Azure SQL Database Always Encrypted

Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data Pub Date : 2020-06-11 DOI:10.1145/3318464.3386141

Panagiotis Antonopoulos, A. Arasu, Kunal D. Singh, Ken Eguro, Nitish Gupta, Rajat Jain, R. Kaushik, Hanuma Kodavalla, Donald Kossmann, Nikolas Ogg, Ravishankar Ramamurthy, J. Szymaszek, J. Trimmer, K. Vaswani, R. Venkatesan, M. Zwilling

{"title":"Azure SQL Database Always Encrypted","authors":"Panagiotis Antonopoulos, A. Arasu, Kunal D. Singh, Ken Eguro, Nitish Gupta, Rajat Jain, R. Kaushik, Hanuma Kodavalla, Donald Kossmann, Nikolas Ogg, Ravishankar Ramamurthy, J. Szymaszek, J. Trimmer, K. Vaswani, R. Venkatesan, M. Zwilling","doi":"10.1145/3318464.3386141","DOIUrl":null,"url":null,"abstract":"This paper presents Always Encrypted, a recently released feature of Microsoft SQL Server that uses column granularity encryption to provide cryptographic data protection guarantees. Always Encrypted can be used to outsource database administration while keeping the data confidential from an administrator, including cloud operators. The first version of Always Encrypted was released in Azure SQL Database and as part of SQL Server 2016, and supported equality operations over deterministically encrypted columns. The second version, released as part of SQL Server 2019, uses an enclave running within a trusted execution environment to provide richer functionality that includes comparison and string pattern matching for an IND-CPA-secure (randomized) encryption scheme. We present the security, functionality, and design of Always Encrypted, and provide a performance evaluation using the TPC-C benchmark.","PeriodicalId":436122,"journal":{"name":"Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3318464.3386141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 40

Abstract

This paper presents Always Encrypted, a recently released feature of Microsoft SQL Server that uses column granularity encryption to provide cryptographic data protection guarantees. Always Encrypted can be used to outsource database administration while keeping the data confidential from an administrator, including cloud operators. The first version of Always Encrypted was released in Azure SQL Database and as part of SQL Server 2016, and supported equality operations over deterministically encrypted columns. The second version, released as part of SQL Server 2019, uses an enclave running within a trusted execution environment to provide richer functionality that includes comparison and string pattern matching for an IND-CPA-secure (randomized) encryption scheme. We present the security, functionality, and design of Always Encrypted, and provide a performance evaluation using the TPC-C benchmark.

查看原文本刊更多论文

Azure SQL数据库始终加密

本文介绍了Always Encrypted，这是Microsoft SQL Server最近发布的一个特性，它使用列粒度加密来提供加密数据保护保证。Always Encrypted可用于外包数据库管理，同时对管理员(包括云运营商)保持数据机密性。Always Encrypted的第一个版本是在Azure SQL数据库中发布的，作为SQL Server 2016的一部分，它支持对确定性加密列进行相等操作。第二个版本是作为SQL Server 2019的一部分发布的，它使用在可信执行环境中运行的enclave来提供更丰富的功能，包括比较和字符串模式匹配，用于ind - cpa安全(随机)加密方案。我们介绍了Always Encrypted的安全性、功能和设计，并提供了使用TPC-C基准的性能评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2020 ACM SIGMOD International Conference on Management of Data

自引率

0.00%

发文量