StealthDB: a Scalable Encrypted Database with Full SQL Query Support-Reference-Cited by-同舟云学术

StealthDB: a Scalable Encrypted Database with Full SQL Query Support

Published:2019-07-01 Issue:3 Volume:2019 Page:370-388
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Vinayagamurthy Dhinakaran¹,Gribov Alexey²,Gorbunov Sergey³

Affiliation:

1. IBM Research India , Work done while at University of Waterloo .

2. Symbiont.io, Work done while at Stealthmine Inc.

3. University of Waterloo and Algorand

Abstract

Abstract Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used. In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2019-0052

Reference56 articles.

1. [1] Amazon. AWS shell interface specification. https://github.com/aws/aws-fpga/blob/master/hdk/docs/AWS_Shell_Interface_Specification.md, 2017. Accessed: 2017-10-01.

2. [2] A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. In CIDR, 2013.

3. [3] S. Arnautov, B. Trach, F. Gregor, T. Knauth, A. Martin, C. Priebe, J. Lind, D. Muthukumaran, D. O’Keeffe, M. Stillwell, D. Goltzsche, D. M. Eyers, R. Kapitza, P. R. Pietzuch, and C. Fetzer. SCONE: secure linux containers with intel SGX. In OSDI, pages 689–703, 2016.

4. [4] S. Bajaj and R. Sion. Trusteddb: A trusted hardware based database with privacy and data confidentiality. In SIGMOD, pages 205–216, 2011.

5. [5] M. Balduzzi, J. Zaddach, D. Balzarotti, E. Kirda, and S. Loureiro. A security analysis of amazon’s elastic compute cloud service. In SAC, pages 1427–1434, 2012.

Cited by 48 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. BiTDB: Constructing A Built-in TEE Secure Database for Embedded Systems;IEEE Transactions on Knowledge and Data Engineering;2024-09

2. Tutorial: Information Leakage from Cryptographic Techniques;2024 IEEE 44th International Conference on Distributed Computing Systems Workshops (ICDCSW);2024-07-23

3. Cryptography in Business Intelligence and Data Analytics;Advances in Information Security, Privacy, and Ethics;2024-07-12

4. Ciphertext Range Query Scheme Against Agent Transfer and Permission Extension Attacks for Cloud Computing;IEEE Internet of Things Journal;2024-05-15

5. sIOPMP: Scalable and Efficient I/O Protection for TEEs;Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2;2024-04-27