research-article

Secure personal data servers: a vision paper

Editors: Elisa Bertino, Paolo Atzeni, Kian Lee Tan, Yi Chen, Y. C. Tay Authors:

Tristan Allard,

Nicolas Anciaux,

Lionel Le Folgoc,

Benjamin Nguyen,

Philippe Pucheral,

Shaoyi YinAuthors Info & Claims

Proceedings of the VLDB Endowment, Volume 3, Issue 1-2

Pages 25 - 35

https://doi.org/10.14778/1920841.1920850

Published: 01 September 2010 Publication History

Abstract

An increasing amount of personal data is automatically gathered and stored on servers by administrations, hospitals, insurance companies, etc. Citizen themselves often count on internet companies to store their data and make them reliable and highly available through the internet. However, these benefits must be weighed against privacy risks incurred by centralization. This paper suggests a radically different way of considering the management of personal data. It builds upon the emergence of new portable and secure devices combining the security of smart cards and the storage capacity of NAND Flash chips. By embedding a full-fledged Personal Data Server in such devices, user control of how her sensitive data is shared by others (by whom, for how long, according to which rule, for which purpose) can be fully reestablished and convincingly enforced. To give sense to this vision, Personal Data Servers must be able to interoperate with external servers and must provide traditional database services like durability, availability, query facilities, transactions. This paper proposes an initial design for the Personal Data Server approach, identifies the main technical challenges associated with it and sketches preliminary solutions. We expect that this paper will open exciting perspectives for future database research.

References

[1]

Adam, N. R. and Worthmann, J. C. Security-control methods for statistical databases: a comparative study. ACM Comput. Surv., 1989.

Digital Library

[2]

Agrawal, D., Ganesan, D., Sitaraman R., Diao Y. and Singh S. Lazy-Adaptive Tree: An Optimized Index Structure for Flash Devices. VLDB, 2009.

Digital Library

[3]

Agrawal, R., Kiernan, J., Srikant, R. and Xu, Y. Hippocratic Databases. VLDB, 2002.

Digital Library

[4]

Ailamaki, A., DeWitt, D.J. and Hill, M. D. Data page layouts for relational databases on deep memory hierarchies. The VLDB Journal, 2002.

Digital Library

[5]

Allard, T., Nguyen, B. and Pucheral, P. Safe Anonymization of Data Hosted in Smart Tokens, PRiSM Technical Report n° 526, 2010.

[6]

Allard, T., Anciaux, N., Bouganim, L., Pucheral, P., Thion, R. Trustworthiness of Pervasive Healthcare Folders, Pervasive and Smart Technologies for Healthcare, Information Science Reference, 2009.

[7]

Anciaux, N., Benzine, M., Bouganim, L., Pucheral, P. and Shasha, D. GhostDB: Querying Visible and Hidden data without leaks. ACM SIGMOD, 2007.

Digital Library

[8]

Anciaux, N., Bouganim, L., Guo, Y., Pucheral, P., Vandewalle J-J. and Yin, S. Pluggable Personal Data Servers. ACM SIGMOD, 2010.

Digital Library

[9]

Bloom, B. H. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 1970.

Digital Library

[10]

Bouganim, L., Jónsson, B. Þ. and Bonnet P. uFLIP: Understanding Flash IO Patterns. CIDR, 2009.

[11]

Dingledine, R., N. Mathewson, and Syverson P. Tor: The Second-Generation Onion Router. USENIX, 2004.

Digital Library

[12]

Elbaz, R., Champagne, D., Lee, R. B., Torres, L., Sassatelli G. and Guillemin P. TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks. CHES, 2007.

Digital Library

[13]

Eurosmart. Smart USB token. White paper, Eurosmart, 2008.

[14]

Fung, B. C. M., Wang K., Chen R. and Yu P. S. Privacy-preserving data publishing: A survey on recent developments. ACM Computing Surveys, 2010. To appear.

Digital Library

[15]

Gagneux, M. Recommandations de la mission de relance du projet de DMP. http://www.sante-jeunesse-sports.gouv.fr/IMG/pdf/Rapport_DMP_mission_Gagneux.pdf (in French).

[16]

Goldschlag, D., M. Reed, and Syverson P. Onion Routing for Anonymous and Private Internet Connections. Communications of the ACM, 1999.

Digital Library

[17]

Haas, L. M., Carey, M. J., Livny, M. and Shukla, A. Seeking the truth about ad hoc join costs. VLDB Journal, 1997.

Digital Library

[18]

Hacigümüş, H., Iyer, B., and Mehrotra, S. Providing Database as a Service. ICDE, 2002.

[19]

Lee, S. and Moon, B. Design of flash-based DBMS: an in-page logging approach. ACM SIGMOD, 2007.

Digital Library

[20]

Li, Z. and Ross, K. A. Fast joins using join indices. VLDB Journal, 1999.

Digital Library

[21]

Robshaw, M., Billet, O. New Stream Cipher Designs - The eSTREAM Finalists, LNCS 4986, 2008

Digital Library

[22]

Sweeney, L. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst, 2002.

Digital Library

[23]

Wu, C., Chang, L., and Kuo, T. An Efficient B-Tree Layer for Flash-Memory Storage Systems. RTCSA, 2003.

[24]

Xiao, X. and Tao, Y. Output perturbation with query relaxation. VLDB, 2008.

Digital Library

[25]

Yin, S., Pucheral, P. and Meng, X. A Sequential Indexing Scheme for flash-based embedded systems. EDBT, 2009.

Digital Library

Cited By

Sabrina FSahama TRashid MGordon S(2023)Empowering Patients to Delegate and Revoke Access to Blockchain-based Electronic Health RecordsProceedings of the 2023 Australasian Computer Science Week10.1145/3579375.3579384(66-71)Online publication date: 30-Jan-2023
https://dl.acm.org/doi/10.1145/3579375.3579384
Carpentier RSandu Popa IAnciaux N(2022)Data Leakage Mitigation of User-Defined Functions on Secure Personal Data Management SystemsProceedings of the 34th International Conference on Scientific and Statistical Database Management10.1145/3538712.3538741(1-12)Online publication date: 6-Jul-2022
https://dl.acm.org/doi/10.1145/3538712.3538741
Anciaux NBouganim LPucheral PPopa lScerri G(2019)Personal database security and trusted execution environmentsProceedings of the VLDB Endowment10.14778/3352063.335211812:12(1994-1997)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.14778/3352063.3352118
Show More Cited By

Index Terms

Secure personal data servers: a vision paper
1. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Personal data: thinking inside the box
CA '15: Proceedings of The Fifth Decennial Aarhus Conference on Critical Alternatives

We are in a 'personal data gold rush' driven by advertising being the primary revenue source for most online companies. These companies accumulate extensive personal data about individuals with minimal concern for us, the subjects of this process. This ...
Gifting Interpretations of Personal Data
CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems

Research on physical representations of data has often used personal data as its focus. Core aim of making personal data physical is to provoke self-reflections through a felt experience. In this paper, we present a preliminary study which employs the ...
Secure data storing in a pool of vulnerable servers
Artificial intelligence and security in computing systems

Secure storing of data is a much more challenging task than encryption with a secret key. These data can be destroyed (for instance through overwriting) either by an external adversary or by the administrator of the data server. If such an attack is ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the VLDB Endowment

Proceedings of the VLDB Endowment Volume 3, Issue 1-2

September 2010

1658 pages

ISSN:2150-8097

Editors:
Elisa Bertino,
Paolo Atzeni,
Kian Lee Tan,
Yi Chen,
Y. C. Tay

Issue’s Table of Contents

Publisher

VLDB Endowment

Publication History

Published: 01 September 2010

Published in PVLDB Volume 3, Issue 1-2

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
532
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sabrina FSahama TRashid MGordon S(2023)Empowering Patients to Delegate and Revoke Access to Blockchain-based Electronic Health RecordsProceedings of the 2023 Australasian Computer Science Week10.1145/3579375.3579384(66-71)Online publication date: 30-Jan-2023
https://dl.acm.org/doi/10.1145/3579375.3579384
Carpentier RSandu Popa IAnciaux N(2022)Data Leakage Mitigation of User-Defined Functions on Secure Personal Data Management SystemsProceedings of the 34th International Conference on Scientific and Statistical Database Management10.1145/3538712.3538741(1-12)Online publication date: 6-Jul-2022
https://dl.acm.org/doi/10.1145/3538712.3538741
Anciaux NBouganim LPucheral PPopa lScerri G(2019)Personal database security and trusted execution environmentsProceedings of the VLDB Endowment10.14778/3352063.335211812:12(1994-1997)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.14778/3352063.3352118
Belyaev KSun WRay IRay I(2018)On the design and analysis of protocols for Personal Health Record storage on Personal Data Server devicesFuture Generation Computer Systems10.1016/j.future.2016.05.02780:C(467-482)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.future.2016.05.027
Allard TNguyen BPucheral P(2018)MET𝔸PDistributed and Parallel Databases10.1007/s10619-013-7122-x32:2(191-244)Online publication date: 27-Dec-2018
https://dl.acm.org/doi/10.1007/s10619-013-7122-x
To QNguyen BPucheral P(2016)Private and Scalable Execution of SQL Aggregates on a Secure Decentralized ArchitectureACM Transactions on Database Systems10.1145/289475041:3(1-43)Online publication date: 8-Aug-2016
https://dl.acm.org/doi/10.1145/2894750
Allard THébrail GMasseglia FPacitti ESellis TDavidson SIves Z(2015)ChiaroscuroProceedings of the 2015 ACM SIGMOD International Conference on Management of Data10.1145/2723372.2749453(779-794)Online publication date: 27-May-2015
https://dl.acm.org/doi/10.1145/2723372.2749453
To QNguyen BPucheral P(2015)TrustedMRProceedings of the Confederated International Conferences on On the Move to Meaningful Internet Systems: OTM 2015 Conferences - Volume 941510.1007/978-3-319-26148-5_3(38-56)Online publication date: 26-Oct-2015
https://dl.acm.org/doi/10.1007/978-3-319-26148-5_3
To QNguyen BPucheral P(2014)SQL/AAProceedings of the VLDB Endowment10.14778/2733004.27330467:13(1625-1628)Online publication date: 1-Aug-2014
https://dl.acm.org/doi/10.14778/2733004.2733046

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents