PolyStream

Thoma, Cory; Lee, Adam J.; Labrinidis, Alexandros

doi:10.1145/2914642.2914660

Cited by 9 publications

(2 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One representative system is CryptDB [2]. Streamforce [3] and PloyStream [4] target at real-time stream processing and extend CryptDB to support multi-user query control. However, both systems encrypt a piece of data multiple times so as to satisfy the queries requested by different data users.…”

Section: A Work Fully Based On Cryptographymentioning

confidence: 99%

“…Hence, many cloud-based systems employ cryptography to encrypt confidential data when being transmitted, processed and/or stored. However, one of the biggest challenges caused by cloud data encryption is how to efficiently utilize encrypted data while not being bothered by encryption, e.g., queries that are frequently performed in many cloud systems [2]- [4]. Typically, a data query can be represented by a SQL-style expression and interpreted as a query plan, i.e., a directed acyclic graph (DAG) of computational operators for execution, such as projection, selection, aggregation, union and join.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

QShield: Protecting Outsourced Cloud Data Queries With Multi-User Access Control Based on SGX

Chen

Zheng

Yan

et al. 2021

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX based solutions lack support on multiuser query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this paper, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multiuser query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trustproof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multiuser support. Index Terms-Secure query, Outsourced data, Secure hardware, Intel SGX, Cloud computing, Multiuser query control We would like to thank Wen-hai Sun, Ning Zhang and Xue-qin Liang for their insightful comments on the manuscript. We also thank Wen-jing Lou for her constructive suggestions and kindly comments on this research topic.

show abstract

Section: A Work Fully Based On Cryptographymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

QShield: Protecting Outsourced Cloud Data Queries With Multi-User Access Control Based on SGX

Chen

Zheng

Yan

et al. 2021

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

show abstract

Shoal: Query Optimization and Operator Placement for Access Controlled Stream Processing Systems

Thoma

Labrinidis

Lee

2019

Data and Applications Security and Privacy XXXIII

Self Cite

View full text Add to dashboard Cite

Distributed Data Stream Processing Systems (DDSPS) execute on transient data flowing through long-running, continuous, streaming queries, grouped together in query networks. Often, these continuous queries are outsourced by the querier to third-party computing platforms to help control the cost and maintenance associated with owning and operating such systems. Such outsourcing, however, may be contradictory to a data provider's access controls as they may not permit their data to be viewed or accessed by an unintended third party. A data provider's access controls may, therefore, prevent a querier from fully outsourcing their query. Current research in this space has provided alternative access control techniques that involve computation-enabling encryption techniques, specialized hardware, or specialized query operators that allow for a data provider to enforce access controls while still allowing a querier to employ a third-party system. However, no system considers access controls and their enforcement as part of the query optimization step. In this paper, we present Shoal, an optimizer that considers access controls as first class citizens when optimizing and distributing a network of query operators. We show that Shoal can generate more efficient queries versus the state-of-the-art, as well as detail how changes in access controls can generate new query plans at runtime.

show abstract

Effective Access Control in Shared-Operator Multi-tenant Data Stream Management Systems

Zaki¹,

Lee²,

Chrysanthis³

2020

Data and Applications Security and Privacy XXXIV

View full text Add to dashboard Cite

PolyStream

Cited by 9 publications

References 35 publications

QShield: Protecting Outsourced Cloud Data Queries With Multi-User Access Control Based on SGX

QShield: Protecting Outsourced Cloud Data Queries With Multi-User Access Control Based on SGX

Shoal: Query Optimization and Operator Placement for Access Controlled Stream Processing Systems

Effective Access Control in Shared-Operator Multi-tenant Data Stream Management Systems

Contact Info

Product

Resources

About