Download PDF Presentation Slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
Document related concepts

Computer security wikipedia , lookup

Expense and cost recovery system (ECRS) wikipedia , lookup

Data vault modeling wikipedia , lookup

Business intelligence wikipedia , lookup

Open data in the United Kingdom wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

SAP IQ wikipedia , lookup

Database wikipedia , lookup

Microsoft Access wikipedia , lookup

Relational model wikipedia , lookup

Versant Object Database wikipedia , lookup

Information privacy law wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

Transcript 
Chip-Secured Data Access:
Confidential Data on Untrusted Servers
L. Bouganim, P. Pucheral
University of Versailles
The need for Open Trusted Data Stores
PAGE 2
• Virtual teams
– distributed among space, time and organizations
– collaborative work on confidential data
– e.g., cyberworkers.com …
• Shared personal folders
– accessible anywhere, anytime and shared by authorized
persons
– e.g., primadoctor.com …
• Corporate DB hosted by a DSP
– permanent access to travelling salesmen
– e.g., caspio.com, quickbase.com ...
Attackers
PAGE 3
• Intruder
– tries to attack the DB footprint or usurp the identity of a regular
user (or DBA)
• Insider
– tries to get information exceeding her own access rights
• Administrator (SA or DBA)
– has enough privileges to tamper the access right definition and
spy the DBMS behavior
Access rights can be bypassed
Encryption is required
Server-based approach
PAGE 4
Intruder
usurpation
Administrator
Insider
Client
Secured
communications
DBMS
Encryption
Decryption
Encrypted
Database
Database Server
• DB footprint protected by encryption
– Oracle Obfuscation toolkit, ...
• Restrict the DBA privileges, … as far as possible
– Protegrity, [Ideas’01] …
Weakness = decryption occurs on the server
Client-based approach
PAGE 5
Client
Encryption
Decryption
Secured
communications
DBMS
Encrypted
Database
Database Server
• Decryption on the client
– who owns the keys ?
• Privacy (exclusive access)
– the client manages the keys
– efficiency is the main concern [Sigmod’02]
• Confidentiality (shared access)
– a security mechanism is required on the client side to manage keys and
access rights
Weakness = client can tamper the security mechanism
Chip-Secured Data Access (C-SDA)
PAGE 6
Client C1
C-SDA
Secured Operating
Environment
Client C2
DBMS
Client C1
Client C2
C-SDA
• Making the security mechanism tamper-resistant
– Access right manager hosted by a Secured Operating
Environment (SOE) (e.g., a smartcard)
– Access right defined on views
• query translation in the SOE
• part of query execution in the SOE
Equi-Predicate-Only Queries
PAGE 7
X.com Privacy Policy : X.com does not rent, sell, or share personal information
about its customers with other people or companies
Select * from Customers
where Nation = «France»
ACCESS
RIGHTS
TRANSF°
Select * from lqskdqs where
sdeef = "zarevgzd"
DBMS
C-SDA
Id
22
19
name Nation Type
Jim
Joe
France
France
good
bad
DECRYPT
sd
azd
sdeef
zze
zszd
dedef
zarevgzd
Fffe
tger
Sde
zarevgzd
zrzer
• Traveling salesman asks for customers living in France
• Equi-Predicate-Only query
– 100% processed by the server
– result decrypted by C-SDA
Encrypted
Database
General Queries
PAGE 8
X.com Privacy Policy : X.com vendors cannot access detailed information
about customer’s orders, but can get statistic data about them.
Select sum(amount)
from orders where
CustId = 22
Sum
1200
ACCESS
RIGHTS
TRANSF°
Select ygefh from iuzgs
where lpaszj ="euys"
C-SDA
DBMS
ygefh
COMPUTE
DECRYPT
Encrypted
Database
retz
kdleo
• Traveling salesman asks for the total amount of orders
passed by customer #22
• Aggregation must be computed on decrypted data by CSDA
Smartcard’s Characteristics
PAGE 9
• Cheap and highly secured computer
– Powerful RISC processor (≈ 40Mips)
– Limited communication bandwidth (10 to100 Kbps)
– Tiny RAM, writes in EEPROM stable storage very costly
• Impact on C-SDA
– internal processing must be done in pipeline
– processing must be pushed down to the server
– data flows must be minimized
32 bits
proc
I/O
Security Blocks
ROM
RAM 4KB
EEPROM
Query decomposition
PAGE 10
• Q = Qterm ° Qcard ° Qserver
Equi-Predicate-Only Queries
Inequi-predicates, aggregations ...
Presentation
SELECT
C.Id, C.name, sum(O.amount)
FROM
WHERE
GROUP BY
HAVING
ORDER BY
Customers C, Orders O
C.Id = O.CustId and O.date > 1996
C.Id, C.name
count(*) >= 10
C.name
Query optimization : example
PAGE 11
CustId = Id
date
Encrypt
σ
date>1996
Decrypt
π
Orders
date
Orders
Customers
• Minimize the flow of
irrelevant data traversing
the card
• Inequi-predicates
– evaluated by a subquery
– result semi-joined with the
initial table
Conclusion
PAGE 12
• Other contributions exploiting smartcard’s storage
– Insulate highly sensitive data
– database depersonnalization
– Multiple key repository
• Future works
– Performance assessment
– Experimentation in the EDI context
• founded by the French ANVAR agency
• extends C-SDA towards XML databases
– impact of the SOE technology on query optimization
Related documents
Text 13 Database Management Systems
Text 13 Database Management Systems
Relational Databases
Relational Databases
Chapter 1
Chapter 1
Unit 5 Study Guide
Unit 5 Study Guide
File and Database Design Continued
File and Database Design Continued
Database Software
Database Software
Chapter 1 Computer Basics
Chapter 1 Computer Basics
COL362/632: Introduction to Database Systems
COL362/632: Introduction to Database Systems
Chapter 3 – Database Systems, Data Warehouses, and Data Marts
Chapter 3 – Database Systems, Data Warehouses, and Data Marts
- Google Sites
- Google Sites
CHAPTER 1: The Roles of Data and Database Administrators
CHAPTER 1: The Roles of Data and Database Administrators
Cs 06
Cs 06
Database Management Systems - University of Hawaii at Hilo
Database Management Systems - University of Hawaii at Hilo
Database Objects
Database Objects
Continuing the Chinese Economic Miracle
Continuing the Chinese Economic Miracle
redtacton - DSpace at CUSAT
redtacton - DSpace at CUSAT
SoE 2011 - Atmosphere chapter overview
SoE 2011 - Atmosphere chapter overview