Locations of visitors to this page

Secure Data Outsourcing

Data outsourcing is today receiving growing attention due to its benefits in terms of cost reduction and better services. According to such paradigm, the data owner is no more responsible for data management, rather it outsources its data to one or more service providers (referred to as publishers) that provide management services and query processing functionalities.

Clearly, data outsourcing leads to many research challenges. One of the most significant is related to security. The key problem is that, since the owner does not anymore manage its data, it may potentially loose control over them. The challenge is therefore how to ensure the most important security properties (e.g., confidentiality, integrity, authenticity) even if data are managed by a third party.

A naïve solution is to assume the publisher to be trusted, that is, to assume it always operates according to the owner's security policies. However, making this assumption is not realistic, especially for Web-based systems that can be easily attacked and penetrated. Additionally, verifying that a publisher is trusted is a very costly operation.

Therefore, the research is now focusing on techniques to satisfy the main security properties even in the presence of an untrusted publisher that can not always follow owner's security policies (for instance it can maliciously modify/delete the data it manages or it can send data to non authorized users).

In this project, we developed a comprehensive solution for ensuring authenticity, confidentiality and completeness of outsourced data, by focusing on data coded in XML.

Related publications

EE Confidentiality Enforcement for XML Outsourced Data (2006)

Barbara Carminati, Elena Ferrari

Proceedings: EDBT Workshops 2006, pp. 234–249, 2006

PDF Securing XML Data in Third-Party Distribution Systems (2005)

Barbara Carminati, Elena Ferrari, Elisa Bertino

Proceedings: ACM International Conference on Information and Knowledge Management (CIKM 2005), pp. 99–106, 2005

PDF Selective and Authentic Third-Party Distribution of XML Documents (2004)

Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta

IEEE Transactions on Knowledge & Data Engineering 16(10):1263–1278, 2004.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Credits: Icons by http://ldodds.com, http://dryicons.com, http://kalsey.com, http://pooliestudios.com, http://www.askthecssguy.com