Authentic Third-party Data Publication

  title={Authentic Third-party Data Publication},
  author={Premkumar T. Devanbu and Michael Gertz and Charles U. Martel and Stuart G. Stubblebine},
Integrity critical databases, such as financial data used in high-value decisions, are frequently published over the Internet. Publishers of such data must satisfy the integrity, authenticity, and non-repudiation requirements of clients. Providing this protection over public networks is costly. 
Signature Bouquets: Immutability for Aggregated/Condensed Signatures
Database outsourcing is a popular industry trend which involves organizations delegating their data management needs to an external service provider, but security and privacy of outsourced data are important concerns. Expand
Implementing a Tamper-Evident Database System
A novel relational hash tree is described, designed for efficient database processing, and strong cryptographic guarantees of integrity can be provided in a relational database with modest overhead. Expand
Authenticated Data Structures
A survey of techniques for designing authenticated data structures is presented and their computational efficiency is overview to discuss implementation issues and practical applications. Expand
Towards Secure Data Outsourcing
  • R. Sion
  • Computer Science
  • Handbook of Database Security
  • 2008
The networked and increasingly ubiquitous nature of today’s data management services mandates assurances to detect and deter malicious or faulty behavior. This is particularly relevant for outsourcedExpand
Modeling Integrity in Data Exchange
This work provides a formal model of security guarantees offered by digital signature schemes when they are applied to structured data and expresses signature semantics using well-known database constraints to help authors decide what to sign, recipients evaluate the integrity of signed data, and clarify the capabilities of different signature technologies. Expand
DSAC: integrity for outsourced databases with signature aggregation and chaining
New techniques in support of efficient authenticity and completeness guarantees of query replies to outsourced database queries are suggested. Expand
Database Outsourcing with Hierarchical Authenticated Data Structures
In an outsourced database scheme, the data owner delegates the data management tasks to a remote service provider. At a later time, the remote service is supposed to answer any query on the database.Expand
Authenticated Relational Tables and Authenticated Skip Lists
This work presents a general method, based on the usage of typical DBMS primitives, for maintaining authenticated relational tables that exploits techniques to represent hierarchical data structures into relational tables and queries that allow an efficient selection of the elements needed for authentication. Expand
Protecting Data in Outsourcing Scenarios
The goal of this chapter is to describe the main solutions being devised for protecting data confidentiality and integrity in outsourcing scenarios. In particular, we illustrate approaches thatExpand
Security and Privacy of Data in a Cloud
  • S. Jajodia
  • Political Science, Computer Science
  • Secure Data Management
  • 2013
The goals of this brief note are to describe some of the research progress that has been made to date and elaborate on the fundamental challenges facing the research community in security and privacyExpand


A Certified Digital Signature
A practical digital signature system based on a conventionalryption function which is as secure as the conventional encryption function is described, without the several years delay required for certification of an untested system. Expand
Recent-secure authentication: enforcing revocation in distributed systems
  • S. Stubblebine
  • Computer Science
  • Proceedings 1995 IEEE Symposium on Security and Privacy
  • 1995
It is illustrated how the inclusion of freshness policies within certificates enables the design of a secure and highly available revocation service. Expand
Software engineering for security: a roadmap
Is there such a thing anymore as a software system that doesn’t need to be secure? Almost every softwarecontrolled system faces threats from potential adversaries, from Internet-aware clientExpand
Certificate revocation and certificate update
This solution represents certificate revocation lists by authenticated dictionaries that support efficient verification whether a certificate is in the list or not and efficient updates and is compatible, e.g., with X.500 certificates. Expand
Practice-Oriented Provable Security
  • M. Bellare
  • Computer Science
  • Lectures on Data Security
  • 1998
This short article is intended to complement my talk on practice-oriented provable-security, a fruitful blend of theory and practice that is able to enrich both sides and has by now had some impact on real world security. Expand
The Eternity Service
The Internet was designed to provide a communications channel that is as resistant to denial of service attacks as human ingenuity can make it. In this note, we propose the construction of a storageExpand
A unified framework for enforcing multiple access control policies
This paper presents a flexible authorization manager (FAM) that can enforce multiple access control policies within a single, unified system and formally defines the language and properties required to hold on the security specifications and proves that this language can express all security specifications. Expand
An Introduction to Database Systems
Readers of this book will gain a strong working knowledge of the overall structure, concepts, and objectives of database systems and will become familiar with the theoretical principles underlying the construction of such systems. Expand
Database System Concepts
This acclaimed revision of a classic database systems text provides the latest information combined with real-world examples to help readers master concepts in a technically complete yet easy-to-understand style. Expand
Understanding the New SQL: A Complete Guide
This chapter discusses the design of SQL-92 Databases, the SQL Standardization Process, and the creation and manipulation of Table Creation and Data Manipulation. Expand