EnclaveDB uses SGX security properties to secure database operations.
Why
- The cloud database is continuously attacked by malicious entities, resulting in frequent data leakage.
- Semantic security encryption provides protection for data in static and transit, but the program can still decrypt ciphertext in memory during database query.
- Attribute retention encryption allows query processing of encrypted data, but query capabilities are limited and information leakage is prone to occur.
How
- In-memory database with enclaves to provide strong security properties.
- combination of encryption -> confidentiality
- native compilation -> integrity
- scalable protocol -> checking integrity and freshness
- Small TCB (trusted computing base) - Over 100X smaller than a conventional database server.
What
SGX-based secure cloud database ensures security while dramatically reducing system overhead
Some Details
- Compare the key differences between EnclaveDB and traditional SQL database to propose four optimizations
- Experiment with CPU usage, memory and disk throughput under four conditions (the operating conditions are gradually approaching the actual use of EnclaveDB).
- BASE: Hekaton running outside the enclave
- CRYPT: EnclaveDB running in simulated enclave mode
- CRYPT-CALL: adds context switching costs to CRYPT
- CRYPT-CALL-MEM: increases the cost of memory encryption to CRYPT-CALL.