DBMask

Fine-grained access control on encrypted relational databases

Muhammad I. Sarfraz, Mohamed Nabeel, Jianneng Cao, Elisa Bertino

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

DBMask is a system that implements encrypted query processing with support for complex queries and fine grained access control with create, update, delete and cryptographically enforced read (CRUD) operations for data stored on an untrusted database server hosted in a public cloud. Past research efforts have not adequately addressed flexible access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. DBMask proposes a novel technique that separates fine grained access control from encrypted query processing when evaluating SQL queries on encrypted data and enforces fine grained access control at the granularity level of a column, row and cell based on an expressive attribute-based group key encryption scheme. DBMask does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance of an encrypted database, managed by DBMask, using queries from TPC-H benchmark in comparison to plaintext Postgres. We further evaluate the functionality of our prototype using a policy simulator and a multi-user web application. The results show that DBMask is efficient and scalable to large datasets.

Original languageEnglish
Pages (from-to)187-214
Number of pages28
JournalTransactions on Data Privacy
Volume9
Issue number3
Publication statusPublished - 1 Dec 2016
Externally publishedYes

Fingerprint

Relational Database
Access Control
Access control
Query processing
Query Processing
Query
Granularity
Data Sharing
Evaluate
Web Application
Large Data Sets
Encryption
Cryptography
Reuse
Simulator
Engine
Servers
Server
Infrastructure
Simulators

Keywords

  • Attribute-based group key management
  • Database-as-a-service
  • Encrypted query processing

ASJC Scopus subject areas

  • Software
  • Statistics and Probability

Cite this

DBMask : Fine-grained access control on encrypted relational databases. / Sarfraz, Muhammad I.; Nabeel, Mohamed; Cao, Jianneng; Bertino, Elisa.

In: Transactions on Data Privacy, Vol. 9, No. 3, 01.12.2016, p. 187-214.

Research output: Contribution to journalArticle

Sarfraz, MI, Nabeel, M, Cao, J & Bertino, E 2016, 'DBMask: Fine-grained access control on encrypted relational databases', Transactions on Data Privacy, vol. 9, no. 3, pp. 187-214.
Sarfraz, Muhammad I. ; Nabeel, Mohamed ; Cao, Jianneng ; Bertino, Elisa. / DBMask : Fine-grained access control on encrypted relational databases. In: Transactions on Data Privacy. 2016 ; Vol. 9, No. 3. pp. 187-214.
@article{0365cac17bcb40399c3752b8413b4d5b,
title = "DBMask: Fine-grained access control on encrypted relational databases",
abstract = "DBMask is a system that implements encrypted query processing with support for complex queries and fine grained access control with create, update, delete and cryptographically enforced read (CRUD) operations for data stored on an untrusted database server hosted in a public cloud. Past research efforts have not adequately addressed flexible access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. DBMask proposes a novel technique that separates fine grained access control from encrypted query processing when evaluating SQL queries on encrypted data and enforces fine grained access control at the granularity level of a column, row and cell based on an expressive attribute-based group key encryption scheme. DBMask does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance of an encrypted database, managed by DBMask, using queries from TPC-H benchmark in comparison to plaintext Postgres. We further evaluate the functionality of our prototype using a policy simulator and a multi-user web application. The results show that DBMask is efficient and scalable to large datasets.",
keywords = "Attribute-based group key management, Database-as-a-service, Encrypted query processing",
author = "Sarfraz, {Muhammad I.} and Mohamed Nabeel and Jianneng Cao and Elisa Bertino",
year = "2016",
month = "12",
day = "1",
language = "English",
volume = "9",
pages = "187--214",
journal = "Transactions on Data Privacy",
issn = "1888-5063",
publisher = "Institut d'Investigacio en Intel-ligencia Artificial - Consejo Superior Investigaciones Cientificas (IIIA-CSIC)",
number = "3",

}

TY - JOUR

T1 - DBMask

T2 - Fine-grained access control on encrypted relational databases

AU - Sarfraz, Muhammad I.

AU - Nabeel, Mohamed

AU - Cao, Jianneng

AU - Bertino, Elisa

PY - 2016/12/1

Y1 - 2016/12/1

N2 - DBMask is a system that implements encrypted query processing with support for complex queries and fine grained access control with create, update, delete and cryptographically enforced read (CRUD) operations for data stored on an untrusted database server hosted in a public cloud. Past research efforts have not adequately addressed flexible access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. DBMask proposes a novel technique that separates fine grained access control from encrypted query processing when evaluating SQL queries on encrypted data and enforces fine grained access control at the granularity level of a column, row and cell based on an expressive attribute-based group key encryption scheme. DBMask does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance of an encrypted database, managed by DBMask, using queries from TPC-H benchmark in comparison to plaintext Postgres. We further evaluate the functionality of our prototype using a policy simulator and a multi-user web application. The results show that DBMask is efficient and scalable to large datasets.

AB - DBMask is a system that implements encrypted query processing with support for complex queries and fine grained access control with create, update, delete and cryptographically enforced read (CRUD) operations for data stored on an untrusted database server hosted in a public cloud. Past research efforts have not adequately addressed flexible access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. DBMask proposes a novel technique that separates fine grained access control from encrypted query processing when evaluating SQL queries on encrypted data and enforces fine grained access control at the granularity level of a column, row and cell based on an expressive attribute-based group key encryption scheme. DBMask does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance of an encrypted database, managed by DBMask, using queries from TPC-H benchmark in comparison to plaintext Postgres. We further evaluate the functionality of our prototype using a policy simulator and a multi-user web application. The results show that DBMask is efficient and scalable to large datasets.

KW - Attribute-based group key management

KW - Database-as-a-service

KW - Encrypted query processing

UR - http://www.scopus.com/inward/record.url?scp=85007495582&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85007495582&partnerID=8YFLogxK

M3 - Article

VL - 9

SP - 187

EP - 214

JO - Transactions on Data Privacy

JF - Transactions on Data Privacy

SN - 1888-5063

IS - 3

ER -