During database query processing, data migrates across different system components each of which may offer different levels of security guarantees and may be susceptible to different attacks. If the underlying data (or part of it) is sensitive, data migration, especially from secure components to those that are relatively insecure could increase risk of data loss. This proposal takes a "risk-based" approach to security wherein instead of designing approaches to prevent attacks, the proposed research controls flow of data during query processing through various components in such a way to strike a balance between risk of exposure and system performance. Risk-aware query processing techniques is explored in two settings: (a) A stand-alone database server where data on disks is stored encrypted (and is hence secure) but is loaded in plaintext into memory during query processing. (b) Cloud computing environment where, during peak load queries (and corresponding data) are shipped from (relatively secure) private storage to be processed at (relatively insecure) public cloud infrastructure, a phenomena known as cloudbursting. In both these settings, techniques to co-optimize query execution to simultaneously minimize both disclosure risks as well as performance costs are explored. The research offers a complementary approach to traditional techniques based on preventing attacks to support practical security in the context of database systems.

The project seeks to help launch a new direction to database security research that explores techniques to limit risks (instead of only preventing attacks). The research, if successful, will make cloud-based data management solutions more secure increasing the rate of their adoption even for applications that have substantial data confidentiality concerns. Finally, the planned research, system development, and educational activities are expected to significantly enhance the educational experience of students.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1118127
Program Officer
Jeremy Epstein
Project Start
Project End
Budget Start
2011-08-01
Budget End
2014-07-31
Support Year
Fiscal Year
2011
Total Cost
$500,000
Indirect Cost
Name
University of California Irvine
Department
Type
DUNS #
City
Irvine
State
CA
Country
United States
Zip Code
92697