| Rapid advances in networking and Internet technologies have fueled the emergence of the “software as a service” model, also referred as the Application Service Provider (ASP) model, for enterprise computing. The “database-as-a-service” (DAS) model inherits all the advantages of the ASP model by allowing organizations to leverage data management solutions provided by the ASPs, without having to develop them on their own. It provides users the ability to create, store, modify, and retrieve data from anywhere and anytime. Yet, even with all of its advantages, the DAS model also introduces many significant research challenges. Foremost among them is the issue of data privacy. Most organizations view their data as a very valuable asset and in DAS model; their data resides on the premises of the service provider.; This dissertation explores the viability of database-as-a-service model and studies the data privacy issues introduced by the model. In particular, it focuses on the following issues: (1) How to protect the user's data stored at the service provider site against data thefts from outsiders, thereby limiting the liability of the service provider. (2) How to protect the user data even from the service providers, if the providers themselves are not trusted. To address the first issue, we study how data encryption techniques can be used against attacks on stored relational data. In this context, we investigate solution alternatives, such as implementation level of encryption techniques, integration of specialized hardware, and encryption granularity choices. To address the second problem, we develop a novel data storage and query processing techniques that allow SQL queries to be executed directly over encrypted data. We also devise techniques to execute specific sets of SQL queries, such as aggregation and wildcard queries, directly over encrypted data. The resulting techniques enable query processing without decryption at the ASP site, thereby ensuring the privacy of the user's data from the ASP itself. Most of the dissertation work is developed in the NetDB2 system project, which is an instantiation of DAS model and is developed in collaboration with University of California, Irvine and IBM. |
