Information Flows in Encrypted Databases
This addresses confidentiality issues for users of encrypted databases, though it is incremental in improving security against information flows.
The paper tackles the problem of sensitive data leakage during query processing in encrypted databases, proposing SecureSQL to prevent information flows with low overhead (<30%) for explicit flows but higher costs for implicit flows.
In encrypted databases, sensitive data is protected from an untrusted server by encrypting columns using partially homomorphic encryption schemes, and storing encryption keys in a trusted client. However, encrypting columns and protecting encryption keys does not ensure confidentiality - sensitive data can leak during query processing due to information flows through the trusted client. In this paper, we propose SecureSQL, an encrypted database that partitions query processing between an untrusted server and a trusted client while ensuring the absence of information flows. Our evaluation based on OLTP benchmarks suggests that SecureSQL can protect against explicit flows with low overheads (< 30%). However, protecting against implicit flows can be expensive because it precludes the use of key databases optimizations and introduces additional round trips between client and server.