In this paper we propose and analyze a method for proofs of actual query execution in an outsourced database framework, in which a client outsources its data management needs to a specialized provider. The solution is not limited to simple selection predicate queries but handles arbitrary query types. While this work focuses mainly on read-only, computeintensive (e.g. data-mining) queries, it also provides preliminary mechanisms for handling data updates (at additional costs). We introduce query execution proofs; for each executed batch of queries the database service provider is required to provide a strong cryptographic proof that provides assurance that the queries were actually executed correctly over their entire target data set. We implement a proof of concept and present experimental results in a real-world data mining application, proving the deployment feasibility of our solution. We analyze the solution and show that its overheads are reasonable and are far outweighed by the added security benefits. For example an assurance level of over 95% can be achieved with less than 25% execution time overhead.

In this paper, we introduce a solution for relational database content rights protection through watermarking. Rights protection for relational data is of ever-increasing interest, especially considering areas where sensitive, valuable content is to be outsourced. A good example is a data mining application, where data is sold in pieces to parties specialized in mining it. Different avenues are available, each with its own advantages and drawbacks. Enforcement by legal means is usually ineffective in preventing theft of copyrighted works, unless augmented by a digital counterpart, for example, watermarking. While being able to handle higher level semantic constraints, such as classification preservation, our solution also addresses important attacks, such as subset selection and random and linear data changes. We introduce wmdb.*, a proof-of-concept implementation and its application to real-life data, namely, in watermarking the outsourced Wal-Mart sales data that we have available at our institute.

Abstract—A novel method of rights protection for categorical data through watermarking is introduced in this paper. New watermark embedding channels are discovered and associated novel watermark encoding algorithms are proposed. While preserving data quality requirements, the introduced solution is designed to survive important attacks, such as subset selection and random alterations. Mark detection is fully “blind ” in that it doesn’t require the original data, an important characteristic, especially in the case of massive data. Various improvements and alternative encoding methods are proposed and validation experiments on real-life data are performed. Important theoretical bounds including mark vulnerability are analyzed. The method is proved (experimentally and by analysis) to be extremely resilient to both alteration and data loss attacks, for example, tolerating up to 80 percent data loss with a watermark alteration of only 25 percent. Index Terms—Rights protection, categorical data, relational data, watermarking, information hiding. 1

Digital Watermarking, in the traditional sense is the technique of embedding un-detectable (un-perceivable) hidden information into multimedia objects (i.e. images, audio, video, text) mainly to protect the data from unauthorized duplication and distribution by enabling provable ownership over the content. Recent research of the authors introduces the issue of digital watermarking for generic number sets. In the present paper we expand on this foundation and introduce a solution for relational database content security through watermarking. To the best of our knowledge there is no research on this issue. Our solution addresses a series of important attacks, such as data re-sorting, subset selection (up to 30% and above data loss tolerance), linear data changes. Finally we present dbwm.*, a proof-of-concept implementation of our algorithm and its application on real life data, namely in watermarking data from the outsourced Wal-Mart sales database of the years 1999-2000.

lements a capability-based security model Theorems Theorems Mumbo Robust Object Calculus (ROC) ROC Mechanization into HOL Distributed Applications Distributed App MOM Theorems ROC Theorems Meta Object Model (MOM) Mumbo COOPL Figure 1 The Meta-Object Operating System Environment (MOOSE). of access control for distributed objects. Capabilities, which are unforgeable tokens, are modeled in ROC by unique names that are not visible and cannot be reproduced. MOM is used to design Mumbo, a concurrent object-oriented programming language (COOPL) for orchestrating the secure interoperability of heterogeneous resources in open systems. Mumbo employs wrapper technology and abstract specifications to integrate native components, while translators provide mappings from high-level languages to ROC, permitting source-level integration. Mumbo uses MOM's security model to support Discretionary Access Control (DAC) for software components. It also provides new language construc

Java and distributed applets have promised-- and delivered--increased functionality and faster software production through code reuse and a "Pull Down" methodology for distributing both applications and data across heterogeneous networks. One side effect of this, however, is the ease of developing malicious programs. Java is not the only source for malicious code, but its popularity and ease of use have raised awareness and concerns about other aspects of systems security. Concerns about Java-associated security risks have made many managers and analysts question its ability to support "mission critical" analysis. We will demonstrate that a properly extended Java architecture maximizes Java's advantages and improves analysts' performance. We propose a prototype MultiLevel Secure (MLS) 1 environment with flexible security policies that permit "safe" 2 distributed access to networked resources. The design improves the confidentiality of networked communications and the integrity of ...

Abstract. In an outsourced database framework, clients place data management with specialized service providers. Of essential concern in such frameworks is data privacy. Potential clients are reluctant to outsource sensitive data to a foreign party without strong privacy assurances beyond policy “fine–prints”. In this paper we introduce a mechanism for executing general binary JOIN operations (for predicates that satisfy certain properties) in an outsourced relational database framework with full computational privacy and low overheads – a first, to the best of our knowledge. We illustrate via a set of relevant instances of JOIN predicates, including: range and equality (e.g., for geographical data), Hamming distance (e.g., for DNA matching) and semantics (i.e., in health-care scenarios – mapping antibiotics to bacteria). We experimentally evaluate the main overhead components and show they are reasonable. For example, the initial client computation overhead for 100000 data items is around 5 minutes. Moreover, our privacy mechanisms can sustain theoretical throughputs of over 30 million predicate evaluations per second, even for an un-optimized OpenSSL based implementation. 1

In an outsourced database framework, clients place data management responsibilities with specialized service providers. Of essential concern in such frameworks is data privacy. Potential clients are reluctant to outsource sensitive data to a foreign party without strong privacy assurances beyond policy “fine prints”. In this paper we introduce a mechanism for executing general binary JOIN operations (for predicates that satisfy certain properties) in an outsourced relational database framework with computational privacy and low overhead – a first, to the best of our knowledge. We illustrate via a set of relevant instances of JOIN predicates, including: range and equality (e.g., for geographical data), Hamming distance (e.g., for DNA matching) and semantics (i.e., in health-care scenarios – mapping antibiotics to bacteria). We experimentally evaluate the main overhead components and show they are reasonable. The initial client computation overhead for 100000 data items is around 5 minutes and our privacy mechanisms can sustain theoretical throughputs of several million predicate evaluations per second, even for an un-optimized OpenSSL based implementation.