Practical Security and Privacy for Database Systems

Xi He, Jennie Rogers, Johes Bater, Ashwin MacHanavajjhala, Chenghong Wang, Xiao Wang

Research output: Contribution to journalConference articlepeer-review

Abstract

Computing technology has enabled massive digital traces of our personal lives to be collected and stored. These datasets play an important role in numerous real-life applications and research analysis, such as contact tracing for COVID 19, but they contain sensitive information about individuals. When managing these datasets, privacy is usually addressed as an afterthought, engineered on top of a database system optimized for performance and usability. This has led to a plethora of unexpected privacy attacks in the news. Specialized privacy-preserving solutions usually require a group of privacy experts and they are not directly transferable to other domains. There is an urgent need for a generally trustworthy database system that offers end-to-end security and privacy guarantees. In this tutorial, we will first describe the security and privacy requirements for database systems in different settings and cover the state-of-the-art tools that achieve these requirements. We will also show challenges in integrating these techniques together and demonstrate the design principles and optimization opportunities for these security and privacy-aware database systems. This is designed to be a three hour tutorial.

Original languageEnglish (US)
Pages (from-to)2839-2845
Number of pages7
JournalProceedings of the ACM SIGMOD International Conference on Management of Data
DOIs
StatePublished - 2021
Event2021 International Conference on Management of Data, SIGMOD 2021 - Virtual, Online, China
Duration: Jun 20 2021Jun 25 2021

Keywords

  • differential privacy
  • privacy
  • secure computation
  • security
  • trusted execution environment

ASJC Scopus subject areas

  • Software
  • Information Systems

Cite this