Information Leakage in Cloud Data Warehouses

Information leakage is the inadvertent disclosure of sensitive information through correlation of records from several databases/collections of a cloud data warehouse. Malicious insiders pose a serious threat to cloud data security and this justifies the focus on information leakage due to rogue emp...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on sustainable computing Vol. 5; no. 2; pp. 192 - 203
Main Authors Ahmadian, Mohammad, Marinescu, Dan C.
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.04.2020
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
approximate query processing
biased sampling
capacity of a leakage channel
Cloud computing
cross-correlation estimation
Data encryption
Data sampling
Data warehouses
Database as a service
Encryption
information leakage
Leakage
NoSQL databases
Sensitivity analysis
Online AccessGet full text

Cover

More Information
Summary:Information leakage is the inadvertent disclosure of sensitive information through correlation of records from several databases/collections of a cloud data warehouse. Malicious insiders pose a serious threat to cloud data security and this justifies the focus on information leakage due to rogue employees or to outsiders using the credentials of legitimate employees. The discussion in this paper is restricted to NoSQL databases with a flexible schema. Data encryption can reduce information leakage, but it is impractical to encrypt large databases and/or all fields of database documents. Encryption limits the operations that can be carried on the data in a database. It is thus, critical to distinguish sensitive documents in a data warehouse and concentrate on efforts to protect them. The capacity of a leakage channel introduced in this work quantifies the intuitively obvious means to trigger alarms when an insider attacker uses excessive computer resources to correlate information in multiple databases. The Sensitivity Analysis based on Data Sampling (SADS) introduced in this paper balances the trade-offs between higher efficiency in identifying the risks posed by information leakage and the accuracy of the results obtained by sampling very large collections of documents. The paper reports on experiments assessing the effectiveness of SADS and the use of selective disinformation to limit information leakage. Cloud services identifying sensitive records and reducing the risk of information leakage are also discussed.
ISSN:2377-3782
2377-3782
2377-3790
DOI:10.1109/TSUSC.2018.2838520