EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database Using Enclaves

Benny Fuhry, A. JayanthJainH, Florian Kerschbaum Sap Security Research, U. Waterloo
{"title":"EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database Using Enclaves","authors":"Benny Fuhry, A. JayanthJainH, Florian Kerschbaum Sap Security Research, U. Waterloo","doi":"10.1109/DSN48987.2021.00054","DOIUrl":null,"url":null,"abstract":"Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient solution to this confidentiality problem. However, existing TEE-based solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance, and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries as present, e.g., in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, EncDBDB’s enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.","PeriodicalId":222512,"journal":{"name":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN48987.2021.00054","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11

Abstract

Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient solution to this confidentiality problem. However, existing TEE-based solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance, and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries as present, e.g., in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, EncDBDB’s enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.
EncDBDB:可搜索的加密,快速,压缩,内存数据库使用enclave
当将数据库外包给云计算时,数据保密性是客户的一个重要需求。可信的执行环境(如Intel SGX)为这种机密性问题提供了有效的解决方案。但是,现有的基于tee的解决方案没有针对面向列的内存数据库进行优化,并且对enclave提出了不切实际的内存需求。我们提出了EncDBDB,这是一种新颖的方法,用于面向列的内存数据库的客户端控制加密,允许使用enclave进行范围搜索。EncDBDB提供了9个加密字典,它们为数据提供了不同的安全性、性能和存储效率权衡。它特别适合当前复杂的、面向读的、分析查询,例如,在数据仓库中。与明文处理相比,即使对于具有数百万个条目的数据库,其计算开销也在一毫秒之内,并且泄漏是有限的。压缩加密数据比对应的明文列需要更少的空间。此外,EncDBDB的enclave非常小,减少了与安全相关的实现错误和侧通道泄漏的可能性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信