Hiding Tree Structured Data and Queries from Untrusted Data Stores

n Web and mobile computing, clients usually do not have sufficient computation power or memory and they need remote servers to do the computation or store data for them. Publishing data or applications on remote servers helps improve data availability and system scalability, reducing the client burden of managing data. Application Service Providers (ASPs) and Distributed Application Hosting Services (DAHSs), which rent out storage, (Internet) presence, and computation power to clients with IT needs (but without appropriate infrastructures) are becoming popular. Especially with the emergence of enabling technologies, such as J2EE and .NET, there is currently a shift toward services hosted by third parties. Those providing data outsourcing service, with their computation power and large memory, can be called data stores or oracles. Typically, these data stores cannot be fully trusted, for we have to realize that with the data outsourced on third-party hosts, entities independent of data/service owners, (1) it is possible for the hosts to illegally utilize sensitive information about data to make a profit; (2) host operators may accept bribes from or be compelled by adversaries to grant insider control or leak sensitive information to them; (3) even if hosts are honest, despite all security methI H I D I N G T R E E S T R U C T U R E D D A T A