Inout Secure DB: Maximizing Security for Data INside and OUTside the Database
AbstractAs cloud services are becoming an alternative for IT infrastructures in many organizations, guarantees of data privacy become a priority. This article presents a secure database system that takes privacy as a design principle. The proposed system offers improved privacy guarantees for data in primary and secondary memory as well as for data that is served to users as results of SQL queries. Data in working memory is protected using Intel’s SGX platform for trusted execution, while data in secondary memory uses network coding for secure storage. SGX provides hardware- based processing privacy offering protection for a wide range of sophisticated attacks. Network coding provides inter and intra-cloud privacy for stored data (by means of a storage provided by Chocolate Cloud). For privacy of data served to the outside world, we propose a flexible role-based access control mechanism that anonymizes data at query-time. We have implemented a modular, multi-service architecture that is well suited to the advantages and limitations of the SGX platform. We present the architecture of the system, its components and performance evaluation.