Secure Database Outsourcing to the Cloud: Side-Channels, Counter-Measures and Trusted Execution

Abstract

Outsourcing data processing and storage to the cloud is a persistent trend in the last years. Cloud computing offers many advantages like flexibility in resource allocation, cost reduction and high availability. However, when sensitive information is handed to a third party, security questions are raised since the cloud provider and his employees are not fully trusted. Standard security mechanisms like transport encryption and regular audits alone cannot solve the issue of insider attacks. Additional cryptographic techniques are required. In this paper, we build upon an existing proxy for secure database outsourcing. We address potential side-channels and weaknesses, which are later analyzed and mitigated. Furthermore, we take a look at trusted execution environments (TEEs) like Intel Software Guard Extensions (SGX) and show how they can be applied to allow for secure execution in the secure database outsourcing case.