The Community for Technology Leaders
2018 IEEE Symposium on Security and Privacy (SP) (2018)
San Francisco, CA, US
May 21, 2018 to May 23, 2018
ISSN: 2375-1207
ISBN: 978-1-5386-4353-2
pp: 405-419
Christian Priebe , Imperial College London
Kapil Vaswani , Microsoft Research
Manuel Costa , Microsoft Research
ABSTRACT
We propose EnclaveDB, a database engine that guarantees confidentiality, integrity, and freshness for data and queries. EnclaveDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when the database runs in an untrusted host in the cloud. EnclaveDB achieves this by placing sensitive data (tables, indexes and other metadata) in enclaves protected by trusted hardware (such as Intel SGX). EnclaveDB has a small trusted computing base, which includes an in-memory storage and query engine, a transaction manager and pre-compiled stored procedures. A key component of EnclaveDB is an efficient protocol for checking integrity and freshness of the database log. The protocol supports concurrent, asynchronous appends and truncation, and requires minimal synchronization between threads. Our experiments using standard database benchmarks and a performance model that simulates large enclaves show that EnclaveDB achieves strong security with low overhead (up to 40% for TPC-C) compared to an industry strength in-memory database engine.
INDEX TERMS
database, security, enclave, integrity, in-memory, sgx
CITATION

C. Priebe, K. Vaswani and M. Costa, "EnclaveDB: A Secure Database using SGX," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, US, , pp. 405-419.
doi:10.1109/SP.2018.00025
332 ms
(Ver 3.3 (11022016))