First, I will describe techniques for controlling access to published XML data using cryptography. We begin with access specifications for a collection of users and generate an encrypted XML document for publication to all users so that the policy is respected. Access is granted by transmitting sets of keys to authorized users.
Next, I will describe the query-view security problem. In a database, sensitive data is often protected by preventing access to the database as a whole and permitting access only to a view of the database defined in a given query language. Given the definition of a view V to be published, the query-view security problem asks whether V logically discloses information about a confidential query S. I will describe an information-theoretic standard for query-view security, and briefly state some theoretical results for deciding security according to this standard.
In the last part of the talk I will describe ongoing work in designing a tamper-evident database system. Such a system allows a client to store, query, and update data on an untrusted database server with strong guarantees that the server cannot modify data. The techniques used are related to Merkle trees, and I will describe the special engineering challenges of adapting these techniques to a database system.