Security, particularly data privacy, is one of the biggest barriers to the adoption of Database-as-a-Service (DBaaS) in Cloud Computing. Recent security breaches demonstrate that a more powerful protection mechanism is needed to protect data confidentiality from any honest-but-curious administrator. Typical prior effort on addressing this security problem is either prohibitively slow or highly restrictive in operation. ududIn this thesis, a novel cloud system architecture CypherDB, which makes use of a secure processor, is proposed to protect the confidentiality of outsourced database processing. To achieve this, a framework is developed to use these secure processors in the cloud for secure database processing. This framework allows distributed and parallel processing of the encrypted data and exhibits virtualization features in Cloud Computing. The CypherDB architecture also relies on two major components to protect the privacy of an outsourced database against any honest-but-curious administrator of high performance.ududFirstly, a novel database encryption scheme is developed to protect the outsourced database which can be executed under a CypherDB secure processor with high performance. Our proposed scheme makes use of custom instructions to hide the encryption latency from the program execution. This scheme is extensively validated through an integration with SQLite, a practical database application program.ududSecondly, a novel secure processor architecture is also developed to provide architectural support to our proposed database encryption scheme and efficient protection mechanism to secure all intermediate data generated on-the-fly during query execution. The efficiency, robustness and the cost of our novel processor architecture are validated and evaluated through extensive simulations and implementation on a FPGA platform.ududA fully-functional Field-Programmable Gate Array (FPGA) implementation of our CypherDB secure processor and simulation studies demonstrate that our proposed architecture is cost-effective and of high performance. Our experiment of running the TPC-H database benchmark on SQLite demonstrates 10 to 14 percent performance overhead on average. The security components in CypherDB consume about 21K Logic Elements and 54 Block RAMs on the FPGA. The modification of SQLite only consists of 208 lines of code (LOC).
展开▼
机译:安全性,特别是数据隐私性,是在云计算中采用数据库即服务(DBaaS)的最大障碍之一。最近的安全漏洞表明,需要一种更强大的保护机制来保护数据机密不受任何诚实但好奇的管理员的侵害。解决该安全性问题的典型的先验工作在操作上是缓慢地或严格地限制。 ud ud在本文中,提出了一种使用安全处理器的新型云系统架构CypherDB,以保护外包数据库处理的机密性。为实现此目的,开发了一个框架,以将这些安全处理器用于云中以进行安全的数据库处理。该框架允许对加密数据进行分布式和并行处理,并在云计算中展现虚拟化功能。 CypherDB体系结构还依靠两个主要组件来保护外包数据库的私密性,以防任何诚实但又好奇的高性能管理员。 ud ud首先,开发了一种新颖的数据库加密方案来保护可以执行的外包数据库高性能的CypherDB安全处理器下。我们提出的方案利用定制指令来隐藏程序执行过程中的加密延迟。通过与实用的数据库应用程序SQLite集成,此方案得到了广泛的验证。 ud ud其次,还开发了一种新颖的安全处理器体系结构,以为我们建议的数据库加密方案和有效的保护机制提供体系结构支持,以保护生成的所有中间数据在查询执行过程中即时进行。通过广泛的仿真和在FPGA平台上的实现,可以验证和评估我们新颖的处理器架构的效率,健壮性和成本。 ud udCypherDB安全处理器和仿真研究的全功能现场可编程门阵列(FPGA)实现证明我们提出的体系结构具有成本效益和高性能。我们在SQLite上运行TPC-H数据库基准测试的实验表明,平均性能开销为10%到14%。 CypherDB中的安全组件在FPGA上消耗约21K逻辑元素和54个Block RAM。 SQLite的修改仅包含208行代码(LOC)。
展开▼
