Transactions on
Data Privacy
Foundations and Technologies
http://www.tdp.cat

Articles in Press

Accepted articles here

Latest Issues

Year 2025

Volume 18 Issue 2
Volume 18 Issue 1

Year 2024

Volume 17 Issue 3
Volume 17 Issue 2
Volume 17 Issue 1

Year 2023

Volume 16 Issue 3
Volume 16 Issue 2
Volume 16 Issue 1

Year 2022

Volume 15 Issue 3
Volume 15 Issue 2
Volume 15 Issue 1

Year 2021

Volume 14 Issue 3
Volume 14 Issue 2
Volume 14 Issue 1

Year 2020

Volume 13 Issue 3
Volume 13 Issue 2
Volume 13 Issue 1

Year 2019

Volume 12 Issue 3
Volume 12 Issue 2
Volume 12 Issue 1

Year 2018

Volume 11 Issue 3
Volume 11 Issue 2
Volume 11 Issue 1

Year 2017

Volume 10 Issue 3
Volume 10 Issue 2
Volume 10 Issue 1

Year 2016

Volume 9 Issue 3
Volume 9 Issue 2
Volume 9 Issue 1

Year 2015

Volume 8 Issue 3
Volume 8 Issue 2
Volume 8 Issue 1

Year 2014

Volume 7 Issue 3
Volume 7 Issue 2
Volume 7 Issue 1

Year 2013

Volume 6 Issue 3
Volume 6 Issue 2
Volume 6 Issue 1

Year 2012

Volume 5 Issue 3
Volume 5 Issue 2
Volume 5 Issue 1

Year 2011

Volume 4 Issue 3
Volume 4 Issue 2
Volume 4 Issue 1

Year 2010

Volume 3 Issue 3
Volume 3 Issue 2
Volume 3 Issue 1

Year 2009

Volume 2 Issue 3
Volume 2 Issue 2
Volume 2 Issue 1

Year 2008

Volume 1 Issue 3
Volume 1 Issue 2
Volume 1 Issue 1

Volume 9 Issue 3

DBMask: Fine-Grained Access Control on Encrypted Relational Databases

Muhammad I Sarfraz^(a),(*), Mohamed Nabeel^(b), Jianneng Cao^(c), Elisa Bertino^(a)

Transactions on Data Privacy 9:3 (2016) 187 - 214

(a) Purdue University, West Lafayette, IN, 47907, USA.

(b) Oracle, Redwood City, CA, 94065, USA.

(c) Institute for Infocomm Research, Singapore 13862.

e-mail:msarfraz @purdue.edu; nabeel.mohamed.nabeel @oracle.com; caojn @i2r.a-star.edu.sg; bertino @purdue.edu

Abstract

DBMask is a system that implements encrypted query processing with support for complex queries and fine grained access control with create, update, delete and cryptographically enforced read (CRUD) operations for data stored on an untrusted database server hosted in a public cloud. Past research efforts have not adequately addressed flexible access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. DBMask proposes a novel technique that separates fine grained access control from encrypted query processing when evaluating SQL queries on encrypted data and enforces fine grained access control at the granularity level of a column, row and cell based on an expressive attribute-based group key encryption scheme. DBMask does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance of an encrypted database, managed by DBMask, using queries from TPC-H benchmark in comparison to plaintext Postgres. We further evaluate the functionality of our prototype using a policy simulator and a multi-user web application. The results show that DBMask is efficient and scalable to large datasets.

^* Corresponding author.

ISSN: 1888-5063; ISSN (Digital): 2013-1631; D.L.:B-11873-2008; Web Site: http://www.tdp.cat/
Contact: Transactions on Data Privacy; Vicenç Torra; Umeå University; 90187 Umeå (Sweden); e-mail:tdp@tdp.cat
Note: TDP's web site does not use cookies. TDP does not keep information neither on IP addresses nor browsers. For the privacy policy access here.

TDP

Vicenç Torra, Last modified: 00 : 08 May 19 2020.