US boffins take database security back to school

Technology works by encrypting queries, data and other information as it passes between databases

US researchers from Penn State University have developed software that allows databases to "talk to each other" without compromising the security of data and metadata.

The technology works by encrypting queries, data communicated and other information as it passes between databases.

The Privacy-preserving Access Control Toolkit (Pact) is designed to act as a filter, but its creators explained that the provision of encryption makes the technology resilient to eavesdropping or other attacks.

According to the researchers, Pact is the first software to provide a framework that protects metadata while enabling "semantic interoperation" or sharing of information.

"The software automatically regulates access to data, so some information can be exchanged while other data remains confidential and private," said Prasenjit Mitra, assistant professor of information sciences and technology and member of the research team that developed the software at Penn State University.

"Often when we implement security, we decide not to give access to data. This tool preserves security while allowing permitted access."

Organisations including government agencies, non-profit groups and corporations frequently need to access data belonging to other organisations. But sharing data is difficult because databases are typically constructed using different terms or vocabularies.

In order to share data, organisations have to develop special-purpose applications. But organisations also need to protect sources, intellectual property and competitive advantages, so the applications must address security.

In addition to being time-consuming to develop, such applications are expensive as they have limited uses. Its creators argue that, unlike these special purpose applications, Pact is more generic, allowing it to be applied to a wide range of scenarios.

Pact is described in a paper, Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases (PDF download), given at ACM's recent Symposium on Information, Communication and Computer Security in Taiwan.

The authors include Mitra, a faculty member in the Penn State College of Information Sciences and Technology; Chi-Chun Pan, a graduate student in Penn State's industrial and manufacturing engineering department; Peng Liu, assistant professor, Penn State's IST; and Vijay Atluri, associate professor, Rutgers University.