StealthDB: a Scalable Encrypted Database with Full SQL Query Support
share
Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms usually result in high performance overheads (e.g., public-key encryptions, garbled circuits), while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around their specific architectural limitations. In this work we build StealthDB -- an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large datasets, requires no DBMS changes, and provides strong security guarantees at steady state and during query execution.
READ FULL TEXT