230 likes | 416 Views
Orthogonal Security With Cipherbase. Raghav Kaushik 1. Arvind Arasu 1. Spyros Blanas 2. Ken Eguro 1. 1 Microsoft Research 2 UW-Madison 3 ETH-Zurich. Donald Kossmann 3. Ravi Ramamurthy 1. Venkie Ramarathnam 1. Problem: Data Confidentiality. Untrusted Server. Trusted Client.
E N D
Orthogonal Security With Cipherbase Raghav Kaushik1 Arvind Arasu1 Spyros Blanas2 Ken Eguro1 1Microsoft Research 2UW-Madison 3ETH-Zurich Donald Kossmann3 Ravi Ramamurthy1 Venkie Ramarathnam1
Problem: Data Confidentiality Untrusted Server Trusted Client DBMS DBMS Key Data EncryptedData • Cloud Admin • Super-user with console access
Computation Directly On Encrypted Data Untrusted Server Trusted Client DBMS Equality Deterministic Encryption Strong Encryption (Non-Deterministic) Paillier encryption: summation Order-preserving encryption: range
Limitations • Incomplete • SUM(L_EXTENDEDPRICE*(1-L_DISCOUNT)*(1+L_TAX)) • Brittle • E.g.: Cannot combine addition and range • O_SHIPDATE > O_ORDERDATE + 30 days • Full functionality Store in the clear
Goal: Orthogonal Security • Full functionality in the serverindependent of the data encryption • SQL • Transactions • Physical Structures Orthogonality • App logic completely decoupled from encryption • Clients declare what columns are to be encrypted and how • System is functional without any change in app code
Overall Workflow Untrusted Server Trusted Client SQL App Encrypted Query String/Plan SELECT * FROM Patient WHERE Disease = ‘Flu’ SELECT * FROM Patient WHERE Disease = ‘$bG’ DBMS Client Extension Encrypted Result Key, metadata
The Case For Trusted Hardware Leads to orthogonality TM (Trusted Machine) UM (Untrusted Machine) Trusted Hardware DBMS (Commodity H/W) key sum(l_extendedprice*(1-l_discount) *(1+l_tax))) Disease = ‘Flu’ Inaccessible
TMDesign • Secure Co-processor • Designed for low-performance apps such as ATMs • Our choice: FPGA • Used for security-sensitive applications • Well-established applicability for data-intensive applications • Connected to UM by PCI express
Design Choice 1:Encryption, Decryption(Industry state of art) UM (Untrusted Machine) Keep data encrypted across the stack DBMS (Commodity H/W) SQL Server Buffer Pool TM (Trusted Machine) Encryption, Decryption key Leaks everything
Design Choice 2: All Processing In TM Commodity Server Resource-constrained Security: Encrypt across the stack UM (Untrusted Machine) TM (Trusted Machine) DBMS For Clear-Text Columns DBMS For Encrypted Columns PCI Express key Data Goal: Reduce TM footprint TrustedDB [Bajaj et al., SIGMOD 2011]
Cipherbase: Hardware Software Co-Design Security: Encrypt across the stack UM TM SQL Server (Buffer Pool, Indexes, Transactions, Query Processor, Query Optimizer, …) Expression Evaluation (Stack Machine) key DB
Example App SELECT C_Custkey, SUM(O_totalprice) as Revenue FROM Customer, Order WHERE C_Custkey = O_Custkey and C_Nationkey = ‘Nation5’ and O_Orderdate > ‘2012-1-1’ GROUP BY C_Custkey SQL Client Extension Key, metadata Trusted Client
Example Untrusted Server Trusted Client App O_Orderdate>y C_Nationkey=x DBMS Client Extension Key, metadata
Example Inter query memory governance Admission control Dec(C_Custkey1)>Dec(C_Custkey2) Enc(Dec(O_totalprice) + Dec(currentSum)) Memory Mgmt Spooling Specifics of join/sort algorithm Hash(Dec(C_Custkey)) Hash(Dec(O_Custkey)) Dec(O_Custkey)=Dec(C_Custkey) O_Orderdate>y C_Nationkey=x Dec(O_Orderdate)>Dec(y) Dec(C_Nationkey)=Dec(x) Data-flow (GetNext calls) Most processing happens in UM Storage engine (buffer pool, locking)
Challenges Commodity Server Resource-Constrained • Performance: • Revisit whole stack (physical structures, QP, QO) • Batch requests to TM • FPGA parallelism • Space: • Multi-row/multi-column encryption TM UM PCI Express key
Query Optimization Stack code
Query Optimization Stack code
Security • Encryption across stack does NOT imply no information leakage • Access patterns leak information • Sort leaks ordering True/False TM Sort Record 1 < Record 2 Cipherbase Leak some information No Encryption Leak everything Client Leak no information Similar to CryptDB [SOSP,2011]
Higher Security • Information leakage can be controlled • Insight: full scans naturally have fixed access patterns • Our contribution: • Full SQL using scan-based plans • Reveals only intermediate result sizes • Indexing is an open problem • Putting it together • Single system with “diallable” column-level knobs • “One size does not fit all” – separate solution for analytical workloads
Status • Implementation status • FPGA Manager integrated with SQL Server • Expression evaluation modified to use FPGA • FPGA supports stack machine • Preliminary implementation of indexing and query optimizer • Runs debit-credit benchmark • Warm buffer pool: security overhead is 50% • Clear-text TPS: ~12000 • Encrypted TPS: ~8000