高级检索

    支持属性粒度数据库加密的查询重写算法

    A Query Rewriting Algorithm Supporting Attribute Grain Database Encryption

    • 摘要: DAS(database as a service)模型数据库中采用加密方案的关键问题之一是针对密文关系的查询处理.DAS模型特有的体系结构和信任模型决定了加密解密操作只能在客户端进行,目前的方案普遍在元组粒度加密的基础上进行查询重写,不可避免地造成了加密效率的损失.为此,提出一种支持属性粒度加密方案的查询重写算法,利用关系代数公式对查询语句进行等价变换,将涉及加密属性的条件谓词与其他条件谓词分离,重构查询语句,支持任意层次的相关子查询.实验显示,算法能够降低客户端与服务器间的网络传输数据量,从而有效地缩短加密DAS模型数据库的查询执行时间.

       

      Abstract: Query processing over encrypted database is one of the key issues to the DAS (database as a service) modal encryption. Due to the unique trust modal and system structure of the DAS modal, data encryption and decryption can only be carried out at the client site. The server is not trusted and sensitive data should be protected from potentially malicious database administrators. Current studies employ query rewriting techniques based on tuple level encryption, which are inefficient in encryption operations. They may waste a great deal of computational power on encrypting data that are not secret, especially when only one or a few attributes in a relation need to be protected. In this paper, a query rewriting algorithm is proposed, which supports attribute grain database encryption in the DAS model. The algorithm rewrites user queries according to relational algebra formulas, and it discriminates those encryption involving predicates from the others that do not use encrypted attributes. New queries are reconstructed and executed respectively on the client and the server so that optimization can be achieved. The algorithm is capable of processing correlated subquery with any depth in a recursive manner. Experiments show that the algorithm can reduce the network traffic caused by temporary query result transferring and shorten the query execution time effectively.

       

    /

    返回文章
    返回