[13] A. Desai. New paradigms for constructing symmetric encryp-
tion schemes secure against chosen-ciphertext attack. In Pro-
ceedings of the 20th Annual International Conference on Ad-
vances in Cryptology, pages 394–412, August 2000.
[14] C. Dwork. Differential privacy: a survey of results. In Proceed-
ings of the 5th International Conference on Theory and Applica-
tions of Models of Computation, Xi’an, China, April 2008.
[15] S. Evdokimov and O. Guenther. Encryption techniques for se-
cure database outsourcing. Cryptology ePrint Archive, Report
2007/335.
[16] A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten.
SPORC: Group collaboration using untrusted cloud resources.
In Proceedings of the 9th Symposium on Operating Systems De-
sign and Implementation, Vancouver, Canada, October 2010.
[17] T. Ge and S. Zdonik. Answering aggregation queries in a secure
system model. In Proceedings of the 33rd International Con-
ference on Very Large Data Bases, Vienna, Austria, September
2007.
[18] R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable
computing: Outsourcing computation to untrusted workers. In
Advances in Cryptology (CRYPTO), Santa Barbara, CA, August
2010.
[19] C. Gentry. Fully homomorphic encryption using ideal lattices.
In Proceedings of the 41st Annual ACM Symposium on Theory
of Computing, Bethesda, MD, May–June 2009.
[20] O. Goldreich. Foundations of Cryptography: Volume I Basic
Tools. Cambridge University Press, 2001.
[21] A. Greenberg. DARPA will spend 20 million to search for
crypto’s holy grail. Forbes, April 2011.
[22] H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra. Executing SQL
over encrypted data in the database-service-provider model. In
Proceedings of the 2002 ACM SIGMOD International Confer-
ence on Management of Data, Madison, WI, June 2002.
[23] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson,
W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and
E. W. Felten. Lest we remember: Cold boot attacks on encryp-
tion keys. In Proceedings of the 17th Usenix Security Sympo-
sium, San Jose, CA, July–August 2008.
[24] S. Halevi and P. Rogaway. A tweakable enciphering mode. In
Advances in Cryptology (CRYPTO), 2003.
[25] V. Kachitvichyanukul and B. W. Schmeiser. Algorithm 668:
H2PEC: Sampling from the hypergeometric distribution. ACM
Transactions on Mathematical Software, 14(4):397–398, 1988.
[26] M. Kantarcioglu and C. Clifton. Security issues in querying
encrypted data. In Proceedings of the 19th Annual IFIP WG
11.3 Working Conference on Database and Applications Secu-
rity, Storrs, CT, August 2005.
[27] E. Kohler. Hot crap! In Proceedings of the Workshop on Or-
ganizing Workshops, Conferences, and Symposia for Computer
Systems, San Francisco, CA, April 2008.
[28] J. Li, M. Krohn, D. Mazi
`
eres, and D. Shasha. Secure untrusted
data repository (SUNDR). In Proceedings of the 6th Symposium
on Operating Systems Design and Implementation, pages 91–
106, San Francisco, CA, December 2004.
[29] V. B. Livshits and M. S. Lam. Finding security vulnerabilities in
Java applications with static analysis. In Proceedings of the 14th
Usenix Security Symposium, pages 271–286, Baltimore, MD,
August 2005.
[30] P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin,
and M. Walfish. Depot: Cloud storage with minimal trust. In
Proceedings of the 9th Symposium on Operating Systems Design
and Implementation, Vancouver, Canada, October 2010.
[31] M. Martin, B. Livshits, and M. Lam. Finding application er-
rors and security flaws using PQL: a program query language.
In Proceedings of the 2005 Conference on Object-Oriented Pro-
gramming, Systems, Languages and Applications, pages 365–
383, San Diego, CA, October 2005.
[32] National Vulnerability Database. CVE statistics. http://web.
nvd.nist.gov/view/vuln/statistics, February 2011.
[33] V. H. Nguyen, T. K. Dang, N. T. Son, and J. Kung. Query as-
surance verification for dynamic outsourced XML databases. In
Proceedings of the 2nd Conference on Availability, Reliability
and Security, Vienna, Austria, April 2007.
[34] Oracle Corporation. Oracle advanced security. http:
//www.oracle.com/technetwork/database/options/
advanced-security/.
[35] P. Paillier. Public-key cryptosystems based on composite degree
residuosity classes. In Proceedings of the 18th Annual Inter-
national Conference on the Theory and Applications of Cryp-
tographic Techniques (EUROCRYPT), Prague, Czech Republic,
May 1999.
[36] B. Parno, J. M. McCune, D. Wendlandt, D. G. Andersen, and
A. Perrig. CLAMP: Practical prevention of large-scale data
leaks. In Proceedings of the 30th IEEE Symposium on Security
and Privacy, Oakland, CA, May 2009.
[37] R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakr-
ishnan. CryptDB web site. http://css.csail.mit.edu/
cryptdb/.
[38] R. A. Popa, J. R. Lorch, D. Molnar, H. J. Wang, and L. Zhuang.
Enabling security in cloud storage SLAs with CloudProof. In
Proceedings of 2011 USENIX Annual Technical Conference,
Portland, OR, 2011.
[39] R. A. Popa, N. Zeldovich, and H. Balakrishnan. CryptDB: A
practical encrypted relational DBMS. Technical Report MIT-
CSAIL-TR-2011-005, MIT Computer Science and Artificial In-
telligence Laboratory, Cambridge, MA, January 2011.
[40] Privacy Rights Clearinghouse. Chronology of data breaches.
http://www.privacyrights.org/data-breach.
[41] S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending
query rewriting techniques for fine-grained access control. In
Proceedings of the 2004 ACM SIGMOD International Confer-
ence on Management of Data, Paris, France, June 2004.
[42] H. Shacham, N. Modadugu, and D. Boneh. Sirius: Securing
remote untrusted storage. In Proceedings of the 10th Network
and Distributed System Security Symposium, 2003.
[43] E. Shi, J. Bethencourt, H. Chan, D. Song, and A. Perrig. Multi-
dimensional range query over encrypted data. In Proceedings
of the 28th IEEE Symposium on Security and Privacy, Oakland,
CA, May 2007.
[44] V. Shoup. NTL: A library for doing number theory. http://
www.shoup.net/ntl/, August 2009.
[45] R. Sion. Query execution assurance for outsourced databases. In
Proceedings of the 31st International Conference on Very Large
Data Bases, pages 601–612, Trondheim, Norway, August–
September 2005.
[46] D. X. Song, D. Wagner, and A. Perrig. Practical techniques for
searches on encrypted data. In Proceedings of the 21st IEEE
Symposium on Security and Privacy, Oakland, CA, May 2000.
[47] M. Taylor. MySQL proxy. https://launchpad.net/
mysql-proxy.
[48] B. Thompson, S. Haber, W. G. Horne, T. S, and D. Yao. Privacy-
preserving computation and verification of aggregate queries
on outsourced databases. Technical Report HPL-2009-119, HP
Labs, 2009.
[49] E. P. Wobber, M. Abadi, M. Burrows, and B. Lampson. Au-
thentication in the Taos operating system. ACM Transactions
on Computer Systems, 12(1):3–32, 1994.
[50] L. Xiong, S. Chitti, and L. Liu. Preserving data privacy for out-
sourcing data aggregation services. Technical Report TR-2007-
013, Emory University, Department of Mathematics and Com-
puter Science, 2007.
[51] Z. Yang, S. Zhong, and R. N. Wright. Privacy-preserving
queries on encrypted data. In European Symposium on Research
in Computer Security, 2006.
[52] A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek. Improving
application security with data flow assertions. In Proceedings
of the 22nd ACM Symposium on Operating Systems Principles,
pages 291–304, Big Sky, MT, October 2009.
16