Cipherbase = Encrypt(Database)

One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen.

The desired functionality includes: (1) storing encrypted data, (2) issuing encrypted queries and getting back encrypted results, (3) enabling automated migration of database applications to the cloud.

The problem is challenging because encryption masks the data whereas query processing needs to “look inside” the data. Our goal is to support all sophisticated features of a DBMS such as complex queries, indexes, transactions and stored procedures while maintaining strong security. We address the above challenge in two ways.

1. In a classic client-server architecture such as SQL Azure, we push as much computation as allowed by the data encryption to the server. The remainder is evaluated in the client. Our goal is to build tools to automate this partitioning for database applications.

2. In addition we consider an architecture where we modify SQL Server to incorporate trusted hardware. Trusted hardware devices are already widely used for security, for example, smart cards for secure authentication and secure co-processors in ATMs. Our goal is to deploy reconfigurable trusted hardware for data processing in the cloud and efficiently integrate it with the SQL Server engine.

Overall, our project studies the following broad issues: (1) security and efficiency of processing encrypted data (2) designing trusted hardware using programmable hardware and (3) leveraging static analysis techniques to automate migration of database applications.

 

Publications