Type

Text

Type

Dissertation

Advisor

Zadok, Erez | Sion, Radu | Johnson, Rob | Perrig, Adrian | Yung, Moti

Date

2012-05-01

Keywords

Access Pattern Privacy, Database Outsourcing, Oblivious RAM | Computer science

Department

Department of Computer Science

Language

en_US

Source

This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.

Identifier

http://hdl.handle.net/11401/71458

Publisher

The Graduate School, Stony Brook University: Stony Brook, NY.

Format

application/pdf

Abstract

Access pattern leaks threaten data confidentiality. The ability to access remote information without revealing the objects of interest is thus essential to remote storage privacy. Despite many challenges to deployment, this thesis asserts that there exist practical (applicable and economical) access privacy mechanisms. Outsourced computing is a popular trend with good reason: significant cost savings can be obtained by consolidating data center management. This trend arrives with a new set of security issues, however. Companies expose themselves to significant risk by placing sensitive data in systems outside their control. Of concern are not only network security, data confidentiality, and collocation issues, but more importantly a significant shift in liability, and a new class of insider attacks. To defend these new vulnerability surfaces, of special importance becomes the ability to provide clients with practical guarantees of confidentiality and privacy. This thesis outlines a set of essential outsourcing challenges: (i) How can remotely-hosted data be accessed efficiently with privacy? (ii) How can multiple clients run transactions privately in parallel, with serializability assurances guaranteed by untrusted, possibly malicious transaction managers? (iii) How can new, efficient, minimal-TCB hardware be designed to better provide security and privacy outsourcing guarantees? To answer these questions, this dissertation introduces new mechanisms for practical private data access and oblivious transaction processing, as well as new trusted hardware designs. A space-time trade-off of client storage vs. efficiency is explored, then expanded to the additional dimensions of multiplicity of clients, the nature of the trusted computing base (hardware vs. software), and the degree of client data processing (access vs. transactions vs. computation). The results are orders of magnitude more efficient than existing work. Together, they bridge the gap between theoretical possibility and practical feasibility. | 198 pages

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.