Inout Secure DB: Maximizing Security for Data INside and OUTside the Database

Luiz Gomes-Jr, Isabella Mika Taninaka, Marcelo Rosa, Keiko Fonseca, Daniel Enrique Lucani Rötter

Research output: Contribution to journal/Conference contribution in journal/Contribution to newspaperJournal articleResearchpeer-review

Abstract

As cloud services are becoming an alternative for internal IT infrastructures in many organizations, guarantees of data privacy become a priority. This article presents a secure database system that takes privacy as a design principle. The proposed system offers improved privacy guarantees for data in primary and secondary memory as well as for data that is served to users as results of SQL queries. Data in working memory is protected using Intel’s SGX platform for trusted execution, while data in secondary memory uses network coding for secure storage. SGX provides hardware-based processing privacy offering protection for a wide range of sophisticated attacks. Network coding provides inter and intra-cloud privacy for stored data (by means of a storage provided by Chocolate Cloud). For privacy of data served to the outside world, we propose a flexible role-based access control mechanism that anonymizes data at query-time. We have implemented a modular, multi-service architecture that is well suited to the advantages and limitations of the SGX platform. We present the architecture of the system, its components and performance evaluation.
Original languageEnglish
JournalJournal of Data and Information Science
Volume10
Issue1
Pages (from-to)3-15
ISSN2096-157X
Publication statusPublished - Jun 2019
Externally publishedYes

Fingerprint

Dive into the research topics of 'Inout Secure DB: Maximizing Security for Data INside and OUTside the Database'. Together they form a unique fingerprint.

Cite this