Information Security and Cryptography Research Group

The Role of Cryptography in Database Security

Ueli Maurer

Proc. of ACM SIGMOD Int. Conference on Management of Data, pp. 5–10, Jun 2004.

In traditional database security research, the database is usually assumed to be trustworthy. Under this assumption, the goal is to achieve security against external attacks (e.g. from hackers) and possibly also against users trying to obtain information beyond their privileges, for instance by some type of statistical inference. However, for many database applications such as health information systems there exist conflicting interests of the database owner and the users or organizations interacting with the database, and also between the users. Therefore the database cannot necessarily be assumed to be fully trusted. In this extended abstract we address the problem of defining and achieving security in a context where the database is not fully trusted, i.e., when the users must be protected against a potentially malicious database. Moreover, we address the problem of the secure aggregation of databases owned by mutually mistrusting organizations, for example by competing companies.

BibTeX Citation

@inproceedings{Maurer04b,
    author       = {Ueli Maurer},
    title        = {The Role of Cryptography in Database Security},
    editor       = {G. Weikum},
    booktitle    = {Proc.~of ACM SIGMOD Int.~Conference on Management of Data},
    pages        = 5--10,
    year         = 2004,
    month        = 6,
}

Files and Links