One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen.
The desired functionality includes: (1) storing encrypted data, (2) issuing encrypted queries and getting back encrypted results, (3) enabling automated migration of database applications to the cloud.
The problem is challenging because encryption masks the data whereas query processing needs to “look inside” the data. Our goal is to support all sophisticated features of a DBMS such as complex queries, indexes, transactions and stored procedures while maintaining strong security. We address the above challenge in two ways.
1. In a classic client-server architecture such as SQL Azure, we push as much computation as allowed by the data encryption to the server. The remainder is evaluated in the client. Our goal is to build tools to automate this partitioning for database applications.
2. In addition we consider an architecture where we modify SQL Server to incorporate trusted hardware. Trusted hardware devices are already widely used for security, for example, smart cards for secure authentication and secure co-processors in ATMs. Our goal is to deploy reconfigurable trusted hardware for data processing in the cloud and efficiently integrate it with the SQL Server engine.
Overall, our project studies the following broad issues: (1) security and efficiency of processing encrypted data (2) designing trusted hardware using programmable hardware and (3) leveraging static analysis techniques to automate migration of database applications.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, When is an Encrypted Database Secure?, no. MSR-TR-2014-133, September 2014
- Arvind Arasu, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramarathnam Venkatesan, A Secure Coprocessor for Database Applications, in IEEE International Conference on Field Programmable Logic and Applications (FPL), September 2013
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, Querying Encrypted Data (Tutorial), in ICDE, , April 2013
- Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan, Orthogonal Security With Cipherbase, in 6th Biennial Conference on Innovative Data Systems Research (CIDR'13), , 8 January 2013
- Mr.XEtAl, Secure HPTS requires Secure Hardware, 2013
- Ken Eguro, Kaushik Rajan, Ravi Ramamurthy, Kapil Vaswani, and Ramarathnam Venkatesan, Migration to the Cloud Made Safe and Secure, in Off the Beaten Track (OBT) Workshop, ACM, January 2013
- Arvind Arasu, Spyros Blanas, Manas Joglekar, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, Prasang Upadhyaya, and Ramarathnam Venkatesan, Engineering Performance and Security with Cipherbase, in Data Engineering Bulletin, IEEE, December 2012
- Ken Eguro and Ramarathnam Venkatesan, FPGAs for Trusted Cloud Computing, in International Conference on Field-Programmable Logic and Applications, IEEE, August 2012