高级检索

    一种服务器透明的外包数据库查询验证方法

    Server Transparent Query Authentication of Outsourced Database

    • 摘要: 查询验证作为外包数据库(ODB)重要安全需求之一,旨在向用户证明其所得查询结果集的正确性与完备性.目前大多数查询认证方法以服务器为验证中心,这不仅需要扩展数据库服务器功能,而且增加了服务器负担.提出一种服务器透明模式的查询验证方法 (签名链,简称CES),将验证对象 (VO)嵌于外包数据库表内部,数据库服务器通过常规的数据库服务实现数据内容与验证对象的检索.该方法避免了对服务器功能扩展或成为计算瓶颈,并且保证了ODB并发更新操作时VO的一致性.

       

      Abstract: With the rapid growth of database outsourcing, the security concerns in the outsourced database (ODB) paradigm are receiving more and more attentions. Query authentication is one of the important security requirements which enable the database clients to verify the authenticity and the completeness of the query results. Currently several query verification schemes are proposed based on the specially designed authentication data structures (ADS), in which the DBMS computes verification object (VO) for each query, and returns the result together with its VO. Since this “server-centric” model requires the functional extensions of DBMS and the modification of communication protocols, it will inevitably affect the application in practice. In this paper the authors propose a server transparent query authentication method called chain embedded signature (CES), which embeds the VO inside the ODB, therefore it supports the query authentication with commercial DBMS and standard SQL commands. This transparency also frees the server from heavy verification tasks, and prevents it from becoming the bottleneck of performance. Furthermore, since the VOs are stored inside ODB, the consistency of them is promised by the database transaction mechanism. The cost analysis and experimental results show that the time and space overhead are reasonable to be deployed in real systems.

       

    /

    返回文章
    返回