Proof of Violation for Trust and Accountability of Cloud Database Systems

  title={Proof of Violation for Trust and Accountability of Cloud Database Systems},
  author={Gwan-Hwan Hwang and Shi Fu},
  journal={2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid)},
  • Gwan-Hwan HwangShi Fu
  • Published 16 May 2016
  • Computer Science
  • 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid)
A cloud database is a system that typically runs on a cloud computing platform which is not maintained by the user but a service provider. The service provider can leak confidential data, modify the data, or return inconsistent data to users due to bugs, crashes, operator errors, or even malicious security attacks. Some cloud database systems provide Web interface or application programming interface for clients to access logs of database transactions. However, these logs are not cryptographic… 

Figures and Tables from this paper

LibSEAL: revealing service integrity violations using trusted execution

LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity, is described.

Database as a service: Security and privacy issues, and appropriate controls

This research paper identified security and privacy issues in DBaaS and offered adequate solutions to mitigate it and the provision of security controls by three vendors (Amazon, Microsoft Azure and Oracles) and together with related security controls and best practices from ISO 27001/2013, CSA/CCMv3.0.1 and NIST 800-53 R5 are mapped with the identified issues to aid the creation ofSecurity controls to mitigate the risks.

Security and Trust in Blockchains: Architecture, Key Technologies, and Open Issues

The work discusses the basic architecture of blockchains as well as its potential security and trust issues at data, network, consensus, smart contract, and application layers, and some open issues are presented and discussed.

Cryptographic Algorithms to Mitigate the Risks of Database in the Management of a Smart City

It was concluded that information protected with an encryption algorithm, is a support to be more efficient, reduce costs, reduce the environmental footprint and improve the management of a Smart City.



Enabling Security in Cloud Storage SLAs with CloudProof

In CloudProof, customers can not only detect violations of integrity, write-serializability, and freshness, they can also prove the occurrence of these violations to a third party, which is critical to enabling security guarantees in SLAs.

Real-Time Proof of Violation for Cloud Storage

This paper proposes a real-time POV scheme in which the auditing can be performed at the time of each file operation, and is the first scheme that can perform real- time POV for cloud storage.

Integrity Auditing of Outsourced Data

A novel integrity audit mechanism is introduced that inserts a small amount of records into an outsourced database so that the integrity of the system can be effectively audited by analyzing the inserted records in the query results.

Executing SQL over encrypted data in the database-service-provider model

The paper explores an algebraic framework to split the query to minimize the computation at the client site, and explores techniques to execute SQL queries over encrypted data.

Strong accountability for network storage

The results show that strong accountability is practical for network storage systems in settings with strong identity and modest degrees of write-sharing and how the accountability concepts and techniques used in CATS generalize to other classes of network services.

CryptDB: protecting confidentiality with encrypted query processing

The evaluation shows that CryptDB has low overhead, reducing throughput by 14.5% for phpBB, a web forum application, and by 26% for queries from TPC-C, compared to unmodified MySQL.

A Mutual Nonrepudiation Protocol for Cloud Storage with Interchangeable Accesses of a Single Account from Multiple Devices

This paper proposes a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received.

Dynamic authenticated index structures for outsourced databases

This work defines a variety of essential and practical cost metrics associated with ODB systems and looks at solutions that can handle dynamic scenarios, where owners periodically update the data residing at the servers, both for static and dynamic environments.

Providing freshness guarantees for outsourced databases

A thorough study on how to add freshness guarantees over proposed schemes (including authenticated data structure-based and probabilistic-based approaches) to provide integrity assurance and results show that it can provide reasonable tightfreshness guarantees without sacrificing much performance.

Security and Confidentiality Solutions for Public Cloud Database Services

It is demonstrated through a large set of experiments that these encryption schemes represent a feasible solution for achieving data confidentiality in public cloud databases, even from a performance point of view.