GGrantIndex
← Search

ITR: Privacy in Database-As-A-Service (DAS) Model

$595,115FY2002CSENSF

University Of California-Irvine, Irvine CA

Investigators

Abstract

Rapid advances in networking and Internet technologies has fueled the emergence of the "software as a service" model for enterprise computing that enables organizations to outsource many Information Technology (IT) services. This model allows organizations to concentrate on their core business instead of sustaining large investments in IT. IT outsourcing results in savings from the economies of scale due to leveraging of hardware, software, personnel, as well as maintenance and upgrade costs. Outsourcing is a common practice in Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) domains and it is gaining popularity in basic services such as email, storage and disaster protection. This research will explore the data privacy challenges that arise in outsourcing data management services. Data management systems are among the most common, expensive, and complex software systems used by almost all types of organizations. In the envisioned "database as a service" (DAS) model, the client's data resides on the premises of the service provider and is accessed using SQL queries. Since clients' data as a very valuable asset, the service provider must implement sufficient security measures to guarantee data privacy. The research will explore the resulting challenges: (1) Privacy protection from malicious outsiders: protecting service providers from theft of customer data (e.g., hackers breaking into a provider's site and scanning all disks). (2) Privacy protection from database service providers: assuring that clients' encrypted data cannot be decrypted at the service provider. Thus, techniques to evaluate queries over encrypted data at the service provider need to be developed. (3) Ensuring Integrity of the Results: developing scalable techniques to ensure that the service provider returns exactly the right answer set to the client's query.

View original record on NSF Award Search →