EncDBDB: Searchable Encrypted, Fast, Compressed, In-Memory Database using Enclaves
This work addresses data security for clients outsourcing databases to the cloud, offering a practical solution with incremental improvements in efficiency and security for read-oriented analytic queries.
The authors tackled the problem of data confidentiality in outsourced column-oriented in-memory databases by developing EncDBDB, a system using Intel SGX enclaves for encryption that supports range searches with computational overhead under a millisecond for millions of entries and reduces storage space compared to plaintext.
Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient, hardware-based solution to this cryptographic problem. Existing solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries, e.g., as present in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, the resulting code - and data - in the enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.