentation, though grammar and word usage was substantially updated for improved readability. In some cases important information was missing from the references, and that information was added. The original paper listed references alphabetically; this wiki lists them by order of appearance, by design.

Retrieved from "https://www.limswiki.org/index.php?title=Journal:Secure_data_outsourcing_in_presence_of_the_inference_problem:_Issues_and_directions&oldid=42164"