One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen.
The desired functionality includes: (1) storing encrypted data, (2) issuing encrypted queries and getting back encrypted results. Our goal is to support all sophisticated features of a DBMS such as complex queries, indexes, transactions and stored procedures while maintaining strong security, (3) enabling automated migration of database applications to the cloud.
The problem is challenging because encryption masks the data whereas query processing needs to “look inside” the data. We address the above challenge in two ways.
1. We modify SQL Server to incorporate trusted hardware. Trusted hardware devices are already widely used for security, for example, smart cards for secure authentication and secure co-processors in ATMs. Our goal is to deploy reconfigurable trusted hardware for data processing and efficiently integrate it with the SQL Server engine.
2. In the classic client-server architecture, we push as much computation as allowed by the data encryption to the server. The remainder is evaluated in the client. Our goal is build tools is to automate this partitioning for database applications.
Overall, our project studies the following broad issues: (1) security and efficiency of processing encrypted data (2) designing trusted hardware using programmable hardware and (3) leveraging static analysis techniques to automate migration of database applications.
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy, Querying Encrypted Data (Tutorial), in ICDE, , April 2013
- Arvind Arasu, Spyros Blanas, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, and Ramaratnam Venkatesan, Orthogonal Security With Cipherbase, in 6th Biennial Conference on Innovative Data Systems Research (CIDR'13), , 8 January 2013
- Mr.XEtAl, Secure HPTS requires Secure Hardware, 2013
- Ken Eguro, Kaushik Rajan, Ravi Ramamurthy, Kapil Vaswani, and Ramarathnam Venkatesan, Migration to the Cloud Made Safe and Secure, in Off the Beaten Track (OBT) Workshop, ACM, January 2013
- Arvind Arasu, Spyros Blanas, Manas Joglekar, Ken Eguro, Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy, Prasang Upadhyaya, and Ramarathnam Venkatesan, Engineering Performance and Security with Cipherbase, in Data Engineering Bulletin, IEEE, December 2012
- Ken Eguro and Ramarathnam Venkatesan, FPGAs for Trusted Cloud Computing, in International Conference on Field-Programmable Logic and Applications, IEEE, August 2012
