Abstract | ||
---|---|---|
We propose EnclaveDB, a database engine that guarantees confidentiality, integrity, and freshness for data and queries. EnclaveDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when the database runs in an untrusted host in the cloud. EnclaveDB achieves this by placing sensitive data (tables, indexes and other metadata) in enclaves protected by trusted hardware (such as Intel SGX). EnclaveDB has a small trusted computing base, which includes an in-memory storage and query engine, a transaction manager and pre-compiled stored procedures. A key component of EnclaveDB is an efficient protocol for checking integrity and freshness of the database log. The protocol supports concurrent, asynchronous appends and truncation, and requires minimal synchronization between threads. Our experiments using standard database benchmarks and a performance model that simulates large enclaves show that EnclaveDB achieves strong security with low overhead (up to 40% for TPC-C) compared to an industry strength in-memory database engine. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1109/SP.2018.00025 | 2018 IEEE Symposium on Security and Privacy (SP) |
Keywords | Field | DocType |
database,security,enclave,integrity,in memory,sgx | Stored procedure,Computer science,Hypervisor,Transaction log,Database engine,Database administrator,Trusted computing base,Distributed transaction,Database,Cloud computing | Conference |
ISSN | ISBN | Citations |
1081-6011 | 978-1-5386-4354-9 | 16 |
PageRank | References | Authors |
0.56 | 29 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Christian Priebe | 1 | 117 | 5.07 |
Kapil Vaswani | 2 | 685 | 30.29 |
Manuel Costa | 3 | 1589 | 88.62 |