On the Security of Outsourced and Untrusted Databases

The outsourcing of databases to third parties has become a viable alternative to traditional in-house data management. Database management by third parties including the storage and maintenance allows companies to reduce their expenses and profit from the expertise of data storage specialists. However, the price is the transfer of confidential data to third parties. The data owners need to trust the third party that data is stored (i) confidentially, such that the service providers cannot profit from passing the data to unauthorized parties, and (ii) in a correct and untampered state. This work identifies security issues that data owners have to face when it comes to database outsourcing. We provide an overview of existing techniques for solving the confidentiality and integrity problem and point out the limitations of these approaches. Thereby, this work aims to support decision makers who are confronted with the outsourcing question.