One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen.
The desired functionality includes: (1) storing encrypted data, (2) issuing encrypted queries and getting back encrypted results, (3) enabling automated migration of database applications to the cloud.
The problem is challenging because encryption masks the data whereas query processing needs to “look inside” the data. Our goal is to support all sophisticated features of a DBMS such as complex queries, indexes, transactions and stored procedures while maintaining strong security. We address the above challenge in two ways.
1. In a classic client-server architecture such as SQL Azure, we push as much computation as allowed by the data encryption to the server. The remainder is evaluated in the client. Our goal is to build tools to automate this partitioning for database applications.
2. In addition we consider an architecture where we modify SQL Server to incorporate trusted hardware. Trusted hardware devices are already widely used for security, for example, smart cards for secure authentication and secure co-processors in ATMs. Our goal is to deploy reconfigurable trusted hardware for data processing in the cloud and efficiently integrate it with the SQL Server engine.
Overall, our project studies the following broad issues: (1) security and efficiency of processing encrypted data (2) designing trusted hardware using programmable hardware and (3) leveraging static analysis techniques to automate migration of database applications.
- Kapil Vaswani, Ravi Ramamurthy, and Ramarathnam Venkatesan, Information Flows in Encrypted Databases, https://arxiv.org/, May 2016.
- panagiotis antonopoulos, arvind arasu, kedar dubhashi, ken eguro, joachim hammer, raghav kaushik, donald kossmann, bala neerumalla, ravi ramamurthy, and Jakub Szymaszek, Towards Database Confidentiality a la Carte with Secure Hardware, no. MSR-TR-2016-9, February 2016.
- Arvind Arasu, Ken Eguro, Manas Joglekar, Raghav Kaushik, Donald Kossmann, and Ravi Ramamurthy, Transaction Processing on Confidential Data using Cipherbase, in 31st IEEE International Conference on Data Engineering (ICDE), April 2015.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, When is an Encrypted Database Secure?, no. MSR-TR-2014-133, September 2014.
- Arvind Arasu, Ken Eguro, Manas Joglekar, Raghav Kaushik, Donald Kossmann, and Ravi Ramamurthy, Transaction Processing on Confidential Data using Cipherbase, no. MSR-TR-2014-106, August 2014.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, Querying Encrypted Data (Tutorial), in 2014 ACM SIGMOD Conference, June 2014.
- Arvind Arasu and Raghav Kaushik, Oblivious Query Processing, in 17th International Conference on Database Theory (ICDT), March 2014.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramarathnam Venkatesan, A Secure Coprocessor for Database Applications, in 23rd International Conference on Field Programmable Logic and Applications (FPL), September 2013.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, Querying Encrypted Data (Tutorial), in 29th International Conference on Data Engineering (ICDE), , April 2013.
- Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan, Orthogonal Security With Cipherbase, in 6th Biennial Conference on Innovative Data Systems Research (CIDR'13), , 8 January 2013.