Security Issues in Outsourced XML Databases

Introduction

In the early days of ubiquitous computing and up through the late 1990s, owning and operating a sophisticated database was a strategic advantage for an organization (Bostick, 2008). Nowadays, however, nearly every organization possesses some sort of database containing different valuable information, which is considered the lifeblood of the organization. The ability to store data is therefore no longer a strategic advantage in and of itself. Recent investigations also report that storage capacity and security requirements will soon become a big problem for organizations if they still want to manage large in-house databases (Gantz, 2007). The management of the database infrastructure and the data needs has become much more of a commodity (IBM, 2008a; DBADirect, 2008). As a result, the value is not in owning a database but in how it is used and what can be got from it.

Recently, with rapid developments of the Internet and advances in the networking technologies, outsourcing database services has been emerging as a promising trend to overcome the limitations of the in-house database storage model (Hacigümüs et.al., 2002b; Bouganim & Pucheral, 2002). Basically, there are two kinds of database outsourcing models: housing-based and hosting-based. With the housing-based database outsourcing model, the server and data are the property of the outsourcer (i.e., the data owner as illustrated in Figure 1a) and the outsourcer installs the servers. In this case, the outsourcing service provider provides the physical security of machines and data, and monitors (and if necessary restores) the operating condition of the server. Of course, the service provider protects the outsourced data against physical attacks both from outside and inside. Notwithstanding, the access rights of the service provider depend on a particular contract with its client (i.e., the outsourcer). Basically, the service provider only gets a special account with the server for special managerial purposes, but the outsourcer can determine the necessary access rights of that account. As for the hosting-based database outsourcing model, instead of keeping data in local servers, accommodated internally inside an organization, and having a professional technical team to manage the relevant database services such as software and hardware updates, server performance tuning, or security and authorization management, etc., now all data management needs can be outsourced to outside database service providers (see Figure 1b). In this case, the service provider provides all needed facilities, such as hardware, operating system, etc. to host and manage the outsourced data. In particular, it is different from the housing-based model in that the database administrator in this hosting-based model belongs to the service provider, but not the outsourcer’s. By employing this hosting-service outsourcing model, usually called the outsourced database service (ODBS) model (Dang, 2005; Hacigümüs et. al., 2002b), organizations have more freedom to concentrate on and invest in their core business activities. The ODBS model is obviously preferable to the housing-based one. In both models, however, a service provider is typically not fully trusted, and thus they raise numerous interesting research challenges related to security issues (Hacigümüs et.al., 2002a; Smith & Safford, 2001; Dang, 2008; Damiani et al., 2003; Dang, 2006a; Dang, 2006b; Narasimha & Tsudik, 2006; Sion, 2005; Du & Atallah, 2000; Pang & Tan, 2004; Thuraisingham, 2005; etc.). To make the outsourcing model full-fledged and practically applicable, security-related issues must be addressed radically.