Smaug:用于嵌入式系统的tee辅助安全SQLite

IF 7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing Pub Date : 2023-09-01 DOI:10.1109/TDSC.2022.3216020

D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma

{"title":"Smaug:用于嵌入式系统的tee辅助安全SQLite","authors":"D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma","doi":"10.1109/TDSC.2022.3216020","DOIUrl":null,"url":null,"abstract":"As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"3617-3635"},"PeriodicalIF":7.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Smaug: A TEE-Assisted Secured SQLite for Embedded Systems\",\"authors\":\"D. Lu, Minqiang Shi, Xindi Ma, Ximeng Liu, Rui-Gang Guo, Tianfang Zheng, Yulong Shen, Xuewen Dong, Jianfeng Ma\",\"doi\":\"10.1109/TDSC.2022.3216020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.\",\"PeriodicalId\":13047,\"journal\":{\"name\":\"IEEE Transactions on Dependable and Secure Computing\",\"volume\":\"20 1\",\"pages\":\"3617-3635\"},\"PeriodicalIF\":7.0000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Dependable and Secure Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/TDSC.2022.3216020\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2022.3216020","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 2

摘要

作为嵌入式设备中最流行的关系数据库之一，SQLite是轻量级的，可以嵌入到应用程序中，而无需安装特定的数据库管理系统。然而，简单和易用是一把双刃剑;在带来便利的同时，它们也增加了数据处理和存储的风险。例如，攻击者可以从数据库文件或内存中获取数据，并在获得更高权限后对其进行篡改，从而威胁到数据库的机密性和完整性。为了解决这些安全问题，我们基于可信执行环境(TEE)和可信平台模块(TPM)，提出了Smaug，一个通用的安全方案，以确保SQLite和类似数据库的保密性和完整性。使用Smaug，所有关键数据都存储在密文中，并且还提供数据完整性保护。此外，TEE将所有敏感操作与不可信环境隔离开来，可以有效抵御内存攻击。此外，我们使用TPM为系统提供可靠的信任根(RoT)。最后，我们实现了一个原型系统，性能评估明确了影响系统可用性的主要因素，为类似系统的设计和实现提供了参考。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Smaug: A TEE-Assisted Secured SQLite for Embedded Systems

As one of the most popular relational databases for embedded devices, SQLite is lightweight to be embedded into applications without installing a specific database management system. However, simplicity and easy-to-use are double-edged swords; while bringing convenience, they also make data processing and storage risky. For example, an attacker can obtain data from a database file or memory and tamper with it once he has gained higher privileges, threatening the database's confidentiality and integrity. To address such security issues, based on a trusted execution environment (TEE) and a trusted platform module (TPM), we have proposed Smaug, a general secure scheme to ensure the confidentiality and integrity of SQLite and similar databases. With Smaug, all the critical data is stored in ciphertext, and data integrity protection is also provided. Besides, with TEE, all the sensitive operations are isolated from the untrusted environment, which can effectively resist attacks against memory. In addition, we use TPM to provide a solid root-of-trust (RoT) for the system. Finally, we have implemented a prototype system, and the performance evaluations have clarified the dominant factors that affect the system availability, providing a reference to the design and implementation of similar systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Dependable and Secure Computing 工程技术-计算机：软件工程

CiteScore

11.20

自引率

5.50%

发文量

354

审稿时长

9 months

期刊介绍： The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance. The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability. By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.