SIGMOD 2021 Tutorial: Practical Security and Privacy for Database Systems

Presenters: Xi He (University of Waterloo), Jennie Rogers (Northwestern University), Johes Bater (Duke University), Ashwin Machanavajjhala (Duke University), Chenghong Wang (Duke University), and Xiao Wang (Northwestern University)

Abstract: Computing technology has enabled massive digital traces of our personal lives to be collected and stored. These datasets play an important role in numerous real-life applications and research analysis, such as contact tracing for COVID 19, but they contain sensitive information about individuals. When managing these datasets, privacy is usually addressed as an afterthought, engineered on top of a database system optimized for performance and usability. This has led to a plethora of unexpected privacy attacks in the news. Specialized privacy-preserving solutions usually require a group of privacy experts and they are not directly transferable to other domains. There is an urgent need for a general trustworthy database system that offers end-to-end security and privacy guarantees. In this tutorial, we will first describe the security and privacy requirements for database systems in different settings and cover the state-of-the-art tools that achieve these requirements. We will also show challenges in integrating these techniques together and demonstrate the design principles and optimization opportunities for these security and privacy-aware database systems. This is designed to be a three hour tutorial.

Slides: (PDF)

Video: (Youtube link)