针对目前外包数据库服务中单方面考虑某种保护技术难以同时满足外包数据库安全需求的不足,提出一种集成数据机密性、数据隐私、用户隐私和访问控制保护的外包数据库服务模型,采用属性分解和部分属性加密技术,基于结合准标识集自动检测技术的近似算法实现外包数据的最小加密属性分解,同时把密码学应用于辅助随机服务器协议,以实现数据库访问时的用户隐私保护和访问控制.理论分析表明,该模型可以提供有效的数据隐私保护和查询处理,较好的用户隐私保护计算复杂度.%Currently in outsourced database service, to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database. In this paper, the authors proposed a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach started from a flexible definition of privacy constraints on a relational schema, applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi - identifier detection, the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect user privacy and access control. The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.
展开▼
