{"title":"数据库安全外包到云:侧通道、对策和可信执行","authors":"Matthias Gabel, Jeremias Mechler","doi":"10.1109/CBMS.2017.141","DOIUrl":null,"url":null,"abstract":"Outsourcing data processing and storage to the cloud is a persistent trend in the last years. Cloud computing offers many advantages like flexibility in resource allocation, cost reduction and high availability. However, when sensitive information is handed to a third party, security questions are raised since the cloud provider and his employees are not fully trusted. Standard security mechanisms like transport encryption and regular audits alone cannot solve the issue of insider attacks. Additional cryptographic techniques are required. In this paper, we build upon an existing proxy for secure database outsourcing. We address potential side-channels and weaknesses, which are later analyzed and mitigated. Furthermore, we take a look at trusted execution environments (TEEs) like Intel Software Guard Extensions (SGX) and show how they can be applied to allow for secure execution in the secure database outsourcing case.","PeriodicalId":141105,"journal":{"name":"2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Secure Database Outsourcing to the Cloud: Side-Channels, Counter-Measures and Trusted Execution\",\"authors\":\"Matthias Gabel, Jeremias Mechler\",\"doi\":\"10.1109/CBMS.2017.141\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Outsourcing data processing and storage to the cloud is a persistent trend in the last years. Cloud computing offers many advantages like flexibility in resource allocation, cost reduction and high availability. However, when sensitive information is handed to a third party, security questions are raised since the cloud provider and his employees are not fully trusted. Standard security mechanisms like transport encryption and regular audits alone cannot solve the issue of insider attacks. Additional cryptographic techniques are required. In this paper, we build upon an existing proxy for secure database outsourcing. We address potential side-channels and weaknesses, which are later analyzed and mitigated. Furthermore, we take a look at trusted execution environments (TEEs) like Intel Software Guard Extensions (SGX) and show how they can be applied to allow for secure execution in the secure database outsourcing case.\",\"PeriodicalId\":141105,\"journal\":{\"name\":\"2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CBMS.2017.141\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CBMS.2017.141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure Database Outsourcing to the Cloud: Side-Channels, Counter-Measures and Trusted Execution
Outsourcing data processing and storage to the cloud is a persistent trend in the last years. Cloud computing offers many advantages like flexibility in resource allocation, cost reduction and high availability. However, when sensitive information is handed to a third party, security questions are raised since the cloud provider and his employees are not fully trusted. Standard security mechanisms like transport encryption and regular audits alone cannot solve the issue of insider attacks. Additional cryptographic techniques are required. In this paper, we build upon an existing proxy for secure database outsourcing. We address potential side-channels and weaknesses, which are later analyzed and mitigated. Furthermore, we take a look at trusted execution environments (TEEs) like Intel Software Guard Extensions (SGX) and show how they can be applied to allow for secure execution in the secure database outsourcing case.