The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

A New Technique to Partition and Manage Data

Security in Cloud Databases

Osama M Ben Omran Brajendra Panda

Department of Computer Science Department of Computer Science
University of Arkansas University of Arkansas
Fayetteville, AR, 72701, USA Fayetteville, AR, 72701, USA
[email protected] [email protected]

Abstract— Cloud computing has brought many advantages to well as information infrastructures consisting of groups of
companies and computer users. It allows different service computers, networks, and storage resources [2]. Nevertheless,
providers to distribute many applications as services in an this potentially revolutionizing computing paradigm could
economical way. Therefore, many users and companies have become a huge failure without appropriate security and
begun using cloud computing. However, they are concerned
privacy solutions designed for the cloud [2]. There exist
about their data when they store it on a third party, the cloud.
Fears of leakage of sensitive data or loss of privacy make the threats of unauthorized uses of the data by service providers
adoption of cloud services less attractive for organizations. In this and of theft of data from storage devices in the cloud.
paper an algorithm is presented to protect a table in a database Furthermore, security is one of the most important concerns
from any leakage. We have developed a model with a view to when moving to the cloud. Earning users’ trust in the cloud
offer secure data management capability in cloud databases. The providers occurs by providing the security of data in the cloud
model distributes and scatters the data over the cloud or data [3]. Organizations and individuals fear of leakage of their data
center in order to protect it from any leakage. Also, it explains especially the sensitive data when they put their data into the
the idea of sending the entire domain of the sensitive table into cloud. Because they typically result in data being present in
the cloud. In addition, to increase security, the algorithm is
unencrypted form on a machine owned and operated by a
designed to store each sensitive data in a different table with a
different code and store this code at the client site. Furthermore, diverse organization rather than the data owner, current cloud
a new technique has been designed to collect the data from the services pose an inherent challenge to data privacy. There are
cloud by using the bipartite matching algorithm to minimize load threats of unauthorized users of the data by service providers
costs. and of theft of data from data servers in the cloud. Fears of
sensitive data leakage or loss of privacy are a significant
Keywords-cloud computing; sensitive information; data
security; data encryption; SQL barrier to the adoption of cloud services. For example in 2007,
criminals targeted the prominent cloud service provider
Salesforce.com, and by a phishing attack succeeded in stealing
customer emails and addresses. Furthermore, because of laws
I. INTRODUCTION
assigning geographical and other restrictions on the processing
With the potential to significantly decrease costs through of personal and sensitive information by third parties, the use
optimization and increased operating and economic of cloud services as they are currently designed is constricted
efficiencies, cloud computing is a great invention [2]. In [4]. Even though organizations and individuals will save their
addition, cloud computing could significantly improve its money when they move into the cloud, they want to save
cooperation, agility, and scale, therefore enabling a truly more. They try to reduce the total amount of the expenses
global computing model over the Internet infrastructure [2]. when they transfer the data from or to the cloud or data center.
Furthermore, the cloud computing with even higher The total expense of the transfer depends on the workflow
performance has benefits in offering more scalable, fault- execution time, the total amount of data transmitted from the
tolerant services [1]. Because of its high scalability, cloud consumer to the storage resource, the total amount of data
computing offers unlimited computing resources on demand. transferred from the storage resource to the consumer, and the
This advance eliminates the need for the cloud service storage used at the resource in terms of GB-hours [5].
providers to plan far ahead on hardware provisioning [1].
Cloud computing has generated significant interest in industry, The three key cloud delivery models are software as a
but it’s still an evolving paradigm. Cloud computing attempts service (SaaS), platform as a service (PaaS), and infrastructure
to combine computing technologies and the economic service as a service (IaaS). In SaaS, the cloud providers enable and
model with the evolutionary development of several existing provide application software as on-demand services.
approaches, containing applications and spread services as Therefore, we can use the provider’s applications running on a

978-1-908320-39/1/$25.00©2014 IEEE 191

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.
 The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

cloud infrastructure and it is accessible from various client in cloud security database. As an example, in [3], researchers
devices. PaaS enables programming environments to access have described insider threat in cloud relational database
and develop additional application building blocks. Such systems. The paper explains how to develop and make
programming environments have an observable impact on the knowledgebase in a cloud relational database system to
application architecture, such as constraints on which services monitor user activities and mitigate insider threats. Authors in
the application can request from an OS [2]. In addition, paper [8] describes a model based on a client-based privacy
consumer-created applications are installed on the cloud manager in order to decrease users’ fears of data leakage and
infrastructure using programming languages and tools loss of privacy. It uses the idea of employing obfuscation and
supported by the provider. Finally, In IaaS, the cloud provider de-obfuscation of data to reduce the amount of sensitive
contributes a set of virtualized infrastructural components such information held on the cloud. Authors in paper [9] explains
as virtual machines and storage on which customers can build how to prevent modification attacks on sensitive data items.
and run applications. The application will eventually reside on They describe conditions to show how insiders can update
the VM and the virtual operating system [2]. data items maliciously in a relational database. The authors
have offered two different methods that can be used to avoid
This paper provides a method to prevent information
modification attacks. Hiding dependencies among data items
leakage. The model distributes and scatters the data over the
and denying write access to some data items are the two
cloud or data center in order to protect it from any leakage. It
methods to prevent the attacks. Papers like [10] and [11]
scatters the data depending on the relationship between the
propose a probabilistic graphical model that can automatically
attributes. Also, it explains the idea of sending the entire
infer true records and source quality in cloud data without any
domain of the sensitive table into the cloud. In addition, to
supervision. They leverage a generative process of two types
increase security, the algorithm is designed to store each
of errors (false positive and false negative) by modeling two
sensitive data in a different table with a different code and
different aspects of source quality.
store this code on the client. Furthermore, a new technique has
been designed to collect the data from the cloud by using the Authors in paper [12] show how to protect the data files of
bipartite matching with Hungarian algorithm to minimize load a data owner in the cloud infrastructure by a set of security
costs. By applying this process, cloud service providers will protocols, which are only accessible by a valid user. To
reassure their customers and provide a high degree of protect the outsourced information, the paper explains how to
transparency in their operations and privacy assurance. The combine access control and cryptography. It uses public key
organization of this paper is summarized as follows. First, it encryption for an access mechanism. Also, to prevent the
defines some related work. Second, it gives in details how the trouble of key distribution and management, it proposes a
algorithm works and secures the data. Also, some examples modified Diffie-Hellman key interchange protocol between
have been provided to clarify the method. cloud service providers and the user for secretly sharing a
symmetric key for secure data access. An additional paper
II. RELATED WORK [13] in cloud computing environments shows how to protect
Cloud computing is a promising technology that presents and ensure data confidentiality and fine-grained access
an on-demand and large-scale computing infrastructure. Cloud control. The paper guaranteed data confidentiality by dividing
computing refers to essential infrastructure for an up-and- and storing a data file into header and body. Also, it explains
coming model of service provision that has the advantage of how a data owner can selectively decrypt the whole or part of
reducing cost by sharing computing and storage resources. the data using Type-based Proxy re-encryption.
These new features have a direct impact on information
Authors in paper [14] use the vertical partitioning to divide
technology budgeting but also affect traditional security, trust
the attributes of a relation or a record. It explains a new
and privacy mechanisms [7]. It provides processing, storage,
vertical partitioning algorithm using a graphical technique.
networks, and other fundamental computing resources, so the
The algorithm starts from the attribute affinity matrix that
consumer is able to deploy and run arbitrary software, which
attributes are used together by transactions. The affinity matrix
can include operating systems and applications [6]. The secret
transforms into a complete graph and forms a linearly
data of individual users and companies is stored and managed
connected spanning tree. The algorithm generates all
by the service providers on the cloud which offers services on
meaningful fragments in single repetition by considering a
the other side of the Internet in terms of its users, and
cycle as a fragment. In [15] the authors discuss new privacy
consequently results in privacy concerns [1]. This situation has
and security concerns when users and companies give their
existed for a long time in the computing literature, and several
data to external servers that then become responsible for their
laws have been passed to protect users’ individual privacy as
storage, management, and distribution. In addition to
well as business secrets. Nevertheless, because of a new
discussing these problems and concerns, the paper illustrated
relationship between users and providers, these laws have
some developing directions introducing novel data protection
become out of date and inappropriate to the new scenarios [1].
approaches in outsourcing scenarios by data fragmentation and
Some research has been conducted in cloud database security
encryption. In [16], the paper introduces a cloud database
to protect sensitive or non-sensitive information on the cloud.
module that provides database as a service. This paper
In papers [6] and [2] some issues have been discussed in cloud
developed the notion of cloud privacy and showed how using
computing environments. A few papers have been published

978-1-908320-39/1/$25.00©2014 IEEE 192

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.
 The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

different levels of encryption layered as an onion can allow sensitive attribute1 sensitive attribute2
SQL queries to be processed over encrypted information. ID EXPERIENCE
III. SECURING THE DATA MODEL ID SALARY
In this paper, the idea of dividing the table in a database ID NET_SALARY
into many tables has been used. The paper explains some new NAME EXPERIENCE
techniques to divide, distribute, and collect the data from the NAME SALARY
cloud. In general, the model is designed to work on two sites. NAME NET_SALARY
First, at the client site, the algorithm and some secret data have
been stored. Also, the algorithm has secret calculations and SALARY NET_SALARY
secret procedures to regenerate the user request from the Figure 1. Sensitive Attribute Group
cloud. Moreover, it has information about all tables in the
Attri ID N R NO_O EXPE SAL NET_S
database and their locations on the cloud. Second, at the bute (1) A A F_DEP RIEN AR ALAR
provider site on the cloud, all tables in the database are stored M N E (4) CE(5) Y Y (7)
on the cloud to make them available to various services across E K (6)
the Internet. (2) (3)
ID 20 30 30 - - -
A. Dividing the Table (1)
NA 20 30 30 - - -
Determining the sensitive attributes is achieved by the ME
administrators or data owner. Sensitive attributes are the data (2)
that the administrators or data owner needs to hide from a RA 30 30 30 40 40 50
provider or an attacker to prevent a privacy breach. Also, the NK
(3)
administrators indicate which sensitive attributes cannot be in NO_ 30 30 30 30 100 20
one group when the table is divided. This means if the OF_
algorithm puts these sensitive attributes together in one group, DEP
there is a high risk of privacy breach. Therefore, sensitive E(4)
EXP - - 40 30 50 60
attributes are divided into difference tables based on this risk. ERI
Fig. 1 shows an example Sensitive Attribute Group. The two EN
columns mean we cannot put sensitive attribute1 with the CE
corresponding sensitive attribute2 when we divide the main (5)
SAL - - 40 100 50 -
table.
AR
In own model, the study starts by mining the log file of the Y(6)
NET - - 50 20 60 -
database system which we want to put on the cloud, and by _SA
this studying we get a statistical attributes matrix for all tables LA
and all attributes. Fig. 2 shows the Statistical Attributes Matrix RY
for all attributes in the table. This matrix describes the (7)
Figure 2. Statistical Attributes Matrix
relationship between all attributes in the tables which we want
to put on the cloud. It explains how many times or transactions
Fig. 2 explains the number of transactions accessed those
the two attributes come together. If there is a number in the
attributes together. If there are no numbers and only hyphen (-
matrix between any two attributes, it means how many
), this means the two attributes cannot be kept together for the
transactions accessed those attributes together. If the two
security reason and must be separated depending on the
attributes are sensitive and putting them together will leak
sensitive attribute group table. Fig. 1 shows an example of the
sensitive data or cause a privacy breach, we have to separate
sensitive attribute group table, and it shows which attributes
them and put them in a different set or table on a different
cannot set together. By looking at this matrix, we can know
cloud or data center. If we put any two attributes together
attributes {1, 2} cannot be stored with attributes {5, 6, 7} and
becoming a high risk of privacy breach, we do not need to
attribute {6} cannot be stored with attribute {7}.
count how many transactions accessed those attributes
Consequently, this table can be divided into three sets or three
together. Depending on the number of transactions between
tables, and the possibilities are ({1, 2} and {5, 6} and {7}) or
two attributes and the sensitive attribute group, we build the
({1, 2} and {6} and {5, 7}). In addition, we want to add the
statistical attributes matrix. By studying the number of queries
other attributes {3, 4} to one of the possibilities depending on
between any two attributes in any table, we can apply the
the optimal solution. Therefore, we have to add the attributes
greedy algorithm which always makes the choice that looks
{3, 4} to one of these five possibilities. In the next step, we
best at the moment [17]. It will lead to a globally optimal
apply the greedy algorithm to get the sets or sub-tables. We
solution. Optimal solution means that we can divide the table
begin by get the result of all the possibility sets with their frequency
or the set into many tables or sets, so all attributes which have
or transactions number. Fig. 3 shows the result of Maximum
a maximum relation come together.
Possibility Sets.

978-1-908320-39/1/$25.00©2014 IEEE 193

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.
 The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

Operati Possibility Attribu Freque Maximu Max_Opera by encryption keys or develop an equation to link the resulting
on no. set te add ncy no. m tion_no. tables. The algorithm has been designed to encrypt and
1 {1,2} {3} 80 80 1 decrypt only the key of the table because of the complexity
2 {1,2} {4} 80 80 2 and cost to encrypt and decrypt the entire database.
3 {6} {3} 40 80 1
4 {6} {4} 100 100 4 B. Add All Possibilities of the Sensitive Data
5 {6} {5} 50 50 5 In this stage, after we divide the table and get the sets of
6 {7} {3} 50 80 1 attributes, we send all the sets or tables to the cloud. The
7 {7} {4} 20 100 4 tables of the sensitive data are sent with all possibilities of the
8 {7} {5} 60 60 8 sensitive data which means the entire domain. The number of
9 {5,7} {3} 150 150 9 the possibilities of the sensitive data must be above the
10 {5,7} {4} 110 110 10 threshold. If the number of the possibilities of the sensitive
11 {5,6} {3} 130 150 9 data is below the threshold, we have to add some counterfeit
12 {5,6} {4} 180 180 12 (dummy) records into the data set to protect the data from any
Figure 3. Result of Maximum Possibility Sets leakage. Therefore, the probability to get the sensitive values
is at most:
To understand how to compute the Maximum Possibility
Sets, let us consider operation number 1 in the Fig. 3. The Prob (get sensitive value) =1/threshold (1)
possibility set is 1 and 2, and we want to add attribute 3 to this For example, consider the diseases table which is a
set. sensitive table shown in Fig. 4, and the table contains all
possible domains of the diseases. If the number of diseases or
 To calculate frequency no. we first check the number of records in the table is below the threshold, we have
number of frequency between 1 and 2 together in to add some different counterfeit records to the table until we
Fig.1 the Statistical Attributes Matrix and that satisfy the threshold. The reason for that is the algorithm will
equal 20 transactions. Also, we can check 3 with return number of records equal to the threshold from the
1 is equal 30 transactions and 3 with 2 is 30 sensitive table “Disease” to protect the data from any leakage
transactions, so the total is 20+30+30=80. when the user will have requested data from the “Disease”
 To calculate the maximum value, we can get it by
table. At the client, the algorithm will identify the right record
define which maximum frequency no. related to
and submit to the user. Fig. 4 shows an example of adding
current attribute add is still the maximum value
among all previous operation. counterfeit records to the “Disease” table where the threshold
 To calculate max_operation_no value, we is eight.
compute it by define which operation no. get the Record_no. Code_no Disease Record_no. Code_no Disease
maximum frequency no. related to current 1 002 Hiv 1 002 Hiv
attribute add among all previous operation. 2 033 Cancer 2 033 Cancer
After we apply all the possibilities sets and get the result of 3 044 Flu 3 044 Flu
the maximum possibility sets, we apply the next algorithms on 4 045 Heart Disease 4 045 Heart Disease
Fig. 3 to get the sets which have the maximum frequency 5 050 Fever 5 050 Fever
together. 6 051 XXX
Disease table under the threshold
7 053 H_Flu
Input: arrays of the Result of Maximum Possibility Sets.
Output: the resulting tables Set.
8 054 YYY
1. Initialize Set={} Disease table after add some
2. counter=max(operation no.) counterfeit
3. While counter>0
o If operation no.[counter]==
Max_Operation_no[counter] and Attribute
add[counter] Set Figure 4. Add Counterfeit records to table
 Set= Set U (Possibility set[counter] U
Attribute add[counter])
C. Coding the Sensitive Table
o Counter-- After we divide the table into some partitioning tables
4. End while vertically and add all the possibilities of the entire domain and
5. Return Set
add some fake records based on the threshold, the module is
design to store them on the cloud. To increase the security, we
After we apply the greedy algorithm from the previous
can store the resulting tables on different data centers or
steps, the results of the dividing table are ({1,2,3}, {4,5,6},
different clouds. Therefore, the main data and the sensitive
{7}) because they have the maximum frequency together.
data are stored on the cloud.
After we get the sets or the resulting tables, we can link them

978-1-908320-39/1/$25.00©2014 IEEE 194

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.
 The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

D. Getting Data from the Cloud by Lowest Cost

At Cloud
After we divide the table into some tables and distributed
Key ... Code_S1 Code_S2 ... Code Sen_name the tables on different data centers in the cloud, a new
1114 40 30 001 Cancer technique has been designed to collect the data from the
1117 45 33 ... ... different data centers by using bipartite matching with
... ... Hungarian algorithm to minimize load costs. As explained
Sensitive table1 previously, the total cost is dependent on the total amount of
Main table data transmitted from the consumer to the storage resource and
Code Sen_name
from the storage resource to the consumer. Fig. 6 shows
005 USA
different tables with different attributes distributed over four
002 UK different data centers on the cloud.
... ...
Sensitive table2 Attribute name Cost Cloud
At Client A1 0.05 C1
key Code_S1 L-code key Code_S2 L-code A1 0.10 C2
1114 40 001 1114 30 005 A1 0.20 C3
1117 45 001 1117 33 002
A2 0.04 C2
... ... ... ...
Link table 2 A2 0.09 C3
Link table 1
A2 0.20 C4
Figure 5. Coding the Sensitive Tables A3 0.03 C2
A3 0.09 C4
Cloud1 Cloud2 A3 0.10 C3
Figure 7. Cost Table to load each
A1
A1 A2 attribute from different cloud.
A3

0.05 C1
User Request
attributes
A1
0.10 (1)
A1
A2
0.20
A2
A3
A3
0.04 C2
S (1)
Cloud3 Cloud4 A2 0.03
0.09 T
Figure 6. Distributing Data Over the Clouds
(1)
In the next step, we generate a code for each sensitive data, C3
so each sensitive data will have a different code. This code is 0.10
used to link the sensitive tables from the cloud to other tables A3 (1)
called link tables on the client site. Fig.5 shows how to link
0.20
these tables by the attributes called Code and L-code. For
security reasons, the link tables are stored on the client site. In 0.09
addition, the link tables are used to link the information C4
between the main tables and the sensitive data on the cloud.
To hide the original code of the sensitive data, we use another
code like Code_S1 to link the main and link tables. The idea is
Figure 8. Graph for Bipartite Matching Algorithm
to give different code for the same sensitive data, and we use
this code to connect the link and main tables. Therefore, when 1. An Example Scenario to Get the Data from the Cloud at
the client enters new data into the main table, the algorithm the Lowest Cost
generates a new code for the sensitive data and sends it to the
cloud. Fig. 5 shows Coding the Sensitive Tables. We introduce a simple example showing the algorithm
will work to get the data from the cloud at minimum cost. Let
us say we have four clouds or data centers, and the data has

978-1-908320-39/1/$25.00©2014 IEEE 195

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.
 The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)

been distributed as shown in the fig. 6. The user requests the Utility and Cloud Computing, pp. 215-218, 2012.
data {A1, A2, A3}. They are sensitive, and the algorithm [4] Siani Pearson and Azzedine Benameur, "Privacy, security and trust
cannot get them from one data center for security reasons. The issues arising from cloud computing," 2nd IEEE International
Conference on Cloud Computing Technology and Science, pp. 693-702,
idea of the algorithm is designed to allocate a cost table on
2010.
each client as shown in the fig. 7. Therefore, when the user
requests a query from the cloud, the query will be modified by [5] Ewa Deelman, Gurmeet Singh, Miron Livny, Bruce Berriman, and John
Good, "The Cost of Doing Science on the Cloud: The Montage
the query processor depending on the lowest cost after Example," Proceedings of the 2008 ACM/IEEE conference on
applying bipartite matching algorithm as shown in the fig. 8. Supercomputing, p. p. 50, 2008.
Consequently, the algorithm will generate more than one [6] Hyun-Suk Yu, Yvette E. Gelogo, and Kyung Jung Kim, "Securing Data
query based on the partitioning of the data which the user Storage in Cloud Computing," Journal of Security Engineering, pp.
251-259, June 2012.
wants. Fig. 8 shows how the algorithm applies the bipartite
algorithm where A1, A2, and A3 are the data which was [7] Siani Pearson and George Yee, Privacy and Security for Cloud
Computing. London: Springer, 2013.
requested by the user, and C1, C2, C3, and C4 are the clouds
or data centers which hold the data. Based on this example, the [8] Mowbray Miranda and Siani Pearson, "A client-based privacy manager
for cloud computing.," Proceedings of the fourth international ICST
algorithm will request A3 from C2 where the cost is 0.03 conference on COMmunication system softWAre and
units, A2 from C3 where the cost is 0.09 units, and A1 from middlewaRE.ACM, pp. 1-8, 2009.
C1 where the cost is 0.05 units. Therefore, the total is 0.17 [9] Qussai Yaseen and Brajendra Panda, "Malicious Modification Attacks
units. by Insiders in Relational Databases: Prediction and Prevention," IEEE
Second International Conference on Privacy, Security, Risk and Trust,
pp. 849-856, August 2010.
CONCLUSION
[10] Sean Thorpe, "A theoretical model for compiling truthful forensic
Numerous companies and computer users need to protect evidence from the hypervisor log cloud database environment," 2013.
their data when they move and manage data on the cloud. This [11] Bo Zhao, Benjamin I. P. Rubinstein, Jim gemmell, and Jiaw Han, "A
paper has discussed how to protect information on the cloud. It Bayesian approach to discovering truth from conflicting sources for data
has explained how to protect a table in a database by dividing integration," pp. 550-561, August 2012.
it into many tables and storing them on the cloud to protect [12] Sunil Sanka, Chittaranjan Hota, and Muttukrishnan Rajarajan, "Secure
Data Access in Cloud Computing," In Internet Multimedia Services
them from any leakage. An algorithm has been provided to do Architecture and Application (IMSAA), 2010 IEEE 4th International
this work. We have developed a model with a view to offer Conference, pp. 1-6, 2010.
secure data management capability in cloud databases. It [13] Jeong-Min Do, You-Jin Song, and Namje Park, "Attribute based Proxy
scatters the data depending on the relationship between the Re-Encryption for Data Confidentiality in Cloud Computing
attributes. It applies greedy algorithm to get the best division Environments," In Computers, Networks, Systems and Industrial
Engineering (CNSI), 2011 First ACIS/JNU International Conference,
for the table. This paper has also explained the idea behind pp. 248-251, 2011.
sending the entire domain of the sensitive table into the cloud,
and storing each sensitive data on a different table with a [14] Shamkant B. Navathe and Minyoung Ra, "Vertical Partitioning for
Database Design: A Graphical Algorithm," ACM SIGMOD Record , pp.
different code, which is stored on the client site. In addition, to vol.18 no.2 440-450 , 1989.
minimize the load cost, a new technique has been designed to [15] Pierangela Samarati and Sabrina De Capitani di Vimercati, "Data
collect the data from the cloud by using the bipartite matching protection in outsourcing scenarios: Issues and directions," In
algorithm. Finally, some example scenarios have been Proceedings of the 5th ACM Symposium on Information, Computer and
Communications Security, pp. 1-14, 2010.
explained to show how the algorithm works.
[16] Carlo Curino et al., "Relational cloud: A database-as-a-service for the
cloud," 5th Biennial Conference on Innovative Data Systems Research,
CIDR 2011, pp. 235-240, January 9-12 2011.
REFERENCES
[17] Thomas H Cormen, Charles E Leiserson, Ronald L. Rivest, and Clifford
[1] Minqi Zhou, Rong Zhang, Wei Xei, Weining Qian, and Aoying Zhou, Stein, Introduction to Algorithms, 3rd ed. London, England: MIT Press,
"Security and Privacy in Cloud Computing: A Survey," Sixth 2009.
International Conference on Semantics, Knowledge and Grids, pp. 105-
112, November 2010.
[2] Hassan Takabi, James B.D. Joshi, and Gail-Joon Ahn, "Security and
privacy challenges in cloud computing environments," IEEE Computer
and Reliability Societies, pp. 24-31, November/December 2010.
[3] Qussai Yaseen and Brajendra Panda, "Tackling Insider Threat in Cloud
Relational Databases," IEEE/ACM Fifth International Conference on

978-1-908320-39/1/$25.00©2014 IEEE 196

Authorized licensed use limited to: George Mason University. Downloaded on March 06,2024 at 04:07:16 UTC from IEEE Xplore. Restrictions apply.