1 / 21

Orthogonal Security With Cipherbase

Orthogonal Security With Cipherbase. Raghav Kaushik 1. Arvind Arasu 1. Spyros Blanas 2. Ken Eguro 1. 1 Microsoft Research 2 UW-Madison 3 ETH-Zurich. Donald Kossmann 3. Ravi Ramamurthy 1. Venkie Ramarathnam 1. Problem: Data Confidentiality. Untrusted Server. Trusted Client.

trudy
Download Presentation

Orthogonal Security With Cipherbase

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Orthogonal Security With Cipherbase Raghav Kaushik1 Arvind Arasu1 Spyros Blanas2 Ken Eguro1 1Microsoft Research 2UW-Madison 3ETH-Zurich Donald Kossmann3 Ravi Ramamurthy1 Venkie Ramarathnam1

  2. Problem: Data Confidentiality Untrusted Server Trusted Client DBMS DBMS Key Data EncryptedData • Cloud Admin • Super-user with console access

  3. Computation Directly On Encrypted Data Untrusted Server Trusted Client DBMS Equality Deterministic Encryption Strong Encryption (Non-Deterministic) Paillier encryption: summation Order-preserving encryption: range

  4. Limitations • Incomplete • SUM(L_EXTENDEDPRICE*(1-L_DISCOUNT)*(1+L_TAX)) • Brittle • E.g.: Cannot combine addition and range • O_SHIPDATE > O_ORDERDATE + 30 days • Full functionality  Store in the clear

  5. Goal: Orthogonal Security • Full functionality in the serverindependent of the data encryption • SQL • Transactions • Physical Structures Orthogonality • App logic completely decoupled from encryption • Clients declare what columns are to be encrypted and how • System is functional without any change in app code

  6. Overall Workflow Untrusted Server Trusted Client SQL App Encrypted Query String/Plan SELECT * FROM Patient WHERE Disease = ‘Flu’ SELECT * FROM Patient WHERE Disease = ‘$bG’ DBMS Client Extension Encrypted Result Key, metadata

  7. The Case For Trusted Hardware Leads to orthogonality TM (Trusted Machine) UM (Untrusted Machine) Trusted Hardware DBMS (Commodity H/W) key sum(l_extendedprice*(1-l_discount) *(1+l_tax))) Disease = ‘Flu’ Inaccessible

  8. TMDesign • Secure Co-processor • Designed for low-performance apps such as ATMs • Our choice: FPGA • Used for security-sensitive applications • Well-established applicability for data-intensive applications • Connected to UM by PCI express

  9. Design Choice 1:Encryption, Decryption(Industry state of art) UM (Untrusted Machine) Keep data encrypted across the stack DBMS (Commodity H/W) SQL Server Buffer Pool TM (Trusted Machine) Encryption, Decryption key Leaks everything

  10. Design Choice 2: All Processing In TM Commodity Server Resource-constrained Security: Encrypt across the stack UM (Untrusted Machine) TM (Trusted Machine) DBMS For Clear-Text Columns DBMS For Encrypted Columns PCI Express key Data Goal: Reduce TM footprint TrustedDB [Bajaj et al., SIGMOD 2011]

  11. Cipherbase: Hardware Software Co-Design Security: Encrypt across the stack UM TM SQL Server (Buffer Pool, Indexes, Transactions, Query Processor, Query Optimizer, …) Expression Evaluation (Stack Machine) key DB

  12. Example App SELECT C_Custkey, SUM(O_totalprice) as Revenue FROM Customer, Order WHERE C_Custkey = O_Custkey and C_Nationkey = ‘Nation5’ and O_Orderdate > ‘2012-1-1’ GROUP BY C_Custkey SQL Client Extension Key, metadata Trusted Client

  13. Example Untrusted Server Trusted Client App O_Orderdate>y C_Nationkey=x DBMS Client Extension Key, metadata

  14. Example Inter query memory governance Admission control Dec(C_Custkey1)>Dec(C_Custkey2) Enc(Dec(O_totalprice) + Dec(currentSum)) Memory Mgmt Spooling Specifics of join/sort algorithm Hash(Dec(C_Custkey)) Hash(Dec(O_Custkey)) Dec(O_Custkey)=Dec(C_Custkey) O_Orderdate>y C_Nationkey=x Dec(O_Orderdate)>Dec(y) Dec(C_Nationkey)=Dec(x) Data-flow (GetNext calls) Most processing happens in UM Storage engine (buffer pool, locking)

  15. Challenges Commodity Server Resource-Constrained • Performance: • Revisit whole stack (physical structures, QP, QO) • Batch requests to TM • FPGA parallelism • Space: • Multi-row/multi-column encryption TM UM PCI Express key

  16. Query Optimization Stack code

  17. Query Optimization Stack code

  18. Security • Encryption across stack does NOT imply no information leakage • Access patterns leak information • Sort leaks ordering True/False TM Sort Record 1 < Record 2 Cipherbase Leak some information No Encryption Leak everything Client Leak no information Similar to CryptDB [SOSP,2011]

  19. Higher Security • Information leakage can be controlled • Insight: full scans naturally have fixed access patterns • Our contribution: • Full SQL using scan-based plans • Reveals only intermediate result sizes • Indexing is an open problem • Putting it together • Single system with “diallable” column-level knobs • “One size does not fit all” – separate solution for analytical workloads

  20. Status • Implementation status • FPGA Manager integrated with SQL Server • Expression evaluation modified to use FPGA • FPGA supports stack machine • Preliminary implementation of indexing and query optimizer • Runs debit-credit benchmark • Warm buffer pool: security overhead is 50% • Clear-text TPS: ~12000 • Encrypted TPS: ~8000

  21. Questions?

More Related