Affiliations: [a] DTI, Università degli Studi di Milano, Crema, Italy. E-mail: firstname.lastname@unimi.it | [b] CSIS, George Mason University, Fairfax, VA, USA. E-mail: jajodia@gmu.edu | [c] DIIMM, Università degli Studi di Bergamo, Dalmine, Italy. E-mail: parabosc@unibg.it
Correspondence:
[**]
Corresponding author: Pierangela Samarati, DTI, Università degli Studi di Milano, Via Bramante 65, 26013 Crema, Italy. Tel.: +39 0373 898 061; Fax: +39 0373 898 010; E-mail: pierangela.samarati@unimi.it.
Note: [*] A preliminary version of this paper appeared under the title “Enforcing confidentiality constraints on
sensitive databases with lightweight trusted clients” in: Proc. of the 23rd Annual IFIP WG 11.3 Working
Conference on Data and Applications Security (DBSec 2009), Montreal, Canada, July 12–15, 2009 [12]
and under the title “Keep a few: Outsourcing data while maintaining confidentiality” in: Proc. of the
14th European Symposium On Research In Computer Security (ESORICS 2009), Saint Malo, France,
September 21–25, 2009 [13].
Abstract: Existing approaches for protecting sensitive information outsourced at external “honest-but-curious” servers are typically based on an overlying layer of encryption applied to the whole database, or on the combined use of fragmentation and encryption. In this paper, we put forward a novel paradigm for preserving privacy in data outsourcing, which departs from encryption. The basic idea is to involve the owner in storing a limited portion of the data, while storing the remaining information in the clear at the external server. We analyze the problem of computing a fragmentation that minimizes the owner's workload, which is represented using different metrics and corresponding weight functions, and prove that this minimization problem is NP-hard. We then introduce the definition of locally minimal fragmentation that is used to efficiently compute a fragmentation via a heuristic algorithm. The algorithm translates the problem of finding a locally minimal fragmentation in terms of a hypergraph 2-coloring problem. Finally, we illustrate the execution of queries on fragments and provide experimental results comparing the fragmentations returned by our heuristics with respect to optimal fragmentations. The experiments show that the heuristics guarantees a low computation cost and is able to compute a fragmentation close to optimum.
