Author: Han, Ziyang
Title: Privacy-preserving query processing based on trusted execution environment and access pattern obfuscation technologies
Advisors: Hu, Haibo (EIE)
Degree: Ph.D.
Year: 2022
Subject: Computer security
Data privacy
Computer networks -- Security measures
Querying (Computer science)
Hong Kong Polytechnic University -- Dissertations
Department: Department of Electronic and Information Engineering
Pages: x, 144 pages : color illustrations
Language: English
Abstract: The thesis involves three research works in the field of privacy-preserving query processing. They focus on the research problems of memory level security and privacy of data querying services in the cloud hosting environment. In such a scenario, the proposed schemes consider not only the direct attacks tampering with the data and the data processing but also the threats from semi-honest adversaries in cloud platforms that attempt to derive sensitive information for inference attacks through analyzing the access pattern leakage. Motivated by these security goals, three privacy-preserving schemes are designed based on different principles and for different types of queries that comprise the body of the thesis. The first work proposes memory-secure DBMS adaptation encapsulating a bare SQL processor into the trusted execution environment (TEE) and optimizes the existing Oblivious RAM scheme to efficiently shuffle the access patterns generated in retrieving data blocks from untrusted memory for processing inside TEE. The second work provides a perturbation mechanism in a two-tier index to obfuscate the access pattern on the trapdoors of the fuzzy keyword search over encrypted document database. The TEE technology is employed to encapsulate the plaintext secondary index which is sensitive and conceals the obfuscation process. The third work gives a middleware solution to obfuscate access frequency patterns for general queries without leaking sensitive information of individual queries in a harsher threat model in which the query boundaries are exposed to attackers. Different from the former two schemes, it introduces a K-isomorphism perturbation mechanism on the query requests while not over the data storage and query processor. In each of these works, adequate literature is reviewed, and the most related works are involved in comparative evaluations. The thesis unifies the three works under a common background to summarize the research outcomes in the Ph.D. program and gives a prospect of future works.
Rights: All rights reserved
Access: open access

Files in This Item:
File Description SizeFormat 
6380.pdfFor All Users3.55 MBAdobe PDFView/Open

Copyright Undertaking

As a bona fide Library user, I declare that:

  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show full item record

Please use this identifier to cite or link to this item: