DAS模型中的数据库加密与密文检索研究
|
摘要
DAS(Database as a Service)模型是云存储中的一种新型数据库应用体系。在DAS模型中,数据所有者将数据交由数据库服务提供商(Database Service Provider, DBSP)托管,数据库以服务的形式提供。DBSP负责用户数据的存取、管理和查询服务,这意味着DBSP可在无访问控制的情况下获取用户数据,因此,DAS模型的最大安全威胁来自于内部的数据管理者,而并非数据库的外部攻击。在这种服务器端不可信的环境中,使用数据库加密可以充分保障数据安全,但在检索时需对密文逐一解密,导致检索性能急剧下降。对结构化数据库而言,由于数据库加密破坏了原有数据的有序性、数值大小、模糊匹配等固有特征,数据库的范围检索和模糊检索变得异常困难;对非结构化数据库而言,其非结构化特性导致了加密粒度难以控制、密文检索效率低等问题;同时,由于DAS模型的服务器端不可信,传统的密钥管理机制无法保障密钥安全性,HSM(Hardware Security Module)策略虽可保障密钥安全性,但密钥存储空间有限,目前为止,DAS模型的密钥管理还未有较成熟的解决方法。
针对上述问题,本文基于结构化数据库和非结构化数据库的结构特征,在DAS模型环境下,分别针对关系型数据库和XML数据库,提出数据库的加密策略和密文检索模型,并通过安全性分析和实验仿真证明了加密策略的安全性和密文检索的高效性,在此基础上,提出一种适用于DAS模型的密钥管理策略,能够克服密钥存储的数量限制,也保障了密钥的安全性和使用效率。
本文的主要研究工作如下:
(1)针对关系型数据库加密中存在的安全问题,提出一种适用于DAS模型的数据库加密策略,该策略通过初始化向量变换改变密文分布,而不需存储初始化向量,避免了基于频率的数据库攻击,也不会产生较多的数据冗余;在此基础上,针对数值型密文的范围检索问题,提出一种数据库密文检索模型,该模型根据检索条件,通过数值顺序置换动态划定数据库的数值范围,由此范围直接提取符合检索条件数据库密文,从而实现对范围检索的支持,也避免了检索过程中不必要的数据传输和加密/解密,通过实验证明,这种方式缩短了密文检索中的数据传输和加密/解密时间,显著提高了数据库密文检索效率。
(2)针对关系型数据库中字符型密文的模糊检索问题,提出一种字符型数据的加密与密文检索模型。对CHAR或VARCHAR数据类型,提出一种基于特征提取的双重过滤算法,由数据的字符集和字符位置关系提取特征值,并根据此特征值将大部分不符合特征的数据库记录过滤,在检索时只需传输和解密较少的数据,进而提高密文检索效率。这种特征值的提取基于字符加密,只有持有密钥者才能进行字符特征的提取和比对,因而保障了数据库加密的安全性,经实验证明,双重过滤算法可将大部分不符合关键词字符特征的记录剔除,提高了密文检索性能;针对CLOB数据类型,提出一种字符位置信息分组加密的策略,该策略将所有字符转换为对应位置信息,并将此位置信息先进行分组,然后对每一组数据分别加密,因此,数据库检索时只需解密一组或多组密文数据。这种策略有效减少了解密数据量,提高了密文检索效率,同时这种分组的方式隐藏了明文数据的频率分布,避免了基于频率的数据库攻击。
(3)针对XML数据库加密粒度难以控制、密文检索效率低等问题,提出一种基于曲线插值变换的XML数据库加密与密文检索模型,在此模型中,提出一种XML节点的隐藏机制,通过这种机制可将加密粒度细化为XML节点、XML节点间的关系、XML子树,灵活地控制了XML数据的加密粒度,并利用曲线插值变换改变XML数据的密文分布,可有效抵御各类针对XML数据库的攻击,也能支持数值范围检索。在此基础上建立XQuery检索翻译器,将客户端明文的XQuery语句转换为服务器端的对应密文语句,检索过程只需解密少数密文,避免了不必要的XML数据传输和解密。经证明,加密模型具备足够安全性,以Oracle XML DB为例进行实验,结果显示密文检索效率能够达到无索引XML明文检索的65%。
(4)针对DAS模型密钥管理中安全保障困难、存储空间受限等问题,提出基于哈希查询的密钥管理策略,采用一种多叉树结构建立密钥字典,该方法能够同时适用于关系数据库和XML数据库,并提出基于哈希算法的密钥字典查询模型,将多叉树路径的哈希值存储于密钥字典中,通过哈希值的快速匹配提取二级密钥信息,经实验验证,这种策略有效提高了密钥的提取效率。在安全性方面,HSM的存储方式杜绝了在服务器端获得主密钥或工作密钥的可能,密钥字典将二级密钥信息存储于服务器端,解除了密钥存储数量的限制,多叉树路径哈希值的存储策略隐藏了二级密钥信息和数据库密文的链接,保障了密钥的安全性。
DAS (Database as a Service) is a novel database application architecture of Cloud Storage. In DAS model, data owner outsource data to a DBSP(Database Service Provider), and database is provided as a service. Database server provides the services of storage, access, management and query of data. This means DBSP can gain the data of data owner easily. Therefore, instead of the external database attack, the biggest threat in security is from data administrator. In the untrusted database server, database encryption is a natural solution. However, due to the wasted time in decryption, the query performance will be lost. For the structured database, range query and fuzzy query is inefficient because the ordering, similarity, comparability is destroyed by encryption; for the unstructured database, encryption granularity is difficult to control owing to the unstructured property. Simultaneously, the conventional key management method cannot ensure security in untrusted database server. HSM is a secure strategy but the storage space of HSM is limited. There's not an appropriate method in the key management of DAS so far.
To address these problems, for relational database and XML database, the different encryption method and ciphtext query model are proposed based on the structure of database. This model can improve the performance of ciphtext query on the premise of ensuring the security of database. Furthermore, a key management strategy is presented, by which the quantity of key will not be limited, and the utilization efficiency of key can be improved.
The main work and contributions of the paper are as follows:
(1) To address the security problem of database encryption of relational database, a database encryption strategy applied to DAS is introduced. This strategy changes the distribution of ciphertext of database by the translation of initialization vector. There's no need to store the initialization vectors in our strategy. The frequency-based attack can be avoided, and the data redundancy will not be caused. On this basis, to the problem of ciphertext query of numeric data, a ciphertext query model is proposed.This model determines the range of numeric data dynamically by the order replacement of numerical value, and the needed ciphertext can be extracted. Range query is supported by this model, in which the unnecessary data transmission and encryption/decryption will be avoided. The experimental results show that the time of data transmission and encryption/decryption is saved and the efficiency of ciphertext query is improved remarkably.
(2) To the fuzzy query of encrypted character data in relational database, an encryption and ciphertext query model is proposed. For the CHAR or VARCHAR data type, a double filtration method based on feature extraction is presented. The characteristic value is extracted from the character set and the positions of character data, by which most of the nonmatched data will be filtered. Therefore, the time wasted on transmission and encryption reduced greatly. As a result, the retrieval speed is improved. Only key holder can extract the characteristic value and match it with that of keyword in that the extraction is based on encryption algorithm.So the security is ensured in database encryption. The experimental results show that the double filtration algorithm eliminated most of nonmatched records in database. Naturally, the performance of ciphertext query was improved. To CLOB data type, we store and encrypt these positions group by group instead of the original data. In other words, the original character data will be abandoned because they can be generated by the positions. When the query of database is executing, we only decrypt one or more group and the character matching translates into the numerical comparison. The amount of decryption is reduced efficiently. As a result, the query efficiency of database will be improved remarkably. Furthermore, this strategy confused the distribution of plaintext, which avoids the frequency-based attack.
(3) To address the problem of the coarse granularity in encryption and the inefficiency in ciphertext query, an approach based on curve interpolation is presented. Firstly, more flexible encryption granularity can be obtained through a XML node-hide mechanism; secondly, more efficiency to resist various kinds of database attack due to the changing of ciphertext distribution and data size. A XMLQuery (XQuery) is established. The proposed model offers greater security, and the ciphertext query performance can amount to 65% of the plaintext query based on the result of experimental simulation.
(4) To address the difficulty of security insurance and limited storage space in key management, the key management strategy based on the query of hash values is proposed. The key dictionary is established in multiway tree structure. This strategy can be applied in relational database and XML database. Simultaneously, the key dictionary query model is presented. The hash value of each path in multiway tree structure is stored in key dictionary. The secondary key can be extracted by matching hash values. The experimental results show that the efficiency of key extraction is improved. Furthermore, due to the adoption of HSM(Hardware Security Module), it is difficult to obtain the primary key or working key in database server. The secondary key information is stored in database server, by which the quantity of key will not be limited. The linkage between the secondary key information and database records is concealed by the hash values of multiway tree structure. As a result, the security is obtained.
针对上述问题,本文基于结构化数据库和非结构化数据库的结构特征,在DAS模型环境下,分别针对关系型数据库和XML数据库,提出数据库的加密策略和密文检索模型,并通过安全性分析和实验仿真证明了加密策略的安全性和密文检索的高效性,在此基础上,提出一种适用于DAS模型的密钥管理策略,能够克服密钥存储的数量限制,也保障了密钥的安全性和使用效率。
本文的主要研究工作如下:
(1)针对关系型数据库加密中存在的安全问题,提出一种适用于DAS模型的数据库加密策略,该策略通过初始化向量变换改变密文分布,而不需存储初始化向量,避免了基于频率的数据库攻击,也不会产生较多的数据冗余;在此基础上,针对数值型密文的范围检索问题,提出一种数据库密文检索模型,该模型根据检索条件,通过数值顺序置换动态划定数据库的数值范围,由此范围直接提取符合检索条件数据库密文,从而实现对范围检索的支持,也避免了检索过程中不必要的数据传输和加密/解密,通过实验证明,这种方式缩短了密文检索中的数据传输和加密/解密时间,显著提高了数据库密文检索效率。
(2)针对关系型数据库中字符型密文的模糊检索问题,提出一种字符型数据的加密与密文检索模型。对CHAR或VARCHAR数据类型,提出一种基于特征提取的双重过滤算法,由数据的字符集和字符位置关系提取特征值,并根据此特征值将大部分不符合特征的数据库记录过滤,在检索时只需传输和解密较少的数据,进而提高密文检索效率。这种特征值的提取基于字符加密,只有持有密钥者才能进行字符特征的提取和比对,因而保障了数据库加密的安全性,经实验证明,双重过滤算法可将大部分不符合关键词字符特征的记录剔除,提高了密文检索性能;针对CLOB数据类型,提出一种字符位置信息分组加密的策略,该策略将所有字符转换为对应位置信息,并将此位置信息先进行分组,然后对每一组数据分别加密,因此,数据库检索时只需解密一组或多组密文数据。这种策略有效减少了解密数据量,提高了密文检索效率,同时这种分组的方式隐藏了明文数据的频率分布,避免了基于频率的数据库攻击。
(3)针对XML数据库加密粒度难以控制、密文检索效率低等问题,提出一种基于曲线插值变换的XML数据库加密与密文检索模型,在此模型中,提出一种XML节点的隐藏机制,通过这种机制可将加密粒度细化为XML节点、XML节点间的关系、XML子树,灵活地控制了XML数据的加密粒度,并利用曲线插值变换改变XML数据的密文分布,可有效抵御各类针对XML数据库的攻击,也能支持数值范围检索。在此基础上建立XQuery检索翻译器,将客户端明文的XQuery语句转换为服务器端的对应密文语句,检索过程只需解密少数密文,避免了不必要的XML数据传输和解密。经证明,加密模型具备足够安全性,以Oracle XML DB为例进行实验,结果显示密文检索效率能够达到无索引XML明文检索的65%。
(4)针对DAS模型密钥管理中安全保障困难、存储空间受限等问题,提出基于哈希查询的密钥管理策略,采用一种多叉树结构建立密钥字典,该方法能够同时适用于关系数据库和XML数据库,并提出基于哈希算法的密钥字典查询模型,将多叉树路径的哈希值存储于密钥字典中,通过哈希值的快速匹配提取二级密钥信息,经实验验证,这种策略有效提高了密钥的提取效率。在安全性方面,HSM的存储方式杜绝了在服务器端获得主密钥或工作密钥的可能,密钥字典将二级密钥信息存储于服务器端,解除了密钥存储数量的限制,多叉树路径哈希值的存储策略隐藏了二级密钥信息和数据库密文的链接,保障了密钥的安全性。
DAS (Database as a Service) is a novel database application architecture of Cloud Storage. In DAS model, data owner outsource data to a DBSP(Database Service Provider), and database is provided as a service. Database server provides the services of storage, access, management and query of data. This means DBSP can gain the data of data owner easily. Therefore, instead of the external database attack, the biggest threat in security is from data administrator. In the untrusted database server, database encryption is a natural solution. However, due to the wasted time in decryption, the query performance will be lost. For the structured database, range query and fuzzy query is inefficient because the ordering, similarity, comparability is destroyed by encryption; for the unstructured database, encryption granularity is difficult to control owing to the unstructured property. Simultaneously, the conventional key management method cannot ensure security in untrusted database server. HSM is a secure strategy but the storage space of HSM is limited. There's not an appropriate method in the key management of DAS so far.
To address these problems, for relational database and XML database, the different encryption method and ciphtext query model are proposed based on the structure of database. This model can improve the performance of ciphtext query on the premise of ensuring the security of database. Furthermore, a key management strategy is presented, by which the quantity of key will not be limited, and the utilization efficiency of key can be improved.
The main work and contributions of the paper are as follows:
(1) To address the security problem of database encryption of relational database, a database encryption strategy applied to DAS is introduced. This strategy changes the distribution of ciphertext of database by the translation of initialization vector. There's no need to store the initialization vectors in our strategy. The frequency-based attack can be avoided, and the data redundancy will not be caused. On this basis, to the problem of ciphertext query of numeric data, a ciphertext query model is proposed.This model determines the range of numeric data dynamically by the order replacement of numerical value, and the needed ciphertext can be extracted. Range query is supported by this model, in which the unnecessary data transmission and encryption/decryption will be avoided. The experimental results show that the time of data transmission and encryption/decryption is saved and the efficiency of ciphertext query is improved remarkably.
(2) To the fuzzy query of encrypted character data in relational database, an encryption and ciphertext query model is proposed. For the CHAR or VARCHAR data type, a double filtration method based on feature extraction is presented. The characteristic value is extracted from the character set and the positions of character data, by which most of the nonmatched data will be filtered. Therefore, the time wasted on transmission and encryption reduced greatly. As a result, the retrieval speed is improved. Only key holder can extract the characteristic value and match it with that of keyword in that the extraction is based on encryption algorithm.So the security is ensured in database encryption. The experimental results show that the double filtration algorithm eliminated most of nonmatched records in database. Naturally, the performance of ciphertext query was improved. To CLOB data type, we store and encrypt these positions group by group instead of the original data. In other words, the original character data will be abandoned because they can be generated by the positions. When the query of database is executing, we only decrypt one or more group and the character matching translates into the numerical comparison. The amount of decryption is reduced efficiently. As a result, the query efficiency of database will be improved remarkably. Furthermore, this strategy confused the distribution of plaintext, which avoids the frequency-based attack.
(3) To address the problem of the coarse granularity in encryption and the inefficiency in ciphertext query, an approach based on curve interpolation is presented. Firstly, more flexible encryption granularity can be obtained through a XML node-hide mechanism; secondly, more efficiency to resist various kinds of database attack due to the changing of ciphertext distribution and data size. A XMLQuery (XQuery) is established. The proposed model offers greater security, and the ciphertext query performance can amount to 65% of the plaintext query based on the result of experimental simulation.
(4) To address the difficulty of security insurance and limited storage space in key management, the key management strategy based on the query of hash values is proposed. The key dictionary is established in multiway tree structure. This strategy can be applied in relational database and XML database. Simultaneously, the key dictionary query model is presented. The hash value of each path in multiway tree structure is stored in key dictionary. The secondary key can be extracted by matching hash values. The experimental results show that the efficiency of key extraction is improved. Furthermore, due to the adoption of HSM(Hardware Security Module), it is difficult to obtain the primary key or working key in database server. The secondary key information is stored in database server, by which the quantity of key will not be limited. The linkage between the secondary key information and database records is concealed by the hash values of multiway tree structure. As a result, the security is obtained.
引文
[1]http://www. cncloudcomputing.com
[2]http://www.idcun.com/cloud/200912207291.html
[3]Zhan Ying, Sun Yong. Cloud Storage Management Technology[J].Information and
Computing Science,2009. ICIC'09.2009, Page(s):309-311
[4]http://bbs.chinacloud.cn/attachment.aspx?attachmentid=586
[5]Divyakant Agrawal,Amr El Abbadi,Fatih Emekci,Ahmed Metwally. Database Management as a Service:Challenges and Opportunities. icde, pp.1709-1716,2009 IEEE International Conference on Data Engineering,2009
[6]G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu, "Two can keep a secret:A distributed architecture for secure database services." in CIDR,2005, pp.186-199.
[7]J. Li and R. Omiecinski, "Efficiency and security trade-off in supporting range queries on encrypted databases," in Proc. of the IFIP Conference on Database and Applications Security,2005.
[8]E. Shmueli, R. Waisenberg, Y. Elovici, and E. Gudes, "Designing secure indexes for encrypted databases," in Proc. of the IFIP Conference on Database and Applications Security,2005.
[9]L. Bouganim, Y. Guo. Database Encryption, Encyclopaedia of Cryptography and Security, S. Jajodia, H. Van Tilborg (editors), Springer, (9 pages),2009.
[10]Hakan Hacigumus, Bala Iyer, Mehrotra S. Providing database as a service [C] //Proc of ICDE. Washington, DC,USA:IEEE Computer Society,2002
[11]Amazon Elastic Compute Cloud, http://aws.amazon.com/ec2/
[12]GooSe App Engine, http://appengine.google.com/
[13]SaleForce Cloud Computing Platform, http://www.salesforce.corn/platform/
[14]Microsoft Azure, http://www.microsoft.com/azure/windowsazure.mspx
[15]http://www.asconline.com/includes/podcasts/ASC_Podcast-Software_as_a_Servic e.pdf
[16]https://s3.amazonaws.com/
[17]http://www.microsoft.com/windowsazure/sqlazure/
[18]Fox G.Implications of Web 2.0 for the Semantic Grid[J].Semantics, Knowledge and Grid,2006. SKG'06.Publication Year:2006, Page(s):2-2
[19]费杭柏.数据库安全与加密.密码与信息,1991(1):46-51
[20]Kevin Kenan.Cryptography in the Database:The Last Line of Defense[M]. Symantec Press:Addison Wesley,2005
[21]咸鹤群,冯登国.支持属性粒度数据库加密的查询重写算法[J].计算机研究与发展,2008,45(8):1307-1314.
[22]U.Maheshwari et al., "How to Build a Trusted Database System on Untrusted Storage", OSDI 2000.
[23]C. Wood, E. B. Fernandez, R. C. Summers, Data base security:requirements, policies, and models, IBM Systems Journal, v.19 n.2, p.229-252, June 1980
[24]http://netsecurity.51cto.com/art/200511/11633.htm
[25]王正飞.数据库加密技术及其应用研究[学位论文].复旦大学,2005
[26]M. Kantarcioglu et al., "Security Issues in Querying Encrypted Data", Technical Report, Purdue U.,2004.
[27]http://en.wikipedia.org/wiki/Edgar_F._Codd
[28]余祥宣,闵锐.一种加密数据库的快速查询算法[J].华中理工大学学报,1998,26(9):8-10
[29]G.I.David, D.L.Wells and J.B.Kam. A Database Encryption System with Subkeys[J]. ACM Transactions on Database Systems, Vol.6, No.2, June 1981:312-328
[30]H.Hacigumus, B.Lyer, Chen Li, Sharad Mehrotra.Executing SQL over Encrypted Data in the Database-Server-Provider Model[C].In the proceedings of ACM SIGMOD,2002:216-227.
[31]E. Damiani et al., "Balancing confidentiality and efficiency in untrusted relational DBMSs. Proc. of ACM Conference on Computer and Communications Security,2003.
[32]Hore, B., Mehrotra, S., Tsudik, G.:A privacy-preserving index for range queries. In:Proceedings of VLDB'04. (2004) 720-731
[33]Agrawal R, Kiernan J, Srikant R. Order preserving encryption for numeric data [C]//The ACM SIGMOD International Conference, Paris, France,2004:563-574.
[34]G.Ozsoyoglu,D.A.Singer and S.S.Chung.Atni-tamper database research:Query Encrypted Databases[R].EECS433 Final Report,Case Western Reserve University,2002.
[35]R.L.Rivest, L.Adleman, and M.L.Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation,1978:169-178
[36]潘承洞,潘承彪.初等数论[M].北京:北京大学出版社,1991:11-13.
[37]N.Ahitub, C.Lapid, and S.Neumann, Processing. Encrypted Data, Communications of the ACM,1987, pp.777-780.
[38]Domingo-Ferrer, "A new privacy homomorphism and applications," Information Processing Letters, vol.60, pp.277-282,1996.
[39]L.Bouganim,P.Pucheral.Chip-Secured Data Access:Confidential Data on Untrusted Servers[C].In the proceedings of 28th International Conference on Very Large Databases(VLDB),HongKong,China,2002:131-142.
[40]Dawn Xiaodong Song, David Wagner, Adrian Perrig:Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security and Privacy 2000:44-55
[41]Henry Brown. Considerations in implementing a Database Management System Encryption Security solution [R]. A Research Report Presented to The Department of Computer Science at the University of Cape Town,2003.
[42]Wang ZF, Dai J, Wang W, Shi BL, Fast query over encrypted Character data in database, COMPUTATIONAL AND INFORMATION SCIENCE, PROCEEDINGS LECTURE NOTES IN COMPUTER SCIENCE 3314:1027-1033
[43]Bloom B. Space/time Tradeoffs in Hash Coding with Allowable Errors[J]. Communication of the ACM,1970,13(7):422-426
[44]Hong Zhu, Jing Cheng, Renchao Jin, Kevin Lu, "Executing Query over Encrypted Character Strings in Databases," Proc. Proceedings of the 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, IEEE Computer Society Washington, DC, USA,2007:90-97.
[45]T.Apaydin, G.Canahuate, H.Ferhatosmanoglu et al. Approximate Encoding for Direct Access and Query Processing over Compressed Bitmaps, in:Proceedings of the 32nd International Conference on Very Large Databases. VLDB Endowment,2006.846-857
[46]Yong Zhang, Wei-Xin Li, Xia-Mu Niu. A secure cipher index over encrypted Character data in database; Machine Learning and Cybernetics,2008 International Conference on;2008, Page(s):1111-1116
[47]Yong Zhang, Wei-xin Li, Xia-mu Niu.A Method of Bucket Index over Encrypted Character Data in Database[J].Intelligent Information Hiding and Multimedia Signal Processing,2007. IIHMSP 2007.2007,Page(s):186-189
[48]Lianzhong Liu, Jingfen Gai. Bloom Filter Based Index for Query over Encrypted Character Strings in Database[J].Computer Science and Information Engineering.2009, Page(s):303-307.
[49]H.Wang, L.Lakshmanan.Efficient Secure Query Evaluation over Encrypted XML Databases.32nd International Conference on Very Large Data Bases,2006 September 12-15.
[50]http://oreilly.com/catalog/puis3/chapter/ch11.pdf
[51]L. Feng and W. Jonker. Efficient Processing of Secured XML Metadata. OTM Workshops 2003p:704-717
[52]R.C.Jammalamadaka, S.Mehrotra. Querying Encrypted XML documents. IDEAS'06.
[53]Y.Yang, W.Ng, H.L.Lau, and J.Cheng. An Efficient Approach to Support Querying Secure Outsourced XML Information CAiSE 2006, LNCS 4001, p:157-171, 2006.
[54]M.Schrefl, K.Grun, J. Dorn. SemCrypt-Ensuring Privacy of Electronic Documents through Semantic-Based Encrypted Query Processing.21st International Conference on Data Engineering Workshops. April 5,8p:1191
[55]Fernandez EB, Summers RC, Wood C (1980) Database Security and Integrity. Addison-Wesley, Massachusetts.
[56]Shmueli E., Vaisenberg R, Elovici Y, Glezer C., Database Encryption:An Overview of Contemporary Challenges and Design Considerations, SIGMOD Record, 38,3,29-34, (2009).
[57]O. Unay and T. I. Gundem, "A Survey on Querying Encrypted XML Documents for Databases as a Service", ACM SIGMOD Record, Vol.37, Number 1, March 2008, pp 12-20.
[58]张敏,徐震,冯登国.数据库安全[M].北京:科学出版社.2005.
[59]Elovici Y, Waisenberg R, Shmueli E, Gudes E. (2004) A Structure Preserving Database Encryption Scheme. SDM 2004, Workshop on Secure Data Management, Toronto, Canada, August.
[60]Kantarcioglu M, Liu Y, Jiang W, Malin B. A cryptographic approach to securely share and query genomic sequences. IEEE Transactions on Information Technolgy in Biomedicine.2008; 12(5):606-617.
[61]Bao-Chyuan Guan; Ray-I Chang; Yung Chung Wei; Chi a-Ling Hu; Yu-Lin Chiu, "An encryption scheme for large Chinese texts", In Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, Taiwan, ROC, pp 564-568. (2003)
[62]Dong HyeokLee; You Jin Song; Sung Min Lee; TaekYong Nam; JongSu Jang, "How to Construct a New Encryption Scheme Supporting Range Queries on Encrypted Database," Convergence Information Technology,2007. International Conference on, vol., no., pp.1402-1407,21-23 Nov.2007
[63]Hassan M. Elkamchouchi, Fatma Ahmed.Rotor Cipher with Time Controlled Key and Encryption Process (RTCKP)[J].Radio Science Conference,2009. NRSC 2009. National Publication Year:2009, Page(s):1-12
[64]Kamp PH (2003) GBDE-GEOM based disk encryption Source. BSDCon'03, pp.57-68.
[65]Min-Shiang H, Wei-Pang Y (1997) Multilevel Secure Database Encryption with Subkeys. Data and Knowledge Engineering 22,117-131.
[66]Chang C, Chan CW (2003) A Database Record Encryption Scheme Using RSA Public Key Cryptosystem and Its Master Keys. The international conference on Computer networks and mobile computing.
[67]http://www.oracle.com/technology/global/cn/tech/xml/xmldb
[68]http://www.ibm.com/developerworks/cn/data/library/techarticles/0209lima/02091i ma.html
[69]http://msdn.microsoft.com/zh-cn/library/ms345117%28SQL.90%29.aspx
[70]Shmueli E, Waisenberg R, Elovici Y, Gudes E(2005) Designing secure indexes for encrypted databases. Proceedings of Data and Applications Security,19th Annual IFIP WG 11.3 Working Conference, USA.
[71]http://tech.ccidnet.com/art/9865/20070406/1054907_1.html
[72]http://www.w3c.org/XML/Query.
[73]http://www.almaden.ibm.eom/es/PeoPle/chamberlin/quilt.html.
[74]http://www.w3.org/TR/xpath.
[75]http://www.ibiblio.org/xql/.
[76]http://www.w3.org/TR/NOTE-xml-ql/.
[77]卢开澄.计算机密码学[M].第2版.北京:清华大学出版社,1998:17-28.
[78]DenningD. Cryptography and Data Security [M]. MA:Addison-Wesley,1982: 115-119.
[79]Stinson D R. Cryptogaraphy:Theory and Practice [M].2nd Edition, London: CRC Press,2002:45-46.
[80]Thomas Fanghanel. Using encryption for secure data storage in mobile database systems[D]. September,2002.
[81]Oracle. Oracle9i database security for e-business[Z]. An Oracle White Paper. June 2001.
[82]Hacigumus H,Iyer B,Mehrotra S.Efficient execution of aggregation queries over encrypted relational databases[C]//Proc of the 9th International Conference on Database Systems for Advanced Applications,Jeju Island, Korea, March 2004:216-227.
[83]Damiani E, De Capitani di Vimercati S, et al. Metadata management in outsourced encrypted databases[C]//Proc of SDM 2005, LNCS 3674. Berlin: Springer,2005:16-32
[84]Hakan Hacigumu, Sharad Mehrotra. Efficient key updates in encrypted database systems[C]//Proc of SDM 2005, LNCS 3674. Berlin:Springer,2005:1-15
[85]于涵,赵亮,徐伟军,等.一种新的数据库加密及密文索引方法的研究[J].电子学报,2005,12(3):23-25.
[86]赵丹枫,金顺福,刘国华,高峰,王柠.基于多重桶划分的密文索引技术[J].燕山大学学报.2008,32(6):477-482
[87]Iyer B, Mehrotra S, Mykletun E, et al.A framework for efficient storage security in RDBMS [C]//Proc of the EDBT 2004, LNCS 2992. Berlin:Springer,2004: 147-164.
[88]Ernesto Damiani, De Capitani di Vimercati S, et al.Key management for multi2user encrypted databases [C]//Proc of the 2005 ACM Workshop on Storage Security and Survivability. New York:ACM,2005
[89]戴一奇,尚杰,苏中民.密文数据库的快速检索.清华大学学报,1997,37(4):24-27
[90]马勺布,胡磊,徐德启.一种动态安全的密文数据库检索方法[J].计算机工程.2005,(31)6:132-133
[91]陈华锋.高速SHA-256算法硬件实现[J].浙江大学学报(理学版).2009,36(6):675-678
[92]Li F F, Hadjieleftheriou M, Kollios G. Dynamic authenticated index structures for outsourced databases [C]//Proc of ACM Management of Data (SIGMOD), Chicago, IL, USA,2006:121-132.
[93]Papadopoulos S, Papadias D, Cheng W, Tan K. Separating authentication from query execution in outsourced databases [C]//Proc of International Conference onData Engineering(ICDE),Shanghai, China,2009:1148-1151.
[94]Aameek S, Ling L. Sharoes:a data sharing platform for outsourced enterprise storage environments [C]//Proc of International Conference on Data Engineering (ICDE), Cancun, Mexico,2008:993-1002.
[95]Amanatidis, Georgios, Boldyreva. Provably-secure schemes for basic query support in outsourced databases[C]//DBSEC. Redondo Beach, CA, United States. 2007:14-30.
[96]朱勤,于守健,乐嘉锦,等.外包数据库系统安全机制研究[J].计算机科学,2007,34(2):152-156.
[97]王正飞,王曼,汪卫,等.数据库中加密字符数据的存储与查询.计算机研究与发展,2004,41(suppl):66-71
[98]崔宾阁,刘大昕,王桐.支持快速查询的数据库加密方法研究[J].计算机科学,2006,33(6):115-118.
[99]王柠,赵威,刘国华,赵春红.外包数据库中字符数据的k-映射密文索引技术[J].燕山大学学报.2009,33(5):438-443
[100]Extensible Markup Language, XML 1.0 http://www.w3.org/TR/REC-xml, October 2000
[101]Y.Yang, W.Ng, H.L.Lau, and J.Cheng. An Efficient Approach to Support Querying Secure Outsourced XML Information CAiSE 2006, LNCS 4001, p:157-171, 2006.
[102]冯建华,钱乾,廖雨果,李国良,塔娜,周立柱.纯XML数据库研究综述[J].计算机应用研究.2006,(6):1-7
[103]J. Shanmugasundaram, K. Tufte, C. Zhang, G. He, D. J. DeWitt,and J. F. Naughton. Relational databases for querying XML documents:limitations and opportunities. In The Very Large Databases Journal. Pages 302-314,1999.
[104]P.Bohannon, J. Freire, P.Roy, J.Simeon. From XML Schema to relations:A cost based approach to XML Storage. In the proceedings of ICDE 2002.
[105]http://database.ctocio.com.cn/analysis/67/7636567.shtml
[106]T.Imamura, B.Dillaway, E.Simon, XML Encryption Syntax and Processing, W3C Recommendation, December 2002. http://www.w3.org/TR/xmlenc-core/March 2002.
[107]S Abiteboul, S. Cluet, T Milo. Querying and updating the file. VLDB 1993, pp73-84
[108]D. Florescu, D. Kossman, A Performance Evaluation of Alternative Mapping Schemes for Storing XML Data in a Relational Database, Rapport de Recherche No.3680 INRIA, Rocquencourt, France, May 1999
[109]J. Shanmugasundaram, K. Tufte, C. Zhang, G. He, D. J. DeWitt, J. F. Naughton, Relational Databases for Querying XML Documents:Limitations and Opportunities. VLDB 1999:302-214
[110]C. Kanne, G. Moerkotte, Efficient storage of XML data, ICDE 2000, pp198
[111]XML Encryption equirements,http://www.w3.org/TR/xml-encryption-req,March 2002.
[112]Tao-Ku Chang, Gwan-Hwan Hwang:A Processing Model for the Optimal Querying of Encrypted XML Documents in XQuery. ADC 2007:43-51
[113]http://www.cmpe.boun.edu.tr/~gundem/xml-encrypt.pdf
[114]L.Bouganim,F.DangNgoc,P.Pucheral.Client-Based Access Control Management for XML documents[C].Toronato, Canada:Proceeding of 30th International Conference on Very Large Data Bases,2004:84-95
[115]R.Brinkman et al. Efficient Tree Search in Encrypted Data. http://eprints.eemcs.utwente.nl/5789
[116]M.Abadi, B.Warinschi.Seeurity analysis of cryptographically controlled access to XML documents[C].Baltimore, Maryland Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems, 2005:108-117.
[117]Jae-Gil Lee, Kyu-Young Whang.Secure query processing against encrypted XML data using Query-Aware Decryption[J]. Information Sciences, 2006,(176):1928-1947.
[118]Francis Scheid.Schaum's Outline of Numerical Analysis[M].New York: McGraw-Hill,1989.
[119]http://www.w3.org/TR/2009/PER-xqueryx-20090421/
[120]WANG Jin, LIU Zi-wei, HUANG Xiao-fang."Encryption arithmetic and key technology in database encryption", Network Information Technique,2004(6), pp.34-36.
[121]Artur Zarski. Security in SQL Server 2005 as seen by a programmer. Software Developer's Journal.2005.9
[122]Gang Chen, Ke Chen, Jinxiang Dong. "A database encryption scheme for enhanced securityand easy sharing",Proceedings of the 10th International Conference on Computer Supported Cooperative Work in Design IEEE 2006.
[123]Sung Hsueh, Database Encryption in SQL Server 2008 Enterprise Edition,SQL Server Technical Article,2008. http://msdn.microsoft.com/enus/library/cc278098.aspx.
[124]Oracle Corporation, Oracle Advanced Security Transparent Data Encryption Best Practices, White Paper,2009.
[125]T. Hinke, "The Trusted Approach to Multilevel Security," in Proceedings of the Computer Security Applications Conference, pp.335-341, December 1990.
[126]Wang Yuan-zhen, Feng Chao. "Research and implementation of database encryption system", Computer Engineering and Applications,2005(8), pp.170-172
[127]Yong Zhang, Qin-tao Song, Xia-mu Niu. The Key Management of the Encrypted Database Based on XML[J]. Intelligent Information Hiding and Multimedia Signal Processing,2007. IIHMSP 2007.2007, Page(s):229-232
[128]J. C. Lagarias, "Pseudo-random number generators in cryptography and number theory", American Mathematical Society,1990, pp.115-143.
[129]S. Chaudhuri, G Weikum, "Rethinking database system architecture:towards a self-tuning RISC-style database system", Int. Conf on VLDB,2000.
[130]W. Rankl and W. Effing, Smart Card Handbook, John Wiley & Sons Ltd,1997.
[131]王庆梅,吴克力,刘凤玉,胡光宇.一种子密钥数据库加密算法及其密钥管理方案研究[J].计算机工程与应用.2003(11):52-54
[2]http://www.idcun.com/cloud/200912207291.html
[3]Zhan Ying, Sun Yong. Cloud Storage Management Technology[J].Information and
Computing Science,2009. ICIC'09.2009, Page(s):309-311
[4]http://bbs.chinacloud.cn/attachment.aspx?attachmentid=586
[5]Divyakant Agrawal,Amr El Abbadi,Fatih Emekci,Ahmed Metwally. Database Management as a Service:Challenges and Opportunities. icde, pp.1709-1716,2009 IEEE International Conference on Data Engineering,2009
[6]G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu, "Two can keep a secret:A distributed architecture for secure database services." in CIDR,2005, pp.186-199.
[7]J. Li and R. Omiecinski, "Efficiency and security trade-off in supporting range queries on encrypted databases," in Proc. of the IFIP Conference on Database and Applications Security,2005.
[8]E. Shmueli, R. Waisenberg, Y. Elovici, and E. Gudes, "Designing secure indexes for encrypted databases," in Proc. of the IFIP Conference on Database and Applications Security,2005.
[9]L. Bouganim, Y. Guo. Database Encryption, Encyclopaedia of Cryptography and Security, S. Jajodia, H. Van Tilborg (editors), Springer, (9 pages),2009.
[10]Hakan Hacigumus, Bala Iyer, Mehrotra S. Providing database as a service [C] //Proc of ICDE. Washington, DC,USA:IEEE Computer Society,2002
[11]Amazon Elastic Compute Cloud, http://aws.amazon.com/ec2/
[12]GooSe App Engine, http://appengine.google.com/
[13]SaleForce Cloud Computing Platform, http://www.salesforce.corn/platform/
[14]Microsoft Azure, http://www.microsoft.com/azure/windowsazure.mspx
[15]http://www.asconline.com/includes/podcasts/ASC_Podcast-Software_as_a_Servic e.pdf
[16]https://s3.amazonaws.com/
[17]http://www.microsoft.com/windowsazure/sqlazure/
[18]Fox G.Implications of Web 2.0 for the Semantic Grid[J].Semantics, Knowledge and Grid,2006. SKG'06.Publication Year:2006, Page(s):2-2
[19]费杭柏.数据库安全与加密.密码与信息,1991(1):46-51
[20]Kevin Kenan.Cryptography in the Database:The Last Line of Defense[M]. Symantec Press:Addison Wesley,2005
[21]咸鹤群,冯登国.支持属性粒度数据库加密的查询重写算法[J].计算机研究与发展,2008,45(8):1307-1314.
[22]U.Maheshwari et al., "How to Build a Trusted Database System on Untrusted Storage", OSDI 2000.
[23]C. Wood, E. B. Fernandez, R. C. Summers, Data base security:requirements, policies, and models, IBM Systems Journal, v.19 n.2, p.229-252, June 1980
[24]http://netsecurity.51cto.com/art/200511/11633.htm
[25]王正飞.数据库加密技术及其应用研究[学位论文].复旦大学,2005
[26]M. Kantarcioglu et al., "Security Issues in Querying Encrypted Data", Technical Report, Purdue U.,2004.
[27]http://en.wikipedia.org/wiki/Edgar_F._Codd
[28]余祥宣,闵锐.一种加密数据库的快速查询算法[J].华中理工大学学报,1998,26(9):8-10
[29]G.I.David, D.L.Wells and J.B.Kam. A Database Encryption System with Subkeys[J]. ACM Transactions on Database Systems, Vol.6, No.2, June 1981:312-328
[30]H.Hacigumus, B.Lyer, Chen Li, Sharad Mehrotra.Executing SQL over Encrypted Data in the Database-Server-Provider Model[C].In the proceedings of ACM SIGMOD,2002:216-227.
[31]E. Damiani et al., "Balancing confidentiality and efficiency in untrusted relational DBMSs. Proc. of ACM Conference on Computer and Communications Security,2003.
[32]Hore, B., Mehrotra, S., Tsudik, G.:A privacy-preserving index for range queries. In:Proceedings of VLDB'04. (2004) 720-731
[33]Agrawal R, Kiernan J, Srikant R. Order preserving encryption for numeric data [C]//The ACM SIGMOD International Conference, Paris, France,2004:563-574.
[34]G.Ozsoyoglu,D.A.Singer and S.S.Chung.Atni-tamper database research:Query Encrypted Databases[R].EECS433 Final Report,Case Western Reserve University,2002.
[35]R.L.Rivest, L.Adleman, and M.L.Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation,1978:169-178
[36]潘承洞,潘承彪.初等数论[M].北京:北京大学出版社,1991:11-13.
[37]N.Ahitub, C.Lapid, and S.Neumann, Processing. Encrypted Data, Communications of the ACM,1987, pp.777-780.
[38]Domingo-Ferrer, "A new privacy homomorphism and applications," Information Processing Letters, vol.60, pp.277-282,1996.
[39]L.Bouganim,P.Pucheral.Chip-Secured Data Access:Confidential Data on Untrusted Servers[C].In the proceedings of 28th International Conference on Very Large Databases(VLDB),HongKong,China,2002:131-142.
[40]Dawn Xiaodong Song, David Wagner, Adrian Perrig:Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security and Privacy 2000:44-55
[41]Henry Brown. Considerations in implementing a Database Management System Encryption Security solution [R]. A Research Report Presented to The Department of Computer Science at the University of Cape Town,2003.
[42]Wang ZF, Dai J, Wang W, Shi BL, Fast query over encrypted Character data in database, COMPUTATIONAL AND INFORMATION SCIENCE, PROCEEDINGS LECTURE NOTES IN COMPUTER SCIENCE 3314:1027-1033
[43]Bloom B. Space/time Tradeoffs in Hash Coding with Allowable Errors[J]. Communication of the ACM,1970,13(7):422-426
[44]Hong Zhu, Jing Cheng, Renchao Jin, Kevin Lu, "Executing Query over Encrypted Character Strings in Databases," Proc. Proceedings of the 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, IEEE Computer Society Washington, DC, USA,2007:90-97.
[45]T.Apaydin, G.Canahuate, H.Ferhatosmanoglu et al. Approximate Encoding for Direct Access and Query Processing over Compressed Bitmaps, in:Proceedings of the 32nd International Conference on Very Large Databases. VLDB Endowment,2006.846-857
[46]Yong Zhang, Wei-Xin Li, Xia-Mu Niu. A secure cipher index over encrypted Character data in database; Machine Learning and Cybernetics,2008 International Conference on;2008, Page(s):1111-1116
[47]Yong Zhang, Wei-xin Li, Xia-mu Niu.A Method of Bucket Index over Encrypted Character Data in Database[J].Intelligent Information Hiding and Multimedia Signal Processing,2007. IIHMSP 2007.2007,Page(s):186-189
[48]Lianzhong Liu, Jingfen Gai. Bloom Filter Based Index for Query over Encrypted Character Strings in Database[J].Computer Science and Information Engineering.2009, Page(s):303-307.
[49]H.Wang, L.Lakshmanan.Efficient Secure Query Evaluation over Encrypted XML Databases.32nd International Conference on Very Large Data Bases,2006 September 12-15.
[50]http://oreilly.com/catalog/puis3/chapter/ch11.pdf
[51]L. Feng and W. Jonker. Efficient Processing of Secured XML Metadata. OTM Workshops 2003p:704-717
[52]R.C.Jammalamadaka, S.Mehrotra. Querying Encrypted XML documents. IDEAS'06.
[53]Y.Yang, W.Ng, H.L.Lau, and J.Cheng. An Efficient Approach to Support Querying Secure Outsourced XML Information CAiSE 2006, LNCS 4001, p:157-171, 2006.
[54]M.Schrefl, K.Grun, J. Dorn. SemCrypt-Ensuring Privacy of Electronic Documents through Semantic-Based Encrypted Query Processing.21st International Conference on Data Engineering Workshops. April 5,8p:1191
[55]Fernandez EB, Summers RC, Wood C (1980) Database Security and Integrity. Addison-Wesley, Massachusetts.
[56]Shmueli E., Vaisenberg R, Elovici Y, Glezer C., Database Encryption:An Overview of Contemporary Challenges and Design Considerations, SIGMOD Record, 38,3,29-34, (2009).
[57]O. Unay and T. I. Gundem, "A Survey on Querying Encrypted XML Documents for Databases as a Service", ACM SIGMOD Record, Vol.37, Number 1, March 2008, pp 12-20.
[58]张敏,徐震,冯登国.数据库安全[M].北京:科学出版社.2005.
[59]Elovici Y, Waisenberg R, Shmueli E, Gudes E. (2004) A Structure Preserving Database Encryption Scheme. SDM 2004, Workshop on Secure Data Management, Toronto, Canada, August.
[60]Kantarcioglu M, Liu Y, Jiang W, Malin B. A cryptographic approach to securely share and query genomic sequences. IEEE Transactions on Information Technolgy in Biomedicine.2008; 12(5):606-617.
[61]Bao-Chyuan Guan; Ray-I Chang; Yung Chung Wei; Chi a-Ling Hu; Yu-Lin Chiu, "An encryption scheme for large Chinese texts", In Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, Taiwan, ROC, pp 564-568. (2003)
[62]Dong HyeokLee; You Jin Song; Sung Min Lee; TaekYong Nam; JongSu Jang, "How to Construct a New Encryption Scheme Supporting Range Queries on Encrypted Database," Convergence Information Technology,2007. International Conference on, vol., no., pp.1402-1407,21-23 Nov.2007
[63]Hassan M. Elkamchouchi, Fatma Ahmed.Rotor Cipher with Time Controlled Key and Encryption Process (RTCKP)[J].Radio Science Conference,2009. NRSC 2009. National Publication Year:2009, Page(s):1-12
[64]Kamp PH (2003) GBDE-GEOM based disk encryption Source. BSDCon'03, pp.57-68.
[65]Min-Shiang H, Wei-Pang Y (1997) Multilevel Secure Database Encryption with Subkeys. Data and Knowledge Engineering 22,117-131.
[66]Chang C, Chan CW (2003) A Database Record Encryption Scheme Using RSA Public Key Cryptosystem and Its Master Keys. The international conference on Computer networks and mobile computing.
[67]http://www.oracle.com/technology/global/cn/tech/xml/xmldb
[68]http://www.ibm.com/developerworks/cn/data/library/techarticles/0209lima/02091i ma.html
[69]http://msdn.microsoft.com/zh-cn/library/ms345117%28SQL.90%29.aspx
[70]Shmueli E, Waisenberg R, Elovici Y, Gudes E(2005) Designing secure indexes for encrypted databases. Proceedings of Data and Applications Security,19th Annual IFIP WG 11.3 Working Conference, USA.
[71]http://tech.ccidnet.com/art/9865/20070406/1054907_1.html
[72]http://www.w3c.org/XML/Query.
[73]http://www.almaden.ibm.eom/es/PeoPle/chamberlin/quilt.html.
[74]http://www.w3.org/TR/xpath.
[75]http://www.ibiblio.org/xql/.
[76]http://www.w3.org/TR/NOTE-xml-ql/.
[77]卢开澄.计算机密码学[M].第2版.北京:清华大学出版社,1998:17-28.
[78]DenningD. Cryptography and Data Security [M]. MA:Addison-Wesley,1982: 115-119.
[79]Stinson D R. Cryptogaraphy:Theory and Practice [M].2nd Edition, London: CRC Press,2002:45-46.
[80]Thomas Fanghanel. Using encryption for secure data storage in mobile database systems[D]. September,2002.
[81]Oracle. Oracle9i database security for e-business[Z]. An Oracle White Paper. June 2001.
[82]Hacigumus H,Iyer B,Mehrotra S.Efficient execution of aggregation queries over encrypted relational databases[C]//Proc of the 9th International Conference on Database Systems for Advanced Applications,Jeju Island, Korea, March 2004:216-227.
[83]Damiani E, De Capitani di Vimercati S, et al. Metadata management in outsourced encrypted databases[C]//Proc of SDM 2005, LNCS 3674. Berlin: Springer,2005:16-32
[84]Hakan Hacigumu, Sharad Mehrotra. Efficient key updates in encrypted database systems[C]//Proc of SDM 2005, LNCS 3674. Berlin:Springer,2005:1-15
[85]于涵,赵亮,徐伟军,等.一种新的数据库加密及密文索引方法的研究[J].电子学报,2005,12(3):23-25.
[86]赵丹枫,金顺福,刘国华,高峰,王柠.基于多重桶划分的密文索引技术[J].燕山大学学报.2008,32(6):477-482
[87]Iyer B, Mehrotra S, Mykletun E, et al.A framework for efficient storage security in RDBMS [C]//Proc of the EDBT 2004, LNCS 2992. Berlin:Springer,2004: 147-164.
[88]Ernesto Damiani, De Capitani di Vimercati S, et al.Key management for multi2user encrypted databases [C]//Proc of the 2005 ACM Workshop on Storage Security and Survivability. New York:ACM,2005
[89]戴一奇,尚杰,苏中民.密文数据库的快速检索.清华大学学报,1997,37(4):24-27
[90]马勺布,胡磊,徐德启.一种动态安全的密文数据库检索方法[J].计算机工程.2005,(31)6:132-133
[91]陈华锋.高速SHA-256算法硬件实现[J].浙江大学学报(理学版).2009,36(6):675-678
[92]Li F F, Hadjieleftheriou M, Kollios G. Dynamic authenticated index structures for outsourced databases [C]//Proc of ACM Management of Data (SIGMOD), Chicago, IL, USA,2006:121-132.
[93]Papadopoulos S, Papadias D, Cheng W, Tan K. Separating authentication from query execution in outsourced databases [C]//Proc of International Conference onData Engineering(ICDE),Shanghai, China,2009:1148-1151.
[94]Aameek S, Ling L. Sharoes:a data sharing platform for outsourced enterprise storage environments [C]//Proc of International Conference on Data Engineering (ICDE), Cancun, Mexico,2008:993-1002.
[95]Amanatidis, Georgios, Boldyreva. Provably-secure schemes for basic query support in outsourced databases[C]//DBSEC. Redondo Beach, CA, United States. 2007:14-30.
[96]朱勤,于守健,乐嘉锦,等.外包数据库系统安全机制研究[J].计算机科学,2007,34(2):152-156.
[97]王正飞,王曼,汪卫,等.数据库中加密字符数据的存储与查询.计算机研究与发展,2004,41(suppl):66-71
[98]崔宾阁,刘大昕,王桐.支持快速查询的数据库加密方法研究[J].计算机科学,2006,33(6):115-118.
[99]王柠,赵威,刘国华,赵春红.外包数据库中字符数据的k-映射密文索引技术[J].燕山大学学报.2009,33(5):438-443
[100]Extensible Markup Language, XML 1.0 http://www.w3.org/TR/REC-xml, October 2000
[101]Y.Yang, W.Ng, H.L.Lau, and J.Cheng. An Efficient Approach to Support Querying Secure Outsourced XML Information CAiSE 2006, LNCS 4001, p:157-171, 2006.
[102]冯建华,钱乾,廖雨果,李国良,塔娜,周立柱.纯XML数据库研究综述[J].计算机应用研究.2006,(6):1-7
[103]J. Shanmugasundaram, K. Tufte, C. Zhang, G. He, D. J. DeWitt,and J. F. Naughton. Relational databases for querying XML documents:limitations and opportunities. In The Very Large Databases Journal. Pages 302-314,1999.
[104]P.Bohannon, J. Freire, P.Roy, J.Simeon. From XML Schema to relations:A cost based approach to XML Storage. In the proceedings of ICDE 2002.
[105]http://database.ctocio.com.cn/analysis/67/7636567.shtml
[106]T.Imamura, B.Dillaway, E.Simon, XML Encryption Syntax and Processing, W3C Recommendation, December 2002. http://www.w3.org/TR/xmlenc-core/March 2002.
[107]S Abiteboul, S. Cluet, T Milo. Querying and updating the file. VLDB 1993, pp73-84
[108]D. Florescu, D. Kossman, A Performance Evaluation of Alternative Mapping Schemes for Storing XML Data in a Relational Database, Rapport de Recherche No.3680 INRIA, Rocquencourt, France, May 1999
[109]J. Shanmugasundaram, K. Tufte, C. Zhang, G. He, D. J. DeWitt, J. F. Naughton, Relational Databases for Querying XML Documents:Limitations and Opportunities. VLDB 1999:302-214
[110]C. Kanne, G. Moerkotte, Efficient storage of XML data, ICDE 2000, pp198
[111]XML Encryption equirements,http://www.w3.org/TR/xml-encryption-req,March 2002.
[112]Tao-Ku Chang, Gwan-Hwan Hwang:A Processing Model for the Optimal Querying of Encrypted XML Documents in XQuery. ADC 2007:43-51
[113]http://www.cmpe.boun.edu.tr/~gundem/xml-encrypt.pdf
[114]L.Bouganim,F.DangNgoc,P.Pucheral.Client-Based Access Control Management for XML documents[C].Toronato, Canada:Proceeding of 30th International Conference on Very Large Data Bases,2004:84-95
[115]R.Brinkman et al. Efficient Tree Search in Encrypted Data. http://eprints.eemcs.utwente.nl/5789
[116]M.Abadi, B.Warinschi.Seeurity analysis of cryptographically controlled access to XML documents[C].Baltimore, Maryland Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems, 2005:108-117.
[117]Jae-Gil Lee, Kyu-Young Whang.Secure query processing against encrypted XML data using Query-Aware Decryption[J]. Information Sciences, 2006,(176):1928-1947.
[118]Francis Scheid.Schaum's Outline of Numerical Analysis[M].New York: McGraw-Hill,1989.
[119]http://www.w3.org/TR/2009/PER-xqueryx-20090421/
[120]WANG Jin, LIU Zi-wei, HUANG Xiao-fang."Encryption arithmetic and key technology in database encryption", Network Information Technique,2004(6), pp.34-36.
[121]Artur Zarski. Security in SQL Server 2005 as seen by a programmer. Software Developer's Journal.2005.9
[122]Gang Chen, Ke Chen, Jinxiang Dong. "A database encryption scheme for enhanced securityand easy sharing",Proceedings of the 10th International Conference on Computer Supported Cooperative Work in Design IEEE 2006.
[123]Sung Hsueh, Database Encryption in SQL Server 2008 Enterprise Edition,SQL Server Technical Article,2008. http://msdn.microsoft.com/enus/library/cc278098.aspx.
[124]Oracle Corporation, Oracle Advanced Security Transparent Data Encryption Best Practices, White Paper,2009.
[125]T. Hinke, "The Trusted Approach to Multilevel Security," in Proceedings of the Computer Security Applications Conference, pp.335-341, December 1990.
[126]Wang Yuan-zhen, Feng Chao. "Research and implementation of database encryption system", Computer Engineering and Applications,2005(8), pp.170-172
[127]Yong Zhang, Qin-tao Song, Xia-mu Niu. The Key Management of the Encrypted Database Based on XML[J]. Intelligent Information Hiding and Multimedia Signal Processing,2007. IIHMSP 2007.2007, Page(s):229-232
[128]J. C. Lagarias, "Pseudo-random number generators in cryptography and number theory", American Mathematical Society,1990, pp.115-143.
[129]S. Chaudhuri, G Weikum, "Rethinking database system architecture:towards a self-tuning RISC-style database system", Int. Conf on VLDB,2000.
[130]W. Rankl and W. Effing, Smart Card Handbook, John Wiley & Sons Ltd,1997.
[131]王庆梅,吴克力,刘凤玉,胡光宇.一种子密钥数据库加密算法及其密钥管理方案研究[J].计算机工程与应用.2003(11):52-54
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |