* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PDF Presentation Slides
Survey
Document related concepts
Computer security wikipedia , lookup
Expense and cost recovery system (ECRS) wikipedia , lookup
Data vault modeling wikipedia , lookup
Business intelligence wikipedia , lookup
Open data in the United Kingdom wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Microsoft Access wikipedia , lookup
Relational model wikipedia , lookup
Versant Object Database wikipedia , lookup
Information privacy law wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Transcript
Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 • Virtual teams – distributed among space, time and organizations – collaborative work on confidential data – e.g., cyberworkers.com … • Shared personal folders – accessible anywhere, anytime and shared by authorized persons – e.g., primadoctor.com … • Corporate DB hosted by a DSP – permanent access to travelling salesmen – e.g., caspio.com, quickbase.com ... Attackers PAGE 3 • Intruder – tries to attack the DB footprint or usurp the identity of a regular user (or DBA) • Insider – tries to get information exceeding her own access rights • Administrator (SA or DBA) – has enough privileges to tamper the access right definition and spy the DBMS behavior Access rights can be bypassed Encryption is required Server-based approach PAGE 4 Intruder usurpation Administrator Insider Client Secured communications DBMS Encryption Decryption Encrypted Database Database Server • DB footprint protected by encryption – Oracle Obfuscation toolkit, ... • Restrict the DBA privileges, … as far as possible – Protegrity, [Ideas’01] … Weakness = decryption occurs on the server Client-based approach PAGE 5 Client Encryption Decryption Secured communications DBMS Encrypted Database Database Server • Decryption on the client – who owns the keys ? • Privacy (exclusive access) – the client manages the keys – efficiency is the main concern [Sigmod’02] • Confidentiality (shared access) – a security mechanism is required on the client side to manage keys and access rights Weakness = client can tamper the security mechanism Chip-Secured Data Access (C-SDA) PAGE 6 Client C1 C-SDA Secured Operating Environment Client C2 DBMS Client C1 Client C2 C-SDA • Making the security mechanism tamper-resistant – Access right manager hosted by a Secured Operating Environment (SOE) (e.g., a smartcard) – Access right defined on views • query translation in the SOE • part of query execution in the SOE Equi-Predicate-Only Queries PAGE 7 X.com Privacy Policy : X.com does not rent, sell, or share personal information about its customers with other people or companies Select * from Customers where Nation = «France» ACCESS RIGHTS TRANSF° Select * from lqskdqs where sdeef = "zarevgzd" DBMS C-SDA Id 22 19 name Nation Type Jim Joe France France good bad DECRYPT sd azd sdeef zze zszd dedef zarevgzd Fffe tger Sde zarevgzd zrzer • Traveling salesman asks for customers living in France • Equi-Predicate-Only query – 100% processed by the server – result decrypted by C-SDA Encrypted Database General Queries PAGE 8 X.com Privacy Policy : X.com vendors cannot access detailed information about customer’s orders, but can get statistic data about them. Select sum(amount) from orders where CustId = 22 Sum 1200 ACCESS RIGHTS TRANSF° Select ygefh from iuzgs where lpaszj ="euys" C-SDA DBMS ygefh COMPUTE DECRYPT Encrypted Database retz kdleo • Traveling salesman asks for the total amount of orders passed by customer #22 • Aggregation must be computed on decrypted data by CSDA Smartcard’s Characteristics PAGE 9 • Cheap and highly secured computer – Powerful RISC processor (≈ 40Mips) – Limited communication bandwidth (10 to100 Kbps) – Tiny RAM, writes in EEPROM stable storage very costly • Impact on C-SDA – internal processing must be done in pipeline – processing must be pushed down to the server – data flows must be minimized 32 bits proc I/O Security Blocks ROM RAM 4KB EEPROM Query decomposition PAGE 10 • Q = Qterm ° Qcard ° Qserver Equi-Predicate-Only Queries Inequi-predicates, aggregations ... Presentation SELECT C.Id, C.name, sum(O.amount) FROM WHERE GROUP BY HAVING ORDER BY Customers C, Orders O C.Id = O.CustId and O.date > 1996 C.Id, C.name count(*) >= 10 C.name Query optimization : example PAGE 11 CustId = Id date Encrypt σ date>1996 Decrypt π Orders date Orders Customers • Minimize the flow of irrelevant data traversing the card • Inequi-predicates – evaluated by a subquery – result semi-joined with the initial table Conclusion PAGE 12 • Other contributions exploiting smartcard’s storage – Insulate highly sensitive data – database depersonnalization – Multiple key repository • Future works – Performance assessment – Experimentation in the EDI context • founded by the French ANVAR agency • extends C-SDA towards XML databases – impact of the SOE technology on query optimization