[codergeeks] Privacy-Sensitive Databases
Gregory Foster
gfoster at entersection.org
Sat Dec 11 14:08:29 CST 2010
Hey los,
Thanks for the follow-up. At this time, I'm looking for pure s/w
solutions, getting as close to the DB (MySQL) as possible. I don't
anticipate a need to integrate h/w management of private keys as my
audience won't tolerate that usability hurdle. I'm looking to craft a
network of databases with internal & external information sharing
permissions defined by content contributors within that network. The
information should be secured as it may contain personally identifiable
information, but that information is not mission critical. Think HIPAA
regulations on personal healthcare data, not nation state diplomatic
cables (oops!).
FYI, I heard back from Peter Wayner re: translucent databases.
/_Disappearing Cryptography_, btw, is much more tuned to the
Cypherpunks tradition and I suspect that the Wikileaks folks are
experimenting with some of the ideas in it. While the book has made
it to a third edition with more than 400 pages, I haven't been able
to keep up with all of the ideas floating around. You might check
that one out./
/
/
/I do some database focused work for some clients and I want to
create a third edition of TD, but the ideas feel fully formed to me
right now. I'm not sure if there's much more I can do./
/
/
/-Peter/
Here's the 3rd Edition of _Disappearing Cryptography_:
http://books.google.com/books?id=qMB9AiFUWF0C
gf
On 12/10/10 3:00 PM, Carlos Macedo Gomes wrote:
>
> Yo g,
>
> Can you share any additional assumptions/requirements on the "securing
> against external and internal compromise" aspect of the below
> architectural goals?
>
> Without any further details, my current instinct with these types of
> scenarios is to start by looking at constraints/controls provided by
> available physical security and hardware security to help reduce
> overall attack surfaces from "internal" agents but that may be out of
> scope if you're just looking at a pure software solution independent
> of (or loosely coupled to) any particular deployment environment.
> Whether or not there is hardware of physical security involved,
> private key management is key (pun intended :-P) in any cryptography
> enabled system.
>
> Keep in mind the old saying - "if you/they can touch it, you/they can
> own/p0wn it" ;-)
>
> cheers,
> C.G.
>
> On Thu, Dec 9, 2010 at 2:54 PM, Gregory Foster
> <gfoster at entersection.org <mailto:gfoster at entersection.org>> wrote:
>
> Hey there,
> I'm starting to do a little research into encrypted databases,
> what have been called "privacy-sensitive databases" or
> "translucent databases" going back to Peter Wayner's work:
> http://www.wayner.org/books/td/
>
> Not sure the current nomenclature or the current state of the
> art. My goal is to safely encrypt certain columns in a database
> table, securing against external and internal compromise. Anyone
> have any ready-to-hand references on this subject?
>
> Exciting Times,
> gf
>
> --
> Gregory Foster ||gfoster at entersection.org <mailto:gfoster at entersection.org>
> @gregoryfoster<> http://entersection.com/
>
>
> _______________________________________________
> codergeeks mailing list
> codergeeks at foojutsu.org <mailto:codergeeks at foojutsu.org>
> http://www.foojutsu.org/mailman/listinfo/codergeeks
>
>
>
>
> --
> Carlos Macedo Gomes
> http://claimid.com/cmgomes
>
--
Gregory Foster || gfoster at entersection.org
@gregoryfoster<> http://entersection.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.foojutsu.org/pipermail/codergeeks/attachments/20101211/503ca49b/attachment.html>
More information about the codergeeks
mailing list