中文摘要：

数据隐私保护已成为网络应用中急需解决的问题，其简单的解决方案是将隐私数据进行加密后存储在数据库中，但该方式存在一些缺陷，包括经加密后的明文数据会失去明文的一些属性，如数据之间的顺序关系，原有对明文的运算也无法在密文上执行，需将所有密文解密为明文才能完成操作，因而在面对大规模的数据库存储需求时，其执行效率远低于明文数据库。为在保证安全性的同时解决密文上不可直接执行SQL操作的问题，设计高效、安全的加密模型已成为当务之急。为此，设计并实现了一种包括SQL语句改写、明文数据加密和查询处理等功能在内的可搜索数据库加密系统。该系统在语句执行过程中通过动态调整加密层，实现了在密文上直接执行复杂的SQL语句，避免了不可信数据库服务器暴露明文数据，保护了数据隐私。实验结果表明，所构建的系统具有较好的有效性和安全性。

英文摘要：

Data privacy protection has become an urgent problem in network applications. The alternative solution is to store the private data in the database after encryption. However, there are some defects in this approach, including the loss of some attributes of plaintext after encrypted data, such as the order of the data. The original operation on the plaintext cannot be implemented in the ciphertext, and all the ciphertext need to be decrypted. Therefore,the efficiency is less than the plaintext database in the face of large-scale database storage. In order to solve the problem that the SQL operation cannot be executed on the ciphertext directly while ensuring the security, it is urgent to design an efficient and secure encryption model. A searchable database encryption system including functions of SQL statement rewri- ting, plaintext data encryption and query processing is proposed. The system implements dynamic encryption in the process of statement execution, complex SQL statements to be executed on ciphertext, to avoid exposing plaintext by the untrusted database server which can protect the data privacy. The experimental results show that the system has better effectiveness and safety.