Using In-Memory Encrypted Databases on the Cloud
•Download as PPT, PDF•
2 likes•977 views
The document proposes using in-memory encrypted databases on the cloud to address privacy issues. It presents an agent-based approach where each user has a local database encrypted with a key only available to a trusted synchronizer. This allows data to be shared securely while minimizing encryption/decryption overhead. A prototype was implemented using HyperSQL. Benchmark results showed the overhead of the proposed solution is low, especially for read operations, making it suitable for privacy-focused applications like professional networks that require frequent data sharing.
![Using In-Memory Encrypted Databases on the Cloud Francesco (and Davide) Pagano [email_address] Department of Information Technology Università degli Studi di Milano - Italy](https://image.slidesharecdn.com/presentazionepagano1-110906092153-phpapp02/85/Using-In-Memory-Encrypted-Databases-on-the-Cloud-1-320.jpg)
![Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (14)
Viewers also liked
Viewers also liked (9)
Similar to Using In-Memory Encrypted Databases on the Cloud
Similar to Using In-Memory Encrypted Databases on the Cloud (20)
Recently uploaded
Recently uploaded (20)
Using In-Memory Encrypted Databases on the Cloud
- 1. Using In-Memory Encrypted Databases on the Cloud Francesco (and Davide) Pagano [email_address] Department of Information Technology Università degli Studi di Milano - Italy
- 3. Access control problem Cloud Platform Desktop Desktop controlled accesses for external users uncensored access for cloud provider
- 4. Privacy within the cloud: on the same side of the wall Presentation Layer privacy Data Layer performance
- 5. An agent-based approach Untrusted Synchronizer never holds plaintext data Local agent with local db
- 6. The model
- 8. Database encryption * L. Bouganim and Y. Guo, “Database encryption,” in Encyclopedia of Cryptography and Security, Springer, 2010, 2nd Edition
- 11. HyperSql
- 12. Loader
- 13. Insert
- 14. Serializer
- 20. The synchronizer
- 31. Questions
Editor's Notes
- My name is Francesco Pagano and I come from University of Milan – Italy. Today, I present the paper “Handling Confidential Data on the Untrusted Cloud: an agent-based approach”, written with Prof. Ernesto Damiani from the same university.
- The agenda of my speech: First, I'll analyze the issue of privacy in cloud computing, showing some classical solutions from literature. Then, I'll show an intrinsic problem that clears the effort of those solutions. Followed by a detailed presentation of our solution. Finally, it will be “question time”.
- In cloud computing there is a clear distinction between the Platform, hosted in the cloud, and the clients, distributed in Internet. The clients access the outsourced data, stored in the Platform via applications, in the Cloud too. External user identification and access control are very well studied and diffused, so that EXTERNAL malicious users are easily stopped. But what about internal access? We don't want that Cloud Providers have access to our sensitive data!
- The previous techniques ensure outsourced data integrity, but this is not enough since the data has a long way to go after the data layer. In a Java application, for example, it passes through JDBC, Hibernate, and so on, up to presentation layer. And at that level, certainly, data is clear text. An attacker can attack one of the weakest levels, for example, using aspect programming. <Click> So, for privacy, we have to move “presentation layer” to client side <click> but now data and presentation are divided. If we want performance <click> we have to move also data to client side <click>.
- And this is our proposal. We suggest to atomize the couple application/database, providing a copy per user. Every instance runs locally, and maintains only authorized data that is replicated and synchronized among all authorized users. A centralized node hosts an untrusted Synchronizer which never holds plain-text data.
- Each user has a local copy of his data. We use the term dossier to indicate a group of correlated informations such as a medical record or a court file. If 2 users can access the same dossier, each of them has a copy of the dossier. We suppose that only one user (called “the owner”) can modify the dossier.
- The local nodes synchronize that data by a central repository that stores the updated records. To prevent this synchronizer to access the data, it is encrypted. The decryption keys, protected in the way that we will see later, are also stored into the synchronizer.
- This is all. If you have any question...