Inout Secure DB: Maximizing Security for Data INside and OUTside the Database

Publikation: Bidrag til tidsskrift/Konferencebidrag i tidsskrift /Bidrag til avisTidsskriftartikelForskningpeer review

  • Luiz Gomes-Jr, Universidade Tecnologica Federal do Parana, Brasilien
  • Isabella Mika Taninaka, Universidade Tecnologica Federal do Parana, Brasilien
  • Marcelo Rosa, Universidade Tecnologica Federal do Parana, Brasilien
  • Keiko Fonseca, Universidade Tecnologica Federal do Parana, Brasilien
  • Daniel Enrique Lucani Rötter
As cloud services are becoming an alternative for internal IT infrastructures in many organizations, guarantees of data privacy become a priority. This article presents a secure database system that takes privacy as a design principle. The proposed system offers improved privacy guarantees for data in primary and secondary memory as well as for data that is served to users as results of SQL queries. Data in working memory is protected using Intel’s SGX platform for trusted execution, while data in secondary memory uses network coding for secure storage. SGX provides hardware-based processing privacy offering protection for a wide range of sophisticated attacks. Network coding provides inter and intra-cloud privacy for stored data (by means of a storage provided by Chocolate Cloud). For privacy of data served to the outside world, we propose a flexible role-based access control mechanism that anonymizes data at query-time. We have implemented a modular, multi-service architecture that is well suited to the advantages and limitations of the SGX platform. We present the architecture of the system, its components and performance evaluation.
OriginalsprogEngelsk
TidsskriftJournal of Data and Information Science
Vol/bind10
Nummer1
Sider (fra-til)3-15
ISSN2096-157X
StatusUdgivet - jun. 2019
Eksternt udgivetJa

Se relationer på Aarhus Universitet Citationsformater

Projekter

ID: 170669174