Database outsourcing is emerging today as a successful paradigm allowing data owners to ship their data to the external service provider for the distribution of resources. An important problem to be addressed in this paradigm concerns the protection of outsourced data from unauthorized access even from the service provider’s server, which is not fully trusted. Several encryption schemes and access control mechanisms have been suggested to protect the outsourced data from unauthorized disclosure. | Journal of Science and Technology Volume 48, Issue 4, 2010 pp. 120-126 A COLUMN-LEVEL ACCESS CONTROL MECHANISM FOR DATABASE OUTSOURCING SERVICE HUE T. B. PHAM, THUY T. B. DONG, AND THUC D. NGUYEN ABSTRACT Database outsourcing is emerging today as a successful paradigm allowing data owners to ship their data to the external service provider for the distribution of resources. An important problem to be addressed in this paradigm concerns the protection of outsourced data from unauthorized access even from the service provider’s server, which is not fully trusted. Several encryption schemes and access control mechanisms have been suggested to protect the outsourced data from unauthorized disclosure. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their data. Therefore, we propose a new column-level access control mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared. Keywords: Access control, column-level access control, database encryption. 1. INTRODUCTION The amount of data held by organizations is increasing quickly and it often contains sensitive information. The management and protection of such data are expensive. An emerging solution to this problem is called database as a service (DAS), in which, an organization’s database is stored at an external service provider. The advantages of DAS are cost savings and service benefits. There are three main entities in the DAS scenario (Fig. 1): • Data owner: individual or organization that is the subject of the data made available for controlled external use. • User: individual or organization that requests data from the system. • .
