Security Issues in Outsourced XML Databases

Security Issues in Outsourced XML Databases

Tran Khanh Dang (National University of Ho Chi Minh City, Vietnam)
DOI: 10.4018/978-1-60566-308-1.ch011
OnDemand PDF Download:


In an outsourced XML database service model, organizations rely upon the premises of external service providers for the storage and retrieval management of their XML data. Since, typically, service providers are not fully trusted; this model introduces numerous interesting research challenges. Among them, the most crucial security research questions relate to data confidentiality, user and data privacy, queryassurance, secure auditing, and secure and efficient storage model. Although there exists a large number of related research works on these topics, the authors are still at the initial stage and the research results are still far from practical maturity. In this chapter, they extensively discuss all potential security issues mentioned above and the existing solutions, and present open research issues relevant to security requirements in outsourced XML databases.
Chapter Preview


In the early days of ubiquitous computing and up through the late 1990s, owning and operating a sophisticated database was a strategic advantage for an organization (Bostick, 2008). Nowadays, however, nearly every organization possesses some sort of database containing different valuable information, which is considered the lifeblood of the organization. The ability to store data is therefore no longer a strategic advantage in and of itself. Recent investigations also report that storage capacity and security requirements will soon become a big problem for organizations if they still want to manage large in-house databases (Gantz, 2007). The management of the database infrastructure and the data needs has become much more of a commodity (IBM, 2008a; DBADirect, 2008). As a result, the value is not in owning a database but in how it is used and what can be got from it.

Recently, with rapid developments of the Internet and advances in the networking technologies, outsourcing database services has been emerging as a promising trend to overcome the limitations of the in-house database storage model (Hacigümüs, 2002b; Bouganim & Pucheral, 2002). Basically, there are two kinds of database outsourcing models: housing-based and hosting-based. With the housing-based database outsourcing model, the server and data are the property of the outsourcer (i.e., the data owner as illustrated in Figure 1a) and the outsourcer installs the servers. In this case, the outsourcing service provider provides the physical security of machines and data, and monitors (and if necessary restores) the operating condition of the server. Of course, the service provider protects the outsourced data against physical attacks both from outside and inside. Notwithstanding, the access rights of the service provider depend on a particular contract with its client (i.e., the outsourcer). Basically, the service provider only gets a special account with the server for special managerial purposes, but the outsourcer can determine the necessary access rights of that account. As for the hosting-based database outsourcing model, instead of keeping data in local servers, accommodated internally inside an organization, and having a professional technical team to manage the relevant database services such as software and hardware updates, server performance tuning, or security and authorization management, etc., now all data management needs can be outsourced to outside database service providers (see Figure 1b). In this case, the service provider provides all needed facilities, such as hardware, operating system, etc. to host and manage the outsourced data. In particular, it is different from the housing-based model in that the database administrator in this hosting-based model belongs to the service provider, but not the outsourcer’s. By employing this hosting-service outsourcing model, usually called the outsourced database service (ODBS) model (Dang, 2005; Hacigümüs et. al., 2002b), organizations have more freedom to concentrate on and invest in their core business activities. The ODBS model is obviously preferable to the housing-based one. In both models, however, a service provider is typically not fully trusted, and thus they raise numerous interesting research challenges related to security issues (Hacigümüs, 2002a; Smith & Safford, 2001; Dang, 2008; Damiani et al., 2003; Dang, 2006a; Dang, 2006b; Narasimha & Tsudik, 2006; Sion, 2005; Du & Atallah, 2000; Pang & Tan, 2004; Thuraisingham, 2005; etc.). To make the outsourcing model full-fledged and practically applicable, security-related issues must be addressed radically.

Complete Chapter List

Search this Book:
Table of Contents
Ernesto Damiani
Eric Pardede
Eric Pardede
Chapter 1
Mary Ann Malloy, Irena Mlynkova
As XML technologies have become a standard for data representation, it is inevitable to propose and implement efficient techniques for managing XML... Sample PDF
Closing the Gap Between XML and Relational Database Technologies: State-of-the-Practice, State-of-the-Art and Future Directions
Chapter 2
Mirella M. Moro, Lipyeow Lim, Yuan-Chi Chang
It is well known that XML has been widely adopted for its flexible and self-describing nature. However, relational data will continue to co-exist... Sample PDF
Challenges on Modeling Hybrid XML-Relational Databases
Chapter 3
Vassiliki Koutsonikola, Athena Vakali
Nowadays, XML has become the standard for representing and exchanging data over the Web and several approaches have been proposed for efficiently... Sample PDF
XML and LDAP Integration: Issues and Trends
Chapter 4
Giovanna Guerrini, Marco Mesiti
The large dynamicity of XML documents on the Web has created the need to adequately support structural changes and to account for the possibility of... Sample PDF
XML Schema Evolution and Versioning: Current Approaches and Future Trends
Chapter 5
Mingzhu Wei, Ming Li, Elke A. Rundensteiner, Murali Mani, Hong Su
Stream applications bring the challenge of efficiently processing queries on sequentially accessible XML data streams. In this chapter, the authors... Sample PDF
XML Stream Query Processing: Current Technologies and Open Challenges
Chapter 6
Sven Groppe, Jinghua Groppe, Christoph Reinke, Nils Hoeller, Volker Linnemann
The widespread usage of XML in the last few years has resulted in the development of a number of XML query languages like XSLT or the later... Sample PDF
XSLT: Common Issues with XQuery and Special Issues of XSLT
Chapter 7
Mirella M. Moro, Zografoula Vagena, Vassilis J. Tsotras
Content-based routing is a form of data delivery whereby the flow of messages is driven by their content rather than the IP address of their... Sample PDF
Recent Advances and Challenges in XML Document Routing
Chapter 8
Philippe Poulard
XML engines are usually designed to solve a single class of problems: transformations of XML structures, validations of XML instances, Web... Sample PDF
Native XML Programming: Make Your Tags Active
Chapter 9
Stéphane Bressan, Wee Hyong Tok, Xue Zhao
Since XML technologies have become a standard for data representation, a great amount of discussion has been generated by the persisting open issues... Sample PDF
Continuous and Progressive XML Query Processing and its Applications
Chapter 10
Fabio Grandi, Federica Mandreoli, Riccardo Martoglia
In several application fields including legal and medical domains, XML documents are “versioned” along different dimensions of interest, whose... Sample PDF
Issues in Personalized Access to Multi-Version XML Documents
Chapter 11
Tran Khanh Dang
In an outsourced XML database service model, organizations rely upon the premises of external service providers for the storage and retrieval... Sample PDF
Security Issues in Outsourced XML Databases
Chapter 12
Marco Mesiti, Ernesto Jiménez Ruiz, Ismael Sanz, Rafael Berlanga Llavori, Giorgio Valentini, Paolo Perlasca, David Manset
There is a proliferation of research and industrial organizations that produce sources of huge amounts of biological data issuing from... Sample PDF
Data Integration Issues and Opportunities in Biological XML Data Management
Chapter 13
Doulkifli Boukraa, Riadh Ben Messaoud, Omar Boussaid
Current data warehouses deal for the most part with numerical data. However, decision makers need to analyze data presented in all formats which one... Sample PDF
Modeling XML Warehouses for Complex Data: The New Issues
Chapter 14
Irena Mlynkova
Since XML technologies have become a standard for data representation, numerous methods for processing XML data emerge every day. Consequently, it... Sample PDF
XML Benchmarking: The State of the Art and Possible Enhancements
About the Contributors