强制数据隐私和用户隐私的外包数据库服务研究*

外包数据库中的数据隐私和用户隐私保护是现代外包数据库服务面临的新挑战，针对目前外包数据库服务中单方面考虑数据隐私保护或用户隐私保护技术难以同时满足外包数据库安全需求的不足，提出一种可同时强制数据隐私和用户隐私保护的外包数据库服务模型，采用属性分解和部分属性加密技术，基于结合准标志集自动检测技术的近似算法实现外包数据的最小加密属性分解，同时把密码学应用于辅助随机服务器协议，以实现数据库访问时的用户隐私保护。理论分析和实验结果表明,该模型可以提供有效的数据隐私保护和查询处理，以及较好的用户隐私保护计算复杂度。

Enforcing data privacy and user privacy over outsourced database service

It is crucial to design solutions able to respond to privacy guarantees with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. This paper proposed a novel solution to enforce data privacy and user privacy over outsourced database services. The approach started from a flexible definition of privacy constraints on a relational schema, applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on an untrusted database server and minimizing the amount of data represented in encrypted format, it could also solve the problem of private information retrieval to protect user privacy by applying cryptographic technology on the auxiliary random server protocol. The theoretical analysis and experimental results show that the new model can provide efficient data privacy protection and query processing, efficient in computational complexity and dose not increase the cost of communication complexity of user privacy protection.