[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2213836.2213918acmconferencesArticle/Chapter ViewAbstractPublication PagesmodConference Proceedingsconference-collections
demonstration

JustMyFriends: full SQL, full transactional amenities, and access privacy

Published: 20 May 2012 Publication History

Abstract

A major obstacle to using Cloud services for many enterprises is the fear that the data will be stolen. Bringing the Cloud in-house is an incomplete solution to the problem because that implies that data center personnel as well as myriad repair personnel must be trusted. An ideal security solution would be to share data among precisely the people who should see it ("my friends") and nobody else.
Encryption might seem to be an easy answer. Each friend could download the data, update it perhaps, and return it to a shared untrusted repository. But such a solution permits no concurrency and therefore no real sharing.
JustMyFriends ensures sharing among friends without revealing unencrypted data to anyone outside of a circle of trust. In fact, non-friends (such as system administrators) see only encrypted blobs being added to a persistent store. JustMyFriends allows data sharing and full transactions. It supports the use of all SQL including stored procedures, updates, and arbitrary queries. Additionally, it provides full access privacy, preventing the host from discovering patterns or correlations in the user's data access behavior.
The demonstration will show how friends in an unnamed government agency can coordinate the management of a spy network in a transactional fashion. Demo visitors will be able to play the roles of station chiefs and/or of troublemakers. As station chiefs, they will write their own transactions and queries, logout, login. As troublemakers, visitors will be able to play the role of a curious observer, kill client processes, and in general try to disrupt the system.

References

[1]
Citi breach may have compromised customer data -ft, 2011.
[2]
Baker, L. B. Sony suffers second major user data theft, May 2011.
[3]
Chor, B., Goldreich, O., Kushilevitz, E., and Sudan, M. Private information retrieval. Foundations of Computer Science, Annual IEEE Symposium on 0 (1995), 41.
[4]
Feldman, A. J., Zeller, W. P., Freedman, M. J., and Felten, E. W. Sporc: group collaboration using untrusted cloud resources. In Proceedings of the 9th USENIX conference on Operating systems design and implementation (Berkeley, CA, USA, 2010), OSDI'10, USENIX Association, pp. 1--.
[5]
Gentry, C. Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st annual ACM symposium on Theory of computing (New York, NY, USA, 2009), STOC '09, ACM, pp. 169--178.
[6]
Hacigümüš, H., Iyer, B., Li, C., and Mehrotra, S. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the 2002 ACM SIGMOD international conference on Management of data (New York, NY, USA, 2002), SIGMOD '02, ACM, pp. 216--227.
[7]
Hore, B., Mehrotra, S., and Tsudik, G. A privacy-preserving index for range queries. In Proceedings of the Thirtieth international conference on Very large data bases - Volume 30 (2004), VLDB '04, VLDB Endowment, pp. 720--731.
[8]
Kushilevitz, E., and Ostrovsky, R. Replication is not needed: single database, computationally-private information retrieval. In Foundations of Computer Science, 1997. Proceedings., 38th Annual Symposium on (oct 1997), pp. 364--373.
[9]
Kushilevitz, E., and Ostrovsky, R. One-way trapdoor permutations are sufficient for non-trivial single-server private information retrieval, 2000.
[10]
Li, J., Krohn, M., Maziéres, D., and Shasha, D. Secure untrusted data repository (sundr). In Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6 (Berkeley, CA, USA, 2004), USENIX Association, pp. 9--9.
[11]
Naehrig, M., Lauter, K., and Vaikuntanathan, V. Can homomorphic encryption be practical? In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (New York, NY, USA, 2011), CCSW '11, ACM, pp. 113--124.
[12]
Naor, M., and Pinkas, B. Oblivious transfer and polynomial evaluation. In Proceedings of the thirty-first annual ACM symposium on Theory of computing (New York, NY, USA, 1999), STOC '99, ACM, pp. 245--254.
[13]
Naor, M., and Pinkas, B. Efficient oblivious transfer protocols. In Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms (Philadelphia, PA, USA, 2001), SODA '01, Society for Industrial and Applied Mathematics, pp. 448--457.
[14]
Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security (New York, NY, USA, 2009), CCS '09, ACM, pp. 199--212.
[15]
Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., and Lo Iacono, L. All your clouds are belong to us: security analysis of cloud management interfaces. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (New York, NY, USA, 2011), CCSW '11, ACM, pp. 3--14.
[16]
Williams, P., Sion, R., and Shasha, D. The blind stone tablet: Outsourcing durability tountrusted parties. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (2009), NDSS'09.

Cited By

View all
  • (2020)Survey: A Comparative Study of Different Security Issues in Big DataEmerging Research in Data Engineering Systems and Computer Communications10.1007/978-981-15-0135-7_24(247-257)Online publication date: 11-Feb-2020
  • (2019)Big Data Challenges and Issues: A ReviewProceeding of the International Conference on Computer Networks, Big Data and IoT (ICCBI - 2018)10.1007/978-3-030-24643-3_53(446-452)Online publication date: 1-Aug-2019
  • (2016)Security and privacy for big data: A systematic literature review2016 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2016.7841037(3693-3702)Online publication date: Dec-2016

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SIGMOD '12: Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data
May 2012
886 pages
ISBN:9781450312479
DOI:10.1145/2213836
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 May 2012

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cloud
  2. database
  3. outsourcing
  4. privacy
  5. security

Qualifiers

  • Demonstration

Conference

SIGMOD/PODS '12
Sponsor:

Acceptance Rates

SIGMOD '12 Paper Acceptance Rate 48 of 289 submissions, 17%;
Overall Acceptance Rate 785 of 4,003 submissions, 20%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 30 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2020)Survey: A Comparative Study of Different Security Issues in Big DataEmerging Research in Data Engineering Systems and Computer Communications10.1007/978-981-15-0135-7_24(247-257)Online publication date: 11-Feb-2020
  • (2019)Big Data Challenges and Issues: A ReviewProceeding of the International Conference on Computer Networks, Big Data and IoT (ICCBI - 2018)10.1007/978-3-030-24643-3_53(446-452)Online publication date: 1-Aug-2019
  • (2016)Security and privacy for big data: A systematic literature review2016 IEEE International Conference on Big Data (Big Data)10.1109/BigData.2016.7841037(3693-3702)Online publication date: Dec-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media